Anyone else seeing M365 SMTP Relay (IP Connector) hitting SCL:8 / High Confidence Spam as of yesterday? (April 15)

Posted by Sufficient_Gain3473@reddit | sysadmin | View on Reddit | 6 comments

Hey everyone,

Woke up to multiple clients reporting that scan-to-email has stopped working as of yesterday. We use Direct Send via an MX record and an IP-based Inbound Connector in 365 and multiple customers scans we're hitting quarantine in 365.

Headers are showing messages being flagged as High Confidence Spam (SCL:8) with the category CAT:HSPM. The diagnostic info specifically shows IPV:NLI (IP Not on List).

The SPF is passing, and no changes were made on the printer or firewall side. It seems like Microsoft has dialled up the EOP heuristics for unauthenticated relay traffic, possibly linked to the High Volume Email (HVE) GA that happened a couple of weeks ago. Could be totally wrong though.

We've got a project to switch customers over to SMTP2GO which most of our customers are on, but some customers are still using 365 SMTP relay for their many printers.

Is anyone else seeing this behavior? Is Microsoft finally killing off the reputation of the IP-connector method?

Thanks guys!