Recently, I've been seeing a spike in customer escalations saying that messages that aren't marked as spam are nevertheless getting sent to the Junk Mail folder. This is despite the message headers indicating that the message is non-spam, that is, the X-Forefront-Antispam-Report header says "SFV:NSPM" (Spam Filter Verdict: Non-spam) and "SCL:1".
The most common reason this happens is because the user has "Safe Lists Only" enabled in their Outlook email client, or has it set that way in Outlook Web Access (OWA).
For users whose mailboxes are hosted by Office 365, then if checking your email in OWA, there will be a yellow Safety Tip at the top of the message that says this:
If your organization has been enabled for inline Safety Tips, it will say the same thing. We are in the process of rolling this functionality out for everyone, so just wait if you don't see it yet in your non-OWA client.
For the user to check if that option is set, in Outlook navigate to Junk > Junk E-mail Options... and then look for the Safe Lists Only radio button. If selected, all non-safe-sendered traffic will go to Junk. There is nothing in the message headers that indicates that this option is set.
For a user checking it in OWA, click on Options (the 'gear' icon in the top right) > Block or Allow and then scroll down to the bottom for a checkbox Don't trust email unless it comes from someone in my Safe Senders or Recipients list:
The user may then select or deselect as desired. Checking the option may send a lot of email to Junk that is actually legitimate unless they have a large safe senders list (but having a lot of safe senders may cause spam or phish to get delivered to the inbox).
As an adminstrator, rather than having the user check their email in OWA for the yellow Safety Tip, or having them navigate Outlook or OWA, you can check it directly.
- Connect to Exchange Online using Powershell
- Run the following cmdlet:
Get-MailboxJunkEmailConfiguration firstname.lastname@example.org | fl TrustedListsOnly TrustedListsOnly : True
If the TrustedListsOnly is True, then it means that setting is enabled.
If your users are saying that messages are going to Junk despite them being marked as non-spam, you can start here. If that doesn't help, you may need to create a support ticket.
- Prevent email from being marked as spam in EOP and Office 365