Microsoft responded to an issue caused by a faulty anti-spam rule that triggered a flood of outbound emails mistakenly flagged as spam to Microsoft 365 admins’ inboxes. The problem, tracked as EX682041, affected Exchange Online users globally, marking all external emails as spam. This incident began around 09:40 AM PDT and took approximately 14 hours for Microsoft to resolve.
During the mitigation process, emails incorrectly labeled as spam were cleared from quarantine in affected tenants, and Microsoft provided guidance for admins to prevent similar issues in the future by disabling the “Send a copy of suspicious outbound” setting in the default outbound spam policy.
Admins can take steps to avoid another influx of mislabeled spam emails in their inboxes by adjusting the default outbound spam policy settings in Microsoft 365. Microsoft advises administrators to uncheck the “Send a copy of suspicious outbound messages” option in the Anti-Spam outbound policy.
While the false-positive spam messages were removed from quarantine, administrators should also ensure that no users were added to the blocked senders list due to the anti-spam issue. Users blocked because of the false-positive incident can be reinstated through the Restricted entities page in the Microsoft 365 Defender portal, typically within one hour, though transient technical issues could cause longer delays.
This incident underscores the importance of managing and fine-tuning anti-spam rules to avoid potential disruptions in email communication, especially for administrators handling sensitive correspondence in Microsoft 365. Microsoft acted quickly to address and resolve the issue, emphasizing the significance of proactive measures to prevent similar incidents in the future.
