Microsoft recently encountered a problem (tracking as EX682041), associated with the antispam function in Microsoft 365, due to which administrators received many hidden copies of outgoing messages (Blind Carbon Copy, BCC), erroneously marked with spam. The incident affected Exchange Online users around the world, and in most cases all the letters sent to external addresses were noted as spam.
The problem was completely eliminated 14 hours after the appearance. The disadvantage in the antispam system led to the fact that copies of letters sent by other users of the organization to external addresses were received by administrators mailboxes. In response to numerous complaints of users, Microsoft announced the start of the investigation of the problem.
Based on the results of the audit, it was found that the cause of the current situation was the introduction of a new rules for filtering spam, which was subsequently disconnected. After that, the process of restoring the normal operation of the system began. Also, all erroneously marked messages were removed from quarantine on touched servers.
Microsoft notified the administrators of the possibility of disabling the function “Send a copy of the suspicious outgoing message” (“Send a Copy of Suspicius Outbound”) to prevent such incidents in the future.
The option is needed:
- Go to the page https://security.microsoft.com/antispam ;
- Select “Antispamic Policy (by default)” (“Anti-Spam Outbound Policy”);
- Remove the “Send a copy of the suspicious outgoing message” (Send a Copy of Suspicious Outbound);
- Press the “Save” button.
Administrators are also recommended to check whether any users were added to the list of blocked senders due to the erroneous operation of the Antispam system. If such users are discovered, they can be restored on the page