Re: Newsletter suddenly classified as 'phishing' by Microsoft. Now what?

Gerard_van_den_ · ‎04-12-2018

Today, for the first time, we got a message from a newsletter subscriber thatMicrosoft classified our message as phishing.

Did anybody bump into this issue? Any ideas how we could try to solve this?

SPF / DKIM should be ok we were told, even though the screen states 'Pending Configuration' for one of the domains.

Thanks for any suggestions.

Gerard.

Gerard_van_den_ · ‎04-13-2018

Today it seems the phishing alert is no longer appearing on the mail I started this thread with, however it's now classified as spam. Quite an improvement 😞

Shelly_Wilson · ‎04-12-2018

Samsies. Alerts I send myself from Marketo (example when lead completes form) are now arriving to Outlook with phising warnings

Cory_Gabor1 · ‎04-12-2018

Word on the street is that Microsoft has resolved this issue. I just ran a test on our email that was marked as phishing this AM and it worked fine.

Can anyone else confirm this?

Anna_Fuerstena4 · ‎04-12-2018

It's working fine for me as well.

Carla_Villaverd · ‎04-12-2018

Sent one to my email address. Didn't show the message.

Anonymous · ‎04-12-2018

I had the same issue just today! I thought it might be a code we're implementing to identify bot clicks - 1x1pixel link. The URL was not a real link so we switch it out and added an extra code to the end so that it was unique. I resent the same email that was flagged as phishing to myself and I got no alert saying it was spam phishing. Is there more to do to prevent this, sounds like it was bigger than my bot link thing?

Cory_Gabor1 · ‎04-12-2018

Hi Tiffany,

I read this from word to the wise on twitter:

People throughout the industry are reporting phishing notices in a lot of mail going through Microsoft properties this morning. I even got one in an email from one of my clients earlier today

Multiple people have talked to employees inside Microsoft, and I suspect their customers have been blowing up support about this. I know they’re aware, I suspect they’re frantically working on a fix.

Update 11 am PDT: It appears this filter is firing when mail has the word “hotmail” in it. This includes if non displaying text (like CSS) has the word in it. It feels like they were attempting to mitigate something and wrote a rule that wasn’t quite right. Still no word on a fix, but don’t panic.

Casey_Grimes · ‎04-12-2018

Hey folks,

The core problem that seems to be causing this is mentioning "hotmail" in your email, causing Microsoft servers to incorrectly display this message. Now, for most folks this should be a non-issue day to day, but if you have anything in your email code itself for Hotmail-specific rendering, you could run into this problem. For example, a very common email CSS declaration for Hotmail rendering is

.ExternalClass{width:100%;} /* Force Hotmail to display emails at full width */

In this case, you'd just want to strip your CSS comment.

Edit: Initial testing shows that "this email was sent to so-and-so@hotmail.com" does not trigger this effect, but going to continue to monitor the situation.

Dan_Stevens_ · ‎04-12-2018

Brilliant, Courtney! Just changed two instances of this in our template and we're back in business!!!

Anonymous · ‎04-12-2018

We've been having same problem and I just spotted that "very common" CSS declaration in the code. So another anecdotal vote in favor. Question is, what's the fix? The obvious answer is "remove the hotmail-specific code" - but there are downsides (ex. issues for hotmail users, though contingent on how many you have - not many for us as we're B2B). Not to mention that for my company at least we'd likely have to outsource having the template re-coded - seems simple but I've found deleting *anything* from the templates breaks them (possibly I'm doing it wrong - emphatically NOT a coder). And are we sure this is the cause...?

Thanks for the insights/validation, all.

Dan_Stevens_ · ‎04-12-2018

I replaced our two instances of the commented sections in our CSS with "MS email client".

Casey_Grimes · ‎04-12-2018

Hi Eleanor,

In this case, you just literally need to remove the CSS comment (the part between /* and */). The actual part that does the fix (.externalClass {width: 100%}) can stay and will still do what it needs to for fixing Hotmail's issues.

EDIT: As a quick PSA, the full set of Hotmail fixes you should be using are:

.ReadMsgBody{width:100%;}

.ExternalClass { width:100%; }

.ExternalClass, .ExternalClass p, .ExternalClass span, .ExternalClass font, .ExternalClass td, .ExternalClass div { line-height: 100%; }

Anonymous · ‎04-16-2018

Thanks, Courtney - very helpful guidance!

Steven_Vanderb3 · ‎04-12-2018

versus

Would ya look at that. Nice find Courtney Grimes

Steven_Vanderb3 · ‎04-12-2018

Looks like Microsoft fixed it, I can no longer replicate.

Will_Thomas · ‎04-12-2018

I think you might be onto something there Courtney. Your comment triggered the marketo thread update email to be identified as spam itself.

Dan_Stevens_ · ‎04-12-2018

For us, Courtney's reply was quarantined by our servers without me even receiving it! Thankfully I checked back here on the community to find the solution.

Chelsea_Kiko · ‎04-12-2018

You got it, Courtney! Here is one of the emails that this happened to today....

Chelsea_Kiko · ‎04-12-2018

same thing, here! Happened to our own email internally and for a large client. Update the thread if you guys hear anything else!

Steven_Vanderb3 · ‎04-12-2018

I forwarded along this topic to our Deliverability team to check into this. Looking at Twitter though, it might be something going on with Microsoft/Outlook. I see someone tweeting at Hubspot support asking why all their emails are being marked as phishing attempts with Microsoft too....