We are having issues with emails flagged as phishing by Defender (and not delivered) when the email contains URLs of a URL sandboxing service that performs security checks at click-time. One example of a URL that is currently triggering false positives is hxxps://blackflow[.]urlsand[.]com/?u=https%3A%2F%2Fwww.mailop.org%2F&e=20266bc5&h=91873bb2&f=y&p=y Anyway, any URL on this domain will be flagged as phishing.
urlsand.com is the URL sandboxing service that we developed and have been running for years, the third level domain is used for customers who want to whitelable the service with their own logos and brand colors. Recently, after a few days we deploy a new instance of the service, all the email containing URLs on the domain are flagged as phishing by Defender. URLs are rewritten for inbound emails by the ESG that sits in from the 365 tenant and, of course, the tenant owner can set an exception but any reply sent externally that contains one of these URLs will be flagged as phishing and not delivered to external recipients on 365. When recipients report the false positives to Microsoft, the reports are routinely closed with a “should have been blocked” clause, with no recourse or escalation path. Is there anybody on the list that I can get in touch with in order to sort out this issue? Cheers Rodolfo -- [signature_2066823468] Rodolfo Saccani | CTO Email: rodolfo.sacc...@libraesva.com<mailto:rodolfo.sacc...@libraesva.com> | Phone: +3903411880307<tel:+3903411880307> -- This message was scanned by Libraesva ESG and is believed to be clean.
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
