scan to email now lands in junk mail folder
Posted by Accomplished_Sir_660@reddit | sysadmin | View on Reddit | 27 comments
It was brought to my attention yesterday (I only part time) that scan to email was not working. Turns out they are now landing in outlooks junk mail folder. We are using 365 as our mail vendor but historically this was working. Although when 1st setup I had to tell each clients outlook that this was not junk and it landed in inbox as expected.
Yesterday I once again told outlook it was not junk but messages continue to land in junk mail folder, so I suspect something has changed with Microsoft.
Has anyone else had this problem?
Ikelley317@reddit
This is something my company handles and does very well. Can I message you to see if we can be an asset?
Accomplished_Sir_660@reddit (OP)
Not interested thx
djkretz@reddit
We had the same issue yesterday. I blamed it on Abnormal
Accomplished_Sir_660@reddit (OP)
Has it been resolved?
djkretz@reddit
Yes, I didn't deal with it but from what I hear some IP's had to be added to some whitelist
BOOZy1@reddit
Microsoft now requires working DKIM, SPF and DMARC if you relay through or send from an external service (or your office internet connection).
SPF and DMARC are easy but DKIM is a bit more work to setup.
Accomplished_Sir_660@reddit (OP)
How long has all three been required?
Accomplished_Sir_660@reddit (OP)
Maybe I do. I have the CNAME records...
lechango@reddit
you can't setup DKIM for direct-send, that's set on the sending side (your copiers won't do this).
Do you actually have a connector setup in EXO for your public IP with "retain internal exchange headers" selected? Direct-send will still work if you don't, but will likely end up in junk due to SPF/DKIM/DMARC failure.
Accomplished_Sir_660@reddit (OP)
Under connectors no. It says I don't need one.
lechango@reddit
You don't if you have the public IP your scanner is egressing out of on your domain's SPF record, but if you don't have a connector nor that IP on your SPF record then it's going to get junked. I'd recommend going the connector route, however if any of these scans are sending to external emails outside of your 365 tenant, you need both.
Accomplished_Sir_660@reddit (OP)
SPF record now has our domain listed (waiting for it to update). We never scan to email externally. Great gig here as there are only 10 pc's and 3 of those have empty seats and I only part time. :-) - I've had enough of that big corporate life.
lechango@reddit
wouldn't be the domain you need on your SPF record, but your public IP (and hopefully it's static, if it's DHCP and changes then not going to last long). Still, no harm in making the connector by IP.
Accomplished_Sir_660@reddit (OP)
i put my static in there, but when testing it said I needed a domain, so I changed it to domain. Its include: MS.com include: domain
It still give me syntax error when testing it.
I done left for the day I only work 9-3 tuesday - thursday. I be back tomorrow. Thanks!
BOOZy1@reddit
Officially 'High-Volume' senders (5k a day) need it since May 2025, but recently (like 2 months) I've seen that they've upped the spam score for everyone that's not using DKIM.
Accomplished_Sir_660@reddit (OP)
We low volume. Bet we don't do 5k in a month.
Reedy_Whisper_45@reddit
How is your scan to email configured?
I have ours going to an internal SMTP server, which passes it through our spam filter to 365. I could just use a direct connector, but I want to have everything pass through that spam filter.
If you have a direct connector, you might need SPF/DKIM setup for that connector.
Do the headers of the email give any hints?
Accomplished_Sir_660@reddit (OP)
direct connector
Reedy_Whisper_45@reddit
I'd look at DNS. It's always DNS.
Accomplished_Sir_660@reddit (OP)
Always! :-)
Able-Ambassador-921@reddit
Check out the SPF record for the sending domain. Even if it's being sent from the office to the office the office IP may need to be included in the SPF record.
Accomplished_Sir_660@reddit (OP)
This may be it. Only have Microsoft IP included. I will work to add and test. Why would it have been working and simply stop recently?
medium0rare@reddit
I’m speculating here, but there was a tsunami of spoof phishing emails over the last two weeks. Microsoft or the algorithm that runs MDO might be more sensitive to spoofs than it was at the beginning of the month.
Able-Ambassador-921@reddit
Do i have to say it? We are their beta testers. Look into the whole Direct Send fiasco. Now clients are complaining about random disconnects when using Outlook classic. What can i tell them. "Microsoft"
igiveupmakinganame@reddit
isn’t microsoft doing something with smtp or something. i keep reading about it in here
itishowitisanditbad@reddit
So, Sr. Sysadmin.
Typically when these sorts of issues arise, there is a standard smattering of things to look at and check.
Have you checked those things?
_l33ter_@reddit
I would have added: Show us everything you’ve done so far. :)