This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Microsoft 365 Defender grabbing too many emails

My connector from sophos to M365 broke last month. I got it fixed but not M365 defender is grabbing a ton of emails under the "Anti spam" policy. I cant seem to see where its going wrong. has anyone had these problems?

This thread was automatically locked due to age.

Parents

0 Stuart James over 1 year ago

Kayzee Taylor I have the same problem. What was your fix?
Cancel
Vote Up 0 Vote Down

Cancel
0 Kayzee Taylor over 1 year ago in reply to Stuart James

Stuart James I finally had to put in a ticket with SOPHOS and they are still working on it. The logs seem to be showing something odd
Cancel
Vote Up 0 Vote Down

Cancel
0 Stuart James over 1 year ago in reply to Kayzee Taylor

Sophia are still looking at it? After more than 3 weeks?
Cancel
Vote Up 0 Vote Down

Cancel
0 Kayzee Taylor over 1 year ago in reply to Stuart James

Yeah apparently its not a common issue, when they get back to me ill post the solution here!
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 1 year ago in reply to Kayzee Taylor

Hello Stuart,

I can see your case (06513956) was opened on May 10, and GES has left a note to share with you; it seems the emails were tagged as SPAM before they reached Sophos.

The engineer should be sharing the next steps in the following email.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 Stuart James over 1 year ago in reply to emmosophos

It’s happening for me as well, and I assume there’s other cases open that aren’t posting in these forums. It would be good for Sophos to find a solution ASAP and post it here publicly so people know how to fix it. At the moment, Microsoft is filtering SPAM, not Sophos, so we’re paying for something that’s not doing anything.

Sophos is the only SPAM provider that I’ve used that uses MS rules. Every other provider has the MX records point at them directly before forwarding to Microsoft. If the issue here is Microsoft related, it would make more sense for Sophos to co-ordinate with Microsoft directly to identify the issue and come up with a solution rather than every Sophos customer logging calls behind the scene individually.
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 1 year ago in reply to emmosophos

Hello Kayzee,

I don't see a case attached to your account for this issue. Can you share the Case ID?

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 Tom Foucha over 1 year ago in reply to Stuart James

Please make sure you see SCL -1 in the headers - for example:

X-Forefront-Antispam-Report: CIP:198.154.181.194;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:mfid-
Cancel
Vote Up 0 Vote Down

Cancel
0 Tom Foucha over 1 year ago in reply to Kayzee Taylor

Can you post the following line from one of the headers of the emails:

X-Forefront-Antispam-Report: CIP:198.154.181.194;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:mfid-
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Tom Foucha over 1 year ago in reply to Kayzee Taylor

Can you post the following line from one of the headers of the emails:

X-Forefront-Antispam-Report: CIP:198.154.181.194;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:mfid-
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data