Ok, I’ll keep talking to myself 😊 Here is how all the false positive reports to Microsoft end up:
[cid:image002.png@01DA0346.6FA09580] “Should have been blocked” is the standard resolution. This is clearly a false positive, the very same link on a different third level domain or on urlsand.com is allowed, some third level domains are classified as phishing and there is no way out other than attempting with a different third level domain. I wander what the review process looks like. Rodolfo Da: mailop <mailop-boun...@mailop.org> per conto di Rodolfo Saccani via mailop <mailop@mailop.org> Data: lunedì, 16 ottobre 2023 alle ore 08:17 A: mailop <mailop@mailop.org> Oggetto: [mailop] R: Contact in Microsoft 365 Defender for Outlook? Did anyone have similar issues? We’re hitting a rubber wall trying to correct Microsoft false positives in URL classification. Any suggestion would be greatly appreciated. Cheers Rodolfo Da: mailop <mailop-boun...@mailop.org> per conto di Rodolfo Saccani via mailop <mailop@mailop.org> Data: venerdì, 13 ottobre 2023 alle ore 11:15 A: mailop <mailop@mailop.org> Oggetto: [mailop] Contact in Microsoft 365 Defender for Outlook? We are having issues with emails flagged as phishing by Defender (and not delivered) when the email contains URLs of a URL sandboxing service that performs security checks at click-time. One example of a URL that is currently triggering false positives is hxxps://blackflow[.]urlsand[.]com/?u=https%3A%2F%2Fwww.mailop.org%2F&e=20266bc5&h=91873bb2&f=y&p=y Anyway, any URL on this domain will be flagged as phishing. urlsand.com is the URL sandboxing service that we developed and have been running for years, the third level domain is used for customers who want to whitelable the service with their own logos and brand colors. Recently, after a few days we deploy a new instance of the service, all the email containing URLs on the domain are flagged as phishing by Defender. URLs are rewritten for inbound emails by the ESG that sits in from the 365 tenant and, of course, the tenant owner can set an exception but any reply sent externally that contains one of these URLs will be flagged as phishing and not delivered to external recipients on 365. When recipients report the false positives to Microsoft, the reports are routinely closed with a “should have been blocked” clause, with no recourse or escalation path. Is there anybody on the list that I can get in touch with in order to sort out this issue? Cheers Rodolfo -- [signature_2066823468] Rodolfo Saccani | CTO Email: rodolfo.sacc...@libraesva.com<mailto:rodolfo.sacc...@libraesva.com> | Phone: +3903411880307<tel:+3903411880307> -- This message has been checked by Libraesva ESG and is believed to be clean. -- This message has been checked by Libraesva ESG and is believed to be clean. -- This message was scanned by Libraesva ESG and is believed to be clean.
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
