Emails getting lost without a trace is uncommon, but it can happen. Sometimes, you send an email campaign to your contact list, but an intended recipient doesn't receive the email. Your logs show that the email was delivered and accepted by the receiving mail server, yet it's nowhere to be found in the recipient's inbox or spam folder. And when you check, there was no bounce either, showing that the email was indeed received. So, what could be causing this?
In most cases, this happens when a mail server accepts the email, but then anti-spam filters perform additional checks. This situation is most common with business domains, because these systems provide email and IT teams with more configuration options than you get with personal email services.
Emails to business domains can be quarantined, meaning they are held back by the email filter, instead of being delivered to the recipient's mailbox or spam folder. This allows email and IT teams to monitor potential email spam or phishing attacks, and modify their security rules. Business email anti-abuse and security filter rules can be highly customized, even at the mailbox level. Therefore, an email might be rejected and quarantined for one recipient within the same organization, while others might receive it without any issues.
I asked a colleague of mine to provide me with some samples of quarantined messages from Microsoft 365 Defender tool and here are some common examples:
DetectionMethods | ConfidenceLevel | EmailAction |
{"Phish":["Impersonation domain"],"Spam":["Advanced filter"]} | {"Phish":"Normal","Spam":"Normal"} | Send to quarantine |
{"Phish":["URL malicious reputation"]} | {"Phish":"High"} | Send to quarantine |
{"Phish":["Mailbox intelligence impersonation"]} | {"Phish":"Normal"} | Send to quarantine |
{"Phish":["URL detonation reputation"]} | {"Phish":"High"} | Send to quarantine |
{"Phish":["File detonation reputation"],"Spam":["Advanced filter"]} | {"Phish":"High","Spam":"Normal"} | Send to quarantine |
{"Phish":["URL detonation reputation"],"Spam":["Advanced filter"]} | {"Phish":"High","Spam":"Normal"} | Send to quarantine |
{"Phish":["Impersonation user"]} | {"Phish":"Normal"} | Send to quarantine |
Email message patterns that trigger the "DetectionMethods" above with a "ConfidenceLevel" "Normal" or "High" will end up being quarantined and will not appear in the mailbox.
Explanations for some of these detection methods can be found online, like in this case where Microsoft explains what "URL detonation" means.
One crucial aspect to keep in mind is that these email filters can be triggered simply by sending yourself test emails, particularly if your email filters are configured to prevent phishing attacks. It's likely that your marketing and transactional emails will be sent using a subdomain of your organizational domain. For example, you might send a test email from sender@sub.domain.com to your own address name@domain.com. If you haven't informed your email or IT team to trust your marketing/transactional subdomain, your company's email filter may view these test emails as suspicious, and quarantine them.
Check your bounce and delivery reporting with your Email Service Provider (ESP) to verify that messages are delivered. If in doubt, check with your ESP Deliverability Support team. If messages show as bounced, this could indicate a larger underlying issue. However, if your delivery reporting does not show bounces (indicating delivery success), proceed with the next steps.
Contact your IT staff responsible for mail administration within your organization. They can help locate the quarantined message, explain what triggered the quarantine, and help explain what needs to happen to resolve the issue. Provide them with the following information:
Ask the recipient to contact their IT staff responsible for mail administration within their organization. They should provide the following details to their IT staff:
There may be various tools that cause similar issues out there, but all of them should have appropriate documentation on how to perform similar lookups.
Here are the two most common ones:
How to find and release quarantined messages using Google Workspaces
How to manage quarantined messages using Microsoft 365
What is next highly depends on your organization's security policy. Here are some options that should be considered:
a) Add the sender address to the "safe senders list", which would allow sender to bypass additional mail filtering by default;
b) Review your email content and locate any of the content blocks that may trigger quarantine rules;
c) Collaborate with Deliverability Support staff from your ESP to understand what can trigger quarantine rules;
I hope this article has been helpful in resolving your email delivery issues.
For more information, you can check other blog entries at SAP Community from our Deliverability team:
SAP Emarsys Deliverability Homepage
Best regards,
Vytis Marciulionis
Deliverability Manager
Emarsys an SAP Company
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
10 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |