Suped

How does Microsoft Office 365 filter or block emails based on URL reputation?

10 Marketer opinions2 Expert opinions5 Technical articles0 Resources

Summary

Microsoft Office 365 employs a multi-layered approach to filter or block emails based on URL reputation. Exchange Online Protection (EOP) analyzes URLs using blocklists, heuristic analysis, and reputation services. Safe Links in Defender for Office 365 provides real-time scanning and rewriting, warning users or blocking access to malicious sites. Advanced Delivery allows administrators to manage allow/block lists. External blocklists like Spamhaus and Google Safe Browsing are often integrated. Factors like domain age, URL content, presence in phishing/malware databases, user reporting, and the use of URL shorteners all influence reputation. Legitimate URLs can sometimes be flagged incorrectly, and maintaining a good sender reputation, along with proactive monitoring, is crucial.

Key findings

  • Multi-Layered Approach: Office 365 uses multiple methods (EOP, Safe Links, Advanced Delivery) to assess URL reputation.
  • External Blocklist Integration: Integration with external blocklists (Spamhaus, Google Safe Browsing) is common.
  • Reputation Factors: Factors like domain age, URL content, and phishing database presence influence reputation.
  • Shortlink Impact: The use of URL shorteners can negatively affect deliverability.
  • User Reporting Affects Reputation: User reporting of suspicious URLs impacts filtering decisions.
  • False Positives: Legitimate URLs can sometimes be incorrectly flagged.

Key considerations

  • Review EOP and Safe Links Settings: Regularly review and configure Exchange Online Protection and Safe Links settings.
  • Proactive Monitoring: Proactively monitor URL reputation using tools like Google Safe Browsing.
  • Minimize Shortlink Use: Minimize the use of URL shorteners to avoid potential penalties.
  • Monitor Sender Reputation: Maintain a good sender reputation to minimize the impact of URL filtering.
  • Test Email Deliverability: Test email deliverability with and without suspected URLs.
  • Respond to Flagged URLs: Take immediate action and request a review if URLs are flagged incorrectly.

What email marketers say
10Marketer opinions

Microsoft Office 365 filters or blocks emails based on URL reputation using a combination of factors. Low-reputation URLs, often associated with phishing or malware, can lead to email quarantining or blocking. URL shorteners may negatively impact reputation, and legitimate URLs can sometimes be incorrectly flagged. User reports of suspicious URLs contribute to Microsoft's internal blocklists. Maintaining a good sender reputation is crucial, and monitoring URL reputation using tools like Google's Safe Browsing is essential for proactive management.

Key opinions

  • URL Reputation Matters: Office 365 actively uses URL reputation to filter or block emails, impacting deliverability.
  • Quarantine and Blocking: Emails with low-reputation URLs are often quarantined or blocked outright.
  • Shorteners Impact: Using URL shorteners can negatively affect URL reputation and increase the likelihood of filtering.
  • False Positives Possible: Legitimate URLs can sometimes be flagged incorrectly, leading to false positives.
  • User Reporting: User reporting of suspicious URLs influences Microsoft's internal blocklists.
  • Sender Reputation: Maintaining a good sender reputation is crucial as URLs significantly impact this reputation.

Key considerations

  • Test Emails: Test sending emails with and without suspected URLs to gauge filtering behavior.
  • Monitor Reputation: Proactively monitor URL reputation using tools like Google's Safe Browsing status checker.
  • Address Flagged URLs: Take immediate action to resolve issues and request a review if URLs are flagged.
  • Avoid Shorteners: Minimize the use of URL shorteners to avoid potential reputation penalties.
  • Understand Shared Hosting: Be aware that shared hosting environments can sometimes lead to false positives.
Marketer view

Email marketer from Reddit explains that Office 365 uses URL reputation to determine if a message should be quarantined. If a URL is associated with phishing or malware, the email might be automatically moved to the quarantine folder.

September 2024 - Reddit
Marketer view

Email marketer from SenderScoreBlog explains that maintaining a good sender reputation is crucial. URLs in emails can significantly impact this reputation, and Microsoft 365 uses various reputation services to assess URLs and filter or block emails accordingly.

April 2022 - SenderScoreBlog
Marketer view

Email marketer from Email Deliverability Tips shares that it's essential to proactively monitor your URL reputation using tools like Google's Safe Browsing status checker. If your URLs are flagged, take immediate action to resolve the issues and request a review.

June 2024 - Email Deliverability Tips
Marketer view

Marketer from Email Geeks shares that in their experience, Microsoft is not very responsive or receptive to tickets regarding non-block issues.

June 2024 - Email Geeks
Marketer view

Email marketer from StackExchange shares that legitimate URLs can sometimes be flagged incorrectly due to shared hosting environments or temporary reputation dips. This can cause false positives and email delivery issues within Office 365.

September 2021 - StackExchange
Marketer view

Email marketer from EmailMarketingCommunity mentions that Microsoft 365 users can report suspicious URLs within emails. If a URL is frequently reported, Microsoft may add it to their internal blocklists, impacting future deliverability.

May 2023 - EmailMarketingCommunity
Marketer view

Email marketer from EmailDeliverabilityForum notes that if your emails contain links that are flagged as phishing attempts, Microsoft 365 will severely penalize your sender reputation, leading to blocking or filtering of your emails.

August 2022 - EmailDeliverabilityForum
Marketer view

Marketer from Email Geeks explains that Microsoft is known to block or filter emails based on low-reputation URLs. They suggest sending test emails with and without the suspected URL to a few test accounts.

June 2023 - Email Geeks
Marketer view

Email marketer from EmailSecurityBlog explains that using URL shorteners can sometimes negatively impact URL reputation. Since many shorteners are used for spam or malicious purposes, Office 365 may treat emails with shortened URLs with more suspicion.

January 2025 - EmailSecurityBlog
Marketer view

Email marketer from MXToolbox suggests using their URL reputation checker to evaluate the reputation of URLs. This can help identify if a URL is flagged by any blocklists or security services that Office 365 might use.

March 2024 - MXToolbox

What the experts say
2Expert opinions

Microsoft Office 365 filters emails based on URL reputation by assessing various factors including domain age, URL content, presence in phishing/malware databases, and use of URL shorteners. Negative signals from these factors increase the likelihood of filtering or blocking. Masking URLs with shortlink services can also result in lower reputation scores and impact deliverability.

Key opinions

  • Reputation Services and Signals: Microsoft employs reputation services and internal signals to assess URL safety.
  • Domain Age and Content: Domain age and the content hosted on the URL are key factors in determining reputation.
  • Phishing and Malware Databases: URLs present in phishing or malware databases are likely to be blocked.
  • Shortlink Impact: The use of URL shorteners can negatively impact URL reputation.

Key considerations

  • Avoid URL Shorteners: Minimize the use of URL shorteners to avoid being flagged as potentially malicious.
  • Maintain Domain Health: Ensure your domain has a good reputation by avoiding association with spam or malicious activities.
  • Monitor URL Content: Regularly review and ensure the content linked in your emails is safe and legitimate.
  • Be aware of Negative Signals: Be aware that there are many negative signals that can cause your deliverability to decrease.
Expert view

Expert from Word to the Wise explains that Microsoft uses various reputation services and internal signals to determine the safety of URLs. This includes factors like the age of the domain, the content hosted on the URL, and whether the URL is present in phishing or malware databases. URLs that trigger negative signals are likely to be filtered or blocked.

February 2024 - Word to the Wise
Expert view

Expert from Spam Resource explains that Microsoft will look to see if links within an email are masked using a shortlink service like bit.ly. These are common methods used by spammers to hide a URL's destination so they are given low reputation scores which impacts deliverability.

November 2024 - Spam Resource

What the documentation says
5Technical articles

Microsoft Office 365 utilizes several mechanisms to filter or block emails based on URL reputation, primarily through Exchange Online Protection (EOP) and Safe Links in Defender for Office 365. EOP analyzes inbound message URLs for malicious content using blocklists and heuristic analysis, potentially quarantining or blocking suspicious emails. Safe Links scans and rewrites URLs in real-time, blocking malicious links and warning users about suspicious sites. Office 365 also uses Advanced Delivery to manage allow/block lists and may integrate with external blocklists like Spamhaus and Google Safe Browsing to assess URL safety.

Key findings

  • EOP URL Analysis: Exchange Online Protection (EOP) analyzes URLs for malicious content using blocklists and heuristic analysis.
  • Safe Links Scanning: Safe Links in Defender for Office 365 provides real-time URL scanning and rewriting to block malicious links.
  • Advanced Delivery Controls: Advanced Delivery allows administrators to manage allow/block lists for IPs, domains, and URLs.
  • External Blocklist Integration: Office 365 integrates with external blocklists like Spamhaus and Google Safe Browsing.

Key considerations

  • Review EOP Policies: Regularly review and configure Exchange Online Protection (EOP) policies to effectively manage URL-based threats.
  • Enable Safe Links: Enable and configure Safe Links in Defender for Office 365 for real-time URL protection.
  • Manage Allow/Block Lists: Utilize Advanced Delivery to manage allow/block lists and bypass filtering for trusted senders.
  • Stay Informed on Blocklists: Be aware of the blocklists Office 365 uses and monitor your URLs' presence on these lists.
Technical article

Documentation from Microsoft Learn explains that Exchange Online Protection (EOP) analyzes URLs in inbound messages for malicious content. If a URL is deemed suspicious, the message can be blocked or sent to quarantine depending on the configured policies. This includes checking against known blocklists and using heuristic analysis.

May 2022 - Microsoft Learn
Technical article

Documentation from Microsoft Learn details Safe Links in Defender for Office 365. It describes how Safe Links provides URL scanning and rewriting of inbound email messages. When a user clicks a link, the URL is checked in real-time before the website is accessed. Malicious links are blocked, and users are warned about suspicious sites. This helps prevent phishing and malware attacks using URL reputation.

July 2021 - Microsoft Learn
Technical article

Documentation from Google Safe Browsing details that Office 365 may integrate with Google's Safe Browsing API to assess the safety of URLs. The Safe Browsing tool lets you check website status and is frequently used by security applications.

May 2021 - Google Safe Browsing
Technical article

Documentation from Microsoft Learn describes how Advanced Delivery helps manage allow and block lists of specific IP addresses or domains. It allows administrators to bypass filtering for known safe senders or domains and also add entries to the tenant allow/block list. It can also block domains and URLs based on reputation.

November 2024 - Microsoft Learn
Technical article

Documentation from Spamhaus details that Office 365 often uses blocklists like the Spamhaus Block List (SBL) and the Domain Block List (DBL) to filter emails. If a URL is listed on these blocklists due to spam or malicious activity, emails containing those URLs are likely to be blocked by Office 365.

August 2022 - Spamhaus

Related resources
0Resources

No related resources found.

Related questions