Have you noticed a problem with any of your email newsletters or CRM messages getting blocked recently? Or perhaps you’ve had a problem receiving email from a customer and having it go straight to a quarantine or junk folder?

If you have, you aren’t alone.

In March, Microsoft made some big updates to their email security in Microsoft 365 accounts to protect against phishing. These have caused many people to wonder why emails that got through before are suddenly being blocked.

Our NetCare Technology Success Team did an initial investigation when clients were first reporting a blocked email problem. We quickly found that only some emails from certain senders were being sent to a junk folder, not all of them.


Because the anti-phishing protection was working perfectly, and the emails being blocked were those that were not correctly approved to send email on a specific domain.

Let’s break that down.

Why Are Legitimate Emails Blocked?

What happens in many phishing attacks is that the attacks will spoof a company’s domain address, even through the email isn’t really being sent by their mail server.

For example, a phishing attacker might use “info@acmecompany.com” in the “From” address of the message. But that scammer doesn’t work at that company and the mail is actually being sent from the attacker’s server.

They use the email address of the legitimate company in the “From” line to try to fool the recipient into thinking it’s coming from that company

This is called email spoofing and it’s the tactic that Microsoft’s anti-phishing protection is was designed to protect against.

So why are legitimate emails being blocked?

Because when companies use an email service like MailChimp or a CRM application like Zoho or the Contact Us form on their website, those apps can send emails that use your company’s domain in the “From.” Most businesses want emails facilitated by these apps to use their address so customers will recognize it.

But if proper email authentication isn’t used when the messages are sent from those apps, then this is also email spoofing and that’s why it’s being caught in the Microsoft 365 anti-phishing net.

Read on to find out how this is corrected through the use of three email security protocols.

Proper Email Authentication with a 3-pronged Solution (SPF, DKIM & DMARC)

Phishing was a major problem even before the pandemic, but it’s been accelerated as scammers try to take advantage of the crisis.

Since the pandemic, phishing attacks have increased by more than 650%. This is the reason for stronger phishing protections from companies like Microsoft.

The solution isn’t reducing your email security! Instead, it’s using three specific frameworks designed to work together to ensure your emails are properly authenticated so mail servers will allow them through.

If you have a case of a client’s email not getting through to you, then share this blog with them so they’ll know what to do to correct the issue.

How to Use SPF, DKIM & DMARC for Email Authentication

Email authentication is about having specific data contained in your email message that tells the recipient’s mail server that you are the legitimate sender for the domain showing up in the From address line.

Using authentication is basically saying, “I’m not a spoofed email, you can let me through.” This stops instances where messages are rejected or put in a junk folder when the sending email server and the From domain address don’t match.

The three protocols are used together to create that authentication message.

What Is SPF?

SPF, or Sender Policy Framework, is the first layer in the 3-pronged authentication approach.

When you set up SPF, you define on your mail server which IP addresses are allowed to send an email for your email domain. If the IP address of an incoming message matches the ones your server has designated, the message is accepted.

By adding IP addresses, per instructions from providers like Mailchimp, you can include them as approved senders.

What is DKIM?

The next layer of email authentication is DKIM (DomainKeys Identified Mail). This authentication method virtually “takes the baton” from SPF and goes a step further in the authentication process.

DKIM uses encryption keys, one on your mail server, and one embedded in the message. The use of the keys allows the receiving mail server to confirm the email was sent legitimately AND that it hasn’t had any email headers altered during the transmission process.

What is DMARC?

Bringing the first two layers together and adding yet another layer to the authentication process is DMARC (Domain-Based Message Authentication Reporting and Conformance).

This protocol first confirms that both the SPF protocol and DKIM protocol have passed the authentication test and that the email is from an approved sender for that domain.

Next, DMARC tells the receiving email server what to do if those two authentication methods don’t pass (i.e. send to “junk” or reject). An additional step is that DMARC can also enable the receiving mail server to report back about any messages that pass/fail the DMARC test, giving you valuable information, such as a heads up if someone is trying to spoof your email address.

How Do I Get Email Authentication Going for My Company?

NetCare experts can help you put the trio of SPF, DKIM, and DMARC in place to ensure your emails aren’t bounced when they shouldn’t be and to protect you from having your email spoofed in phishing attacks.

Contact us today to schedule a consultation. Call (02) 9114 9920 or reach out online.