October 18, 2023 at 04:13AM
Microsoft resolved an issue where admins were receiving an excessive number of blind carbon copies (BCC) of outbound emails flagged as spam. The problem caused legitimate emails sent to external addresses to be marked as spam. Microsoft disabled the rule causing the problem and confirmed that it has been resolved. Admins can disable the “Send a copy of suspicious outbound” setting to prevent future issues. In addition, admins should check the blocked senders list and reinstate any users affected by the false-positive spam issue.
Based on the meeting notes, here are the key takeaways:
1. Microsoft 365 admins were receiving an unusually high number of blind carbon copies (BCC) of outbound emails flagged as spam.
2. This issue, tracked as EX682041, affected Exchange Online users globally and resulted in legitimate emails being mistakenly labeled as spam.
3. Microsoft disabled a rule change causing the problem and began to see recovery.
4. The anti-spam issues started around 09:40 AM PDT and were resolved within approximately 14 hours.
5. During the mitigation process, the emails incorrectly marked as spam were also removed from quarantine.
6. The problem primarily affected admins who receive copies of potential outbound spam or high-risk delivery mail.
7. Reprocessing efforts might have resulted in temporary secondary streams of inbound duplicate notification messages for admins, but these duplicates did not indicate actual re-delivery of email messages.
8. Microsoft has confirmed that the issue has been resolved.
9. Admins can disable the “Send a copy of suspicious outbound” setting in the default outbound spam policy to prevent their mailbox from being filled with BCC spam. The process involves accessing the security settings at https://ift.tt/DcyfVvM, selecting the Anti-Spam outbound policy (Default), unchecking “Send a copy of suspicious outbound messages,” and saving the changes.
10. Admins should also check if any users were added to the blocked senders list due to the false-positive issue and reinstate them if required.
11. Most users should have their restrictions removed within one hour, although technical issues may cause longer wait times, but it should not exceed 24 hours according to Microsoft.
These takeaways summarize the issue, its impact, the resolution steps, and the expected timelines for addressing related concerns.