Microsoft: Exchange Online flags legitimate emails as phishing
Microsoft is investigating an ongoing Exchange Online issue that mistakenly flags legitimate emails as phishing and quarantines them.
The incident began on February 5 and continues to affect Exchange Online customers, preventing them from sending or receiving emails.
"Some users' legitimate email messages are being marked as phish and quarantined in Exchange Online," Microsoft said in a service alert when it acknowledged the bug on Thursday.
"We've determined that the URLs associated with these email messages are incorrectly marked as phish and quarantined in Exchange Online due to ever-evolving criteria aimed at identifying suspicious email messages, as spam and phishing techniques have become more sophisticated in avoiding detection."
Over the weekend, Microsoft confirmed that the issue is caused by a new URL rule that incorrectly flags some URLs as malicious and the emails as phishing attempts.
"An updated URL rule intending to identify more sophisticated spam and phishing email messages is incorrectly quarantining legitimate email messages in Exchange Online, resulting in impact," it added.
While Microsoft has yet to disclose how many customers are affected or which regions are impacted by this ongoing issue, it has classified it as an incident, which typically involves noticeable user impact.
Until the issue is resolved, Microsoft is working to release quarantined emails and said that affected users may begin to see previously flagged messages in their inboxes.
"We're reviewing the release of quarantined messages for affected users and working on confirming legitimate URLs are unblocked," it noted on Saturday. "Some users may see their previously quarantined messages successfully delivered and we're working to confirm full remediation. We'll provide an estimated time to resolve when one becomes available."
Microsoft has addressed similar issues over the last several years, resulting in emails being quarantined or incorrectly tagged as spam or malicious. For instance, in March, an Exchange Online bug caused anti-spam systems to mistakenly quarantine some users' emails, and another one in May caused a machine learning model to incorrectly flag emails from Gmail accounts as spam.
More recently, in September, an anti-spam service bug mistakenly blocked Exchange Online and Microsoft Teams usersfrom opening URLs and quarantined some of their emails.
source: BleepingComputer
