Office 365 - Requests to bypass spam scanning
All email received for delivery to UW-Madison Office 365 accounts is scanned for viruses and spam content. This document covers some of the reasons why people request exceptions to bypass our spam scanning.
Messages Not Received
If you have reason to believe that you are missing mail please see Office 365 - I can't find a message, or a message was not delivered or received. If you determine that the message was routed to your Junk Email folder you can report that the message has been misclassified as spam/phishing. See Office 365 - Submit a message as spam/phishing for more information on submitting misclassified spam.
Messages Returned to Sender
External senders can experience delivery issues to a UW-Madison email address for a variety of reasons. It is important for us to identify the root cause. If a colleague or business partner is receiving a bounced email message when they send to you we need very specific information in order to investigate.
- Error Message - Typically when a message is returned to Sender it includes an error message/code that indicates the source of the issue.
- Date/Time the message was originally sent
- Sender email address
- Recipient email address
- Subject of the message
Vendor Requests for Exemptions
It is not unusual for 3rd party vendors to suggest that we exempt them from spam scanning in order to ensure delivery to inboxes. This is not an available option in our environment and if the vendor is following email sending best practices an exemption should be unnecessary. Legitimate email senders will publish SPF and DMARC DNS records for their email domains and DKIM sign the messages to demonstrate the authenticity of the message. We have a number of Knowledgebase articles that specifically address DMARC compliance.
If you are working with a vendor to send messages to campus recipients we recommend that you send test messages ahead of the scheduled distribution date so you can evaluate and correct any issues. The Office 365 team can assist you by reviewing logs related to the test messages and validating that there are no red flags with the messages or with the DMARC configuration of the sending domain.