Share via

365 Emails being quarantined

Craig Rees 0 Reputation points
2026-03-27T18:20:35.3933333+00:00

I have MS 365 and have outlook set up as my primary email domain. Approx 4 months ago, a customer informed me that my DMARC security was out of date and causing my emails to be quarantined. I then contacted 123.Reg who host my domain and they updated the relevant security etc.

Now, since the original issue, every time I email a new customer using a brand new email address, my emails are being quarantined again.

This does not happen to addresses already in my contact list, does any one have any ideas how to fix this as I am losing potential business. Thank you

Microsoft 365 and Office | Microsoft 365 Defender | Other | Windows
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. EmilyS726 234.5K Reputation points Independent Advisor
    2026-03-27T18:54:48.5333333+00:00

    Hello

    What is your email address domain? For example, @business.com?

    Was this answer helpful?

  2. AI answer

    2026-03-27T18:20:57.58+00:00

    The symptoms indicate that messages are being treated as suspicious by recipients’ Microsoft 365 filtering, especially for new recipients who have no prior interaction history with the domain. The fix is to strengthen and verify the domain’s email authentication and then use Defender/Quarantine workflows on the recipient side to train Microsoft 365 that the mail is legitimate.

    Use the following steps:

    1. Verify DNS and email authentication
      • Confirm that DNS is correctly configured for the sending domain (MX, SPF, DKIM, and DMARC) with the domain host. Incorrect or incomplete DNS can cause filtering issues.
      • Ensure SPF, DKIM, and DMARC are all in place and valid for the domain, as these are key signals for Microsoft 365 filtering and sender reputation.
      • Follow a gradual DMARC rollout: start with p=none, monitor, then move to p=quarantine, and finally p=reject only after confirming that all legitimate senders for the domain pass DMARC. See the DMARC rollout guidance in the context.
    2. Improve and monitor sender reputation
      • Microsoft 365 uses multiple factors to decide whether to quarantine: sending IP reputation, domain reputation, email authentication, list accuracy, complaint rates, and content.
      • Ensure that:
        • No bulk or unsolicited mail is being sent from the domain.
        • Mailing lists are clean (no high bounce or complaint rates).
        • Content is not spam-like.
      • If using a new IP or recently changed sending infrastructure, expect a ramp-up period while the IP builds reputation. Maintain low complaint rates and accurate lists during this period.
    3. Use DMARC monitoring to detect issues
      • With DMARC set to p=none initially, review DMARC aggregate and forensic reports to see which messages fail DMARC and why (SPF/DKIM alignment issues, unexpected senders, etc.).
      • Fix any legitimate sources that are failing DMARC before tightening the policy.
    4. Work with affected customers’ admins
      • When a customer reports that messages are quarantined in Microsoft 365:
        • Ask their Microsoft 365 admin to check the Microsoft Defender for Office 365 quarantine and release the messages.
        • Admins should submit released messages to Microsoft as false positives and optionally create a temporary allow entry in the Tenant Allow/Block List. This helps Microsoft learn that the messages are legitimate and reduces future quarantining.
        • End users can also release and submit quarantined messages from their quarantine email digests, which further trains the system.
    5. Continue tuning until false positives stop
      • After submissions, Microsoft adjusts filtering based on verdicts. If false positives are due to organization configuration on the recipient side, their admins can adjust policies (for example, anti-spam/anti-phishing actions) to reduce quarantine and prefer delivery to Junk Email instead.
      • On the sending side, keep monitoring DMARC/SPF/DKIM and reputation signals and avoid any practices that might look like spam.

    If, after DNS and authentication are fully correct and reputation is clean, messages are still consistently quarantined across multiple Microsoft 365 tenants, the next step is for an affected recipient’s admin to open a support case with Microsoft and reference the false-positive submissions so the service-wide filters can be adjusted.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.