Messages going to Junk even though they aren’t spam? Check to see if you have Safe-Lists-Only enabled

Recently, I've been seeing a spike in customer escalations saying that messages that aren't marked as spam are nevertheless getting sent to the Junk Mail folder. This is despite the message headers indicating that the message is non-spam, that is, the X-Forefront-Antispam-Report header says "SFV:NSPM" (Spam Filter Verdict: Non-spam) and "SCL:1".

The most common reason this happens is because the user has "Safe Lists Only" enabled in their Outlook email client, or has it set that way in Outlook Web Access (OWA).

For users whose mailboxes are hosted by Office 365, then if checking your email in OWA, there will be a yellow Safety Tip at the top of the message that says this:


If your organization has been enabled for inline Safety Tips, it will say the same thing. We are in the process of rolling this functionality out for everyone, so just wait if you don't see it yet in your non-OWA client.

For the user to check if that option is set, in Outlook navigate to Junk > Junk E-mail Options... and then look for the Safe Lists Only radio button. If selected, all non-safe-sendered traffic will go to Junk. There is nothing in the message headers that indicates that this option is set.



For a user checking it in OWA, click on Options (the 'gear' icon in the top right) > Block or Allow and then scroll down to the bottom for a checkbox Don't trust email unless it comes from someone in my Safe Senders or Recipients list:



The user may then select or deselect as desired. Checking the option may send a lot of email to Junk that is actually legitimate unless they have a large safe senders list (but having a lot of safe senders may cause spam or phish to get delivered to the inbox).

As an adminstrator, rather than having the user check their email in OWA for the yellow Safety Tip, or having them navigate Outlook or OWA, you can check it directly.

  1. Connect to Exchange Online using Powershell
  2.  Run the following cmdlet:
    Get-MailboxJunkEmailConfiguration | fl TrustedListsOnly
    TrustedListsOnly : True

    If the TrustedListsOnly is True, then it means that setting is enabled.

If your users are saying that messages are going to Junk despite them being marked as non-spam, you can start here. If that doesn't help, you may need to create a support ticket.

Related article:

  • Prevent email from being marked as spam in EOP and Office 365

Comments (5)
  1. pascal says:

    from my side I saw:
    SFV:NSPM on headers with emails going to spam while filter configuration was correctly sent.
    Support (always a different personn) said me they didn’t see any problem with the IP but: 1/ all our tests on various mailboxes went to spam, 2/ open rate dropped …
    It is a transactionnal IP with usually 70% open rate ! Only Microsoft mailboxes are impacted.
    Ticket id: SRX1359451342ID

    1. tzink says:

      SFV:NSPM is for Office 365.

      The 70% open rate comes from Hotmail, which is a different system. You’ll need to go through the regular support process using the Hotmail/ SNDS portal.

      1. pascal says:

        Ticket id: SRX1359451342ID comes from regular support from snds portal
        Could you take a look at it please ?

      2. pascal says:

        >SFV:NSPM is for Office 365.
        > The 70% open rate comes from Hotmail, which is a different system

        To have office 365 headers on is confusing, even more if it contains office 365 data saying the opposite of reality we see on

  2. pascal says:

    I was surprised to see senders on my white list / blocklists
    while I never asked for that (I speak about
    I cleaned both lists and now emails arrive in spam 🙁 !!
    Once again trusted list only filter is not activated.
    I am not sure the system works well.

Comments are closed.

Skip to main content