Messages going to Junk even though they aren't spam? Check to see if you have Safe-Lists-Only enabled

Recently, I've been seeing a spike in customer escalations saying that messages that aren't marked as spam are nevertheless getting sent to the Junk Mail folder. This is despite the message headers indicating that the message is non-spam, that is, the X-Forefront-Antispam-Report header says "SFV:NSPM" (Spam Filter Verdict: Non-spam) and "SCL:1".

The most common reason this happens is because the user has "Safe Lists Only" enabled in their Outlook email client, or has it set that way in Outlook Web Access (OWA).

For users whose mailboxes are hosted by Office 365, then if checking your email in OWA, there will be a yellow Safety Tip at the top of the message that says this:

2016-10-12-marked-junk-because-only-safe-senders-list

If your organization has been enabled for inline Safety Tips, it will say the same thing. We are in the process of rolling this functionality out for everyone, so just wait if you don't see it yet in your non-OWA client.

For the user to check if that option is set, in Outlook navigate to Junk > Junk E-mail Options... and then look for the Safe Lists Only radio button. If selected, all non-safe-sendered traffic will go to Junk. There is nothing in the message headers that indicates that this option is set.

2016-10-12-Outlook-junk-email-options 2016-10-12-Outlook-safe-senders-only

For a user checking it in OWA, click on Options (the 'gear' icon in the top right) > Block or Allow and then scroll down to the bottom for a checkbox Don't trust email unless it comes from someone in my Safe Senders or Recipients list:

2016-10-12-OWA-mail-options 2016-10-12-OWA-safe-senders-only

The user may then select or deselect as desired. Checking the option may send a lot of email to Junk that is actually legitimate unless they have a large safe senders list (but having a lot of safe senders may cause spam or phish to get delivered to the inbox).

As an adminstrator, rather than having the user check their email in OWA for the yellow Safety Tip, or having them navigate Outlook or OWA, you can check it directly.

  1. Connect to Exchange Online using Powershell
    .

  2.  Run the following cmdlet:

     Get-MailboxJunkEmailConfiguration user@example.com | fl TrustedListsOnly
    
    TrustedListsOnly : True
    

    If the TrustedListsOnly is True, then it means that setting is enabled.

If your users are saying that messages are going to Junk despite them being marked as non-spam, you can start here. If that doesn't help, you may need to create a support ticket.


Related article: