Understanding Outlook 365 Filtering
Outlook 365 (Microsoft 365) uses multiple layers of filtering:
- Exchange Online Protection (EOP): Microsoft's cloud-based spam filtering
- Connection filtering: Checks IP reputation at connection time
- Content filtering: Analyzes message content for spam signals
- Organization policies: Admin-configured rules and safelist/blocklists
- User settings: Individual junk email preferences
Cause 1: Authentication Failures
Authentication is the most common cause of junk folder placement in Outlook 365.
SPF Failures
- Your sending IP is not listed in your SPF record
- SPF record has syntax errors
- Too many DNS lookups (exceeding the 10-lookup limit)
- Using incorrect mechanisms for your sending infrastructure
DKIM Failures
- DKIM signature is missing or invalid
- Public key in DNS does not match private key used for signing
- Message was modified in transit (breaking the signature)
- Selector in DNS is misconfigured
DMARC Failures
- Neither SPF nor DKIM passes with alignment
- From domain does not match authenticated domain
- DMARC policy is set to quarantine or reject and authentication fails
Check Authentication Headers
View the email headers in Outlook to see authentication results. Look for "Authentication-Results" and "X-Microsoft-Antispam" headers to understand why filtering occurred.
Cause 2: Poor Sender Reputation
Microsoft maintains reputation scores for sending IPs and domains.
IP Reputation Issues
- Your IP is on a blocklist
- Previous bad behavior from your IP (or nearby IPs)
- Insufficient sending history (new IP without warmup)
- Shared IP with poor-quality senders
Domain Reputation Issues
- History of spam complaints from your domain
- New domain without established reputation
- Domain associated with spammy content patterns
How to Check
Use Microsoft SNDS to view your IP reputation status. Register your sending IPs and monitor for color-coded reputation indicators.
Cause 3: Content Triggers
Outlook 365's content filters look for spam patterns in your messages.
Common Content Issues
- Excessive use of spam-associated words
- Too many links or images with little text
- Suspicious URLs or shortened links
- Misleading subject lines
- Mismatched display text and actual URLs
Formatting Problems
- Broken HTML that looks like spam templates
- Invisible text or hidden content
- Large attachments or suspicious file types
- All-image emails with no text alternative
Cause 4: Organization Policies
Outlook 365 admins can configure policies that affect your delivery.
Common Admin Settings
- Transport rules: Custom rules that route mail to junk
- Block lists: Your domain or IP explicitly blocked
- High spam sensitivity: Stricter filtering thresholds
- External sender warnings: Flagging messages from outside the organization
Organization-Specific Issues
If your emails reach some Outlook 365 recipients but not others, the issue may be organization-specific policies. The receiving organization's IT admin controls these settings.
How to Diagnose the Problem
Step 1: Check Message Headers
- Get a copy of a message that went to junk
- View full headers (in Outlook: File > Properties > Internet Headers)
- Look for X-Microsoft-Antispam header values
- Check Authentication-Results for pass/fail status
Step 2: Analyze SCL Score
The Spam Confidence Level (SCL) in headers indicates filtering severity:
- SCL -1: Message bypassed filtering
- SCL 0-4: Not spam, normal delivery
- SCL 5-6: Spam, delivered to junk folder
- SCL 7-9: High confidence spam
Step 3: Test Authentication
Use authentication testing tools to verify SPF, DKIM, and DMARC are passing correctly before sending to Outlook 365 recipients.
How to Fix Junk Folder Placement
- Fix any authentication failures (SPF, DKIM, DMARC)
- Check and improve IP reputation through SNDS
- Review content for spam triggers and clean up
- For organization-specific issues, contact the recipient's IT team
- Request recipients add you to their safe senders list
- Consider applying for the Junk Email Reporting Program (JMRP)