Marketing Campaign E-mail and Office365 - Check My Logic, Please

NetworkNerd

We recently moved from using AppRiver and a hosted Exchange 2007 platform to Office365 and its built-in spam filtering solution. Our Marketing department uses myemma.com to send e-mails about webinars, company events, and other communications, etc. to both clients and internal employees.

One of the pain points in times past has been having these messages get stuck in spam filters. Well, since myemma.com is sending messages on behalf of a specific domain, we tweaked our SPF record to include myemma.com per their online instructions. That should, from what I understand, tell other spam filters that this service is authorized to send e-mail messages from a specific domain that belongs to us.

These campaign e-mails are not sent from a [email protected] address but rather are sent out with a reply to address of someone on our internal team (depends on the nature of the communication as to who the communication will appear to be from).

I feel like we have the changes in place so that the messages from myemma.com should reach external recipients and not look like spoofed messages. But, when myemma.com is used to send a message from [email protected], for example, other users with e-mail addresses @domain.com either have the message either go straight to their Junk folder in Outlook / OWA or get stuck in the spam filter's quarantine. I can whitelist all e-mail addresses that might be used as reply-to addresses for myemma.com campaigns, but I don't want to have to do that.

Does anyone have suggestions on how I can get this working to reach both internal and external e-mail addresses? Am I thinking about it the right way? Any help is appreciated.

scottalanmiller

You mean when they send from MyEmma to your own domain?

NetworkNerd

@scottalanmiller said in Marketing Campaign E-mail and Office365 - Check My Logic, Please:

You mean when they send from MyEmma to your own domain?

Correct.

scottalanmiller

@NetworkNerd said in Marketing Campaign E-mail and Office365 - Check My Logic, Please:

@scottalanmiller said in Marketing Campaign E-mail and Office365 - Check My Logic, Please:

You mean when they send from MyEmma to your own domain?

Correct.

Then the SPF record isn't used, it's spoofed. It's that simple

scottalanmiller

Remember that your email server believes that IT is the email server for your domain. Then it gets email from someone else claiming to be it. SPF records be darned, it knows that it didn't just send that message.

NetworkNerd

Would adding users with internal e-mail addresses to Safe Senders allow the messages to come through the filter to internal recipients as expected? That's kind of like an individualized whitelist in the O365 world, right?

scottalanmiller

@NetworkNerd said in Marketing Campaign E-mail and Office365 - Check My Logic, Please:

Would adding users with internal e-mail addresses to Safe Senders allow the messages to come through the filter to internal recipients as expected? That's kind of like an individualized whitelist in the O365 world, right?

I would expect so, yes.

Reid Cooper

That makes sense, the email is coming as if it was from that server because it believes that it itself is the master of the domain.

Kelly

You can also create a transport rule that will bypass all the spam filtering heuristics and whatnot.

Mike Davis

@NetworkNerd said in Marketing Campaign E-mail and Office365 - Check My Logic, Please:

Would adding users with internal e-mail addresses to Safe Senders allow the messages to come through the filter to internal recipients as expected? That's kind of like an individualized whitelist in the O365 world, right?

I wouldn't do this. A lot of spammers put the from and to address the same for this reason. If you whitelist all your internal addresses, I would think you would get a lot of spam.

JaredBusch

@Kelly said in Marketing Campaign E-mail and Office365 - Check My Logic, Please:

You can also create a transport rule that will bypass all the spam filtering heuristics and whatnot.

Nothing gets around 100% of the rules from what I was reading on this two years ago.

JaredBusch

I would need to see the ehaders, but I send email from a postfix relay with a valid return on my Office 365 server to other Office 365 users all the time and nothing is junked.

The only thing I did was to add the WAN IP of the location with the Postfix server as a new connector trusted by IP.

NetworkNerd

@Mike-Davis said in Marketing Campaign E-mail and Office365 - Check My Logic, Please:

@NetworkNerd said in Marketing Campaign E-mail and Office365 - Check My Logic, Please:

Would adding users with internal e-mail addresses to Safe Senders allow the messages to come through the filter to internal recipients as expected? That's kind of like an individualized whitelist in the O365 world, right?

I wouldn't do this. A lot of spammers put the from and to address the same for this reason. If you whitelist all your internal addresses, I would think you would get a lot of spam.

I agree this is not a good way to go and that the chances for spam go way up. In this case we're talking about 10 different internal addresses.

NashBrydges

@JaredBusch said in Marketing Campaign E-mail and Office365 - Check My Logic, Please:

I would need to see the ehaders, but I send email from a postfix relay with a valid return on my Office 365 server to other Office 365 users all the time and nothing is junked.

The only thing I did was to add the WAN IP of the location with the Postfix server as a new connector trusted by IP.

^^^ This ^^^ I did that for postfix and haven't had any spam flagging issues.

NetworkNerd

@JaredBusch said in Marketing Campaign E-mail and Office365 - Check My Logic, Please:

I would need to see the ehaders, but I send email from a postfix relay with a valid return on my Office 365 server to other Office 365 users all the time and nothing is junked.

The only thing I did was to add the WAN IP of the location with the Postfix server as a new connector trusted by IP.

Very similar to what you mention here, I think this is it - https://support.e2ma.net/Resource_Center/Account_how-to/how-to-whitelist-emma.

JaredBusch

@NetworkNerd said in Marketing Campaign E-mail and Office365 - Check My Logic, Please:

@JaredBusch said in Marketing Campaign E-mail and Office365 - Check My Logic, Please:

I would need to see the ehaders, but I send email from a postfix relay with a valid return on my Office 365 server to other Office 365 users all the time and nothing is junked.

The only thing I did was to add the WAN IP of the location with the Postfix server as a new connector trusted by IP.

Very similar to what you mention here, I think this is it - https://support.e2ma.net/Resource_Center/Account_how-to/how-to-whitelist-emma.

Not exactly. That is whitelisting entire IP blocks.