Suped

Why is Outlook displaying phishing warnings on emails sent from my CRM through Sendgrid, and how can I fix it?

7 Marketer opinions3 Expert opinions4 Technical articles5 Resources

Summary

Outlook displays phishing warnings when emails from CRMs via Sendgrid fail authentication due to spoofing attempts. This often stems from emails authenticating as Sendgrid, incomplete SPF records, missing DKIM signatures, or poor domain/IP reputation. Key solutions include ensuring SPF records cover all sending sources (including Sendgrid), implementing DKIM signing with your own domain (d=yourdomain.com), adopting a DMARC policy, monitoring domain/IP reputation, and ensuring proper alignment of SPF, DKIM, and DMARC. Authentication is not optional.

Key findings

  • Authentication Failure: Emails failing SPF, DKIM, and DMARC checks trigger phishing warnings.
  • SPF Incompleteness: Incomplete SPF records lacking Sendgrid's servers cause authentication failures.
  • DKIM Absence: Lack of DKIM signing with your own domain prevents verification of email authenticity.
  • Reputation Issues: Poor domain/IP reputation or blacklisting increases the likelihood of emails being marked as phishing.
  • Internal Spoofing: Hosted services are often open to Internal spoofing.
  • Auth as Sendgrid: Emails authenticating as Sendgrid can make it seem as if its an internal phishing attack
  • Authentication Required: SPF, DKIM and DMARC records are all required.

Key considerations

  • SPF Configuration: Update SPF records to include all authorized sending sources, like Sendgrid's IPs or domain.
  • DKIM Implementation: Set up DKIM signing with your own domain (d=yourdomain.com) to ensure emails are signed by your organization.
  • DMARC Adoption: Implement a DMARC policy to instruct mail servers on how to handle unauthenticated emails and prevent spoofing.
  • Reputation Monitoring: Regularly monitor domain/IP reputation on blocklists and address any issues promptly.
  • Dedicated IP: Consider using a dedicated IP address to build a positive sending reputation.
  • Alignment: Ensure that SPF, DKIM, and DMARC records are properly aligned.

What email marketers say
7Marketer opinions

Emails from CRMs sent via Sendgrid are often flagged as phishing in Outlook due to authentication issues. Common causes include incomplete SPF records, missing DKIM signatures, and poor domain/IP reputation. Implementing proper SPF, DKIM, and DMARC authentication, along with actively monitoring sending reputation and blocklists, are key to resolving these issues.

Key opinions

  • SPF Configuration: Incomplete SPF records that don't include Sendgrid's servers can cause authentication failures.
  • DKIM Signing: Lack of DKIM signing with your own domain makes it harder to verify email authenticity.
  • Domain/IP Reputation: Poor sending reputation and blacklisting can lead to emails being flagged as phishing.
  • Authentication: Authentication (DMARC, DKIM and SPF records) must be properly aligned.

Key considerations

  • Implement Authentication: Set up SPF, DKIM, and DMARC records to properly authenticate emails sent from your CRM via Sendgrid.
  • Monitor Reputation: Regularly check your domain and IP address against blocklists to identify and resolve reputation issues.
  • Dedicated IP: Consider using a dedicated IP address to build a positive sending reputation over time.
  • DKIM setup: When setting up DKIM, use your own domain (d=yourdomain.com) to sign emails even when sent through Sendgrid.
Marketer view

Email marketer from Reddit shares that implementing DKIM signing is crucial. By signing emails with a DKIM signature linked to your domain, you verify the email's authenticity and prevent it from being flagged as phishing.

May 2023 - Reddit
Marketer view

Email marketer from EmailGeeks Forum explains that setting up DKIM with your own domain (d=yourdomain.com) ensures that the email is signed by your organization, even when sent through Sendgrid, reducing the likelihood of phishing flags.

June 2022 - EmailGeeks Forum
Marketer view

Email marketer from Sendgrid details that if your CRM sends emails on behalf of your domain through Sendgrid, ensure Sendgrid's servers are included in your domain's SPF record. An incomplete SPF record is a common cause for emails failing authentication.

September 2023 - Sendgrid
Marketer view

Email marketer from Stack Overflow shares that using a dedicated IP address for sending emails from your CRM helps build a positive sending reputation, which reduces the chances of emails being marked as phishing.

June 2024 - Stack Overflow
Marketer view

Email marketer from Mailhardener shares that authentication is not optional, they recommend implementing SPF, DKIM and DMARC.

September 2024 - Mailhardener
Marketer view

Email marketer from EasyDMARC describes some of the common reasons for poor email deliverability. They include SPF, DKIM and DMARC configuration issues.

September 2021 - EasyDMARC
Marketer view

Email marketer from DNSQueries explains that regularly monitoring your domain's reputation and IP address on blocklists helps identify and address any issues that might cause emails to be flagged as phishing.

April 2023 - DNSQueries

What the experts say
3Expert opinions

Outlook displays phishing warnings on emails sent from CRMs through Sendgrid due to authentication issues. When emails authenticate as Sendgrid, they can appear as phishing attempts. Solutions involve ensuring SPF records cover all sending sources, implementing a DMARC policy, and signing emails with your own DKIM (d=yourdomain.com). Proper alignment of SPF, DKIM, and DMARC records is crucial.

Key opinions

  • Authentication as Sendgrid: Authenticating as Sendgrid can trigger phishing warnings in Outlook.
  • Internal Spoofing: Internal spoofing is a common problem with hosted services like Sendgrid.
  • Authentication Required: Proper authentication (SPF, DKIM, DMARC) and their alignment are essential for email deliverability.

Key considerations

  • DKIM Domain: Sign emails with your own domain in the DKIM (d=yourdomain.com).
  • SPF Coverage: Ensure SPF records include all sending sources, including Sendgrid.
  • DMARC Policy: Implement a DMARC policy to handle unauthenticated emails.
  • Authentication Alignment: Ensure SPF, DKIM, and DMARC records are properly aligned.
Expert view

Expert from WtotheWise details that authentication is required, this requires that you are using SPF, DKIM, and DMARC records, and that they are aligned.

April 2022 - WtotheWise
Expert view

Expert from Spamresource explains that internal spoofing prevention is a frequent problem with hosted services. Ensure SPF records cover all sending sources and consider a DMARC policy to reject unauthenticated mail.

May 2023 - Spamresource
Expert view

Expert from Email Geeks explains that if email is authenticating (DKIM or SPF) as Sendgrid, then it’s going to look like phishing and the warning is legit. She suggests signing with your own d= in the DKIM to see if that makes the warning go away.

January 2024 - Email Geeks

What the documentation says
4Technical articles

Outlook flags emails as phishing when they fail authentication checks (SPF, DKIM, DMARC) due to spoofing attempts, especially when claiming to be from internal senders. Properly configured SPF records that include all authorized sending sources (like Sendgrid) and a well-defined DMARC policy are essential to prevent these warnings. The Sender Policy Framework (SPF) is designed to detect forged sender addresses.

Key findings

  • Spoofing Detection: Outlook flags emails as phishing to prevent spoofing, particularly internal spoofing.
  • Authentication Failure: Emails failing SPF, DKIM, and DMARC checks are often marked as suspicious.
  • DMARC Policy: A DMARC policy informs receiving mail servers how to handle emails failing authentication.
  • SPF Importance: Proper SPF records must include all sending sources, including Sendgrid.

Key considerations

  • Configure SPF: Ensure your SPF record includes all authorized sending sources to prevent emails failing SPF checks.
  • Implement DMARC: Establish a DMARC policy to instruct mail servers on handling unauthenticated emails, reducing phishing risks.
  • Authentication Alignment: Ensure that DKIM records are also properly configured, and that SPF and DKIM results align with the 'From' address to pass DMARC checks.
  • Regular Monitoring: Regularly monitor your domain's email authentication setup and adjust as needed to keep pace with evolving email security standards.
Technical article

Documentation from Microsoft Learn explains that Outlook flags internal emails as phishing due to spoofing. If an email claims to be from an internal sender but fails authentication checks (SPF, DKIM, DMARC), Outlook may flag it as suspicious.

November 2024 - Microsoft Learn
Technical article

Documentation from Microsoft indicates that the Sender Policy Framework (SPF) is an email-authentication method designed to detect forging sender addresses during the delivery of email.

April 2024 - Microsoft
Technical article

Documentation from DMARC.org explains DMARC policy. A DMARC policy tells receiving mail servers how to handle emails that fail SPF and DKIM checks, helping to prevent spoofing and phishing.

June 2024 - DMARC.org
Technical article

Documentation from RFC explains that the SPF record should include all authorized sending sources, including Sendgrid's IPs or domain. Failure to include all sources will cause emails to fail SPF checks, leading to potential phishing warnings.

March 2025 - RFC

Related resources
5Resources

Email Advice for Newbies - Tips - Bubble Forum
Email Advice for Newbies - Tips - Bubble Forum

First off, apologies for the long read but I feel some really need to know some of this information before continuing… I work for a financial institution as an email developer and CRM associate and have worked in the email industry for the past seven years, so I’ve picked up some knowledge on how to go about email correctly. I am not affiliated with any tools/platforms. I am also by no means an expert but I thought it was important to share my two cents on what seems to be a widespread issue ...

Bubble Forum
Delivered, Bounced, Blocked & Deferred Emails | SendGrid
Delivered, Bounced, Blocked & Deferred Emails | SendGrid

Understand the differences between delivered, bounced, blocked, and deferred emails and how to use this data to improve your email program.

SendGrid
Email Delivery Failure: 12 Common Causes (& How to Fix Them ...
Email Delivery Failure: 12 Common Causes (& How to Fix Them ...

Avoid email delivery failure by learning about the most common causes and easy fixes for getting back into your subscribers' inboxes.

SendGrid
HubSpot Community - Malicious links being reported by Microsoft ...
HubSpot Community - Malicious links being reported by Microsoft ...

Hello, we have had an issue develop in the last week or two where the links in our emails direct users to a "malicious website" warning from Microsoft Office 365. I should point out that this is not happening on emails going out via Hubspot, as far as I know, but rather through another email vendor ...

community.hubspot.com
How to Fix 'Be Careful With This Message' Error in Gmail (2025)
How to Fix 'Be Careful With This Message' Error in Gmail (2025)

Are you seeing 'be careful with this message' on your Gmail or G-Suite emails? Work through our checklist to fix these errors in Google mail.

WP Mail SMTP

Related questions