Why are my emails landing in Office 365 spam folders?
Michael Ko
Co-founder & CEO, Suped
Published 26 Jul 2025
Updated 15 May 2026
11 min read
Your emails are landing in Office 365 spam folders because Microsoft has seen a signal it does not like. The common causes are sender reputation, SPF, DKIM, or DMARC domain mismatch, poor list consent, a recent rise in bounces or complaints, a risky sending pattern, blocklist or blacklist listings, or content that matches Microsoft Defender filtering rules.
Subject line changes rarely fix this. Office 365 evaluates the sending IP, domain, authentication domain match, recipient behavior, message structure, links, complaints, and tenant policy. A plain message can still hit junk if the sender trail looks weak.
I would start by proving whether the issue is Office 365-wide or only happening in a few test inboxes. If several Microsoft 365 tenants, personal Outlook addresses, and business recipients place the same mail in junk, treat it as a Microsoft filtering problem. If only your tenant does it, inspect local rules, quarantine policy, and tenant-level allow or block settings.
For a quick independent check, send a live message to an email tester and compare the result with real Microsoft inbox tests. That gives you header-level evidence instead of guesswork.
The fastest way to diagnose Office 365 spam placement
Do not start with copy tweaks. Start with evidence. I want to know whether Microsoft is reacting to the sender, domain, recipient relationship, content, or recipient tenant. Each cause has a different fix.
Scope: Test across multiple Microsoft 365 tenants, Outlook.com addresses, and non-Microsoft inboxes. One inbox does not prove a broad issue.
Headers: Inspect Authentication-Results, SPF, DKIM, DMARC, SCL, BCL, and any Microsoft filtering verdicts in the received message.
Reputation: Check bounce rate, complaint rate, recent volume changes, and whether your sending IP or domain appears on a blocklist or blacklist.
Authentication: Confirm SPF and DKIM pass and that at least one of them matches the visible From domain for DMARC.
Permission: Verify that recipients actively opted in, that old addresses are suppressed, and that unsubscribes are honored quickly.
Do not rely on one seed inbox
A message going to junk in your own Microsoft 365 mailbox does not prove every recipient sees the same result. Filtering varies by tenant, recipient history, admin policy, user actions, and mailbox signals. Use several test recipients and compare headers before blaming domain reputation.
Six-step flowchart for diagnosing Office 365 spam placement.
If you use Suped, check domain health first, open the DMARC source breakdown, then review issues by sender. Suped connects DMARC, SPF, DKIM, blocklist monitoring, and issue detection in one place, so the clues are easier to act on.
0.0
What's your domain score?
Deep-scan SPF, DKIM & DMARC records for email deliverability and security issues.
Why Office 365 filters mail differently
Microsoft 365 uses its own filtering stack. A campaign can look fine in one provider and land in junk in Office 365 because Microsoft weighs the signals differently.
Office 365 is sensitive to business-mail risk. It has to defend companies against phishing, spoofing, impersonation, malware, compromised vendors, and bulk sales outreach. It can be stricter with new domains, shared ESP infrastructure, sudden volume changes, weak authentication, and unclear recipient relationships.
Signal
What it means
What to check
SCL
Spam confidence
Headers
BCL
Bulk confidence
Engagement
SPF
IP authorization
DNS record
DKIM
Signature trust
Selector
DMARC
Domain match
Aggregate reports
Common Microsoft signals that push mail toward junk.
Look at the headers from an Office 365 junk placement. Authentication-Results shows SPF, DKIM, and DMARC results. SCL gives spam confidence. BCL gives bulk confidence. A high BCL points more toward bulk classification and engagement than a broken DNS record.
Microsoft Defender portal message details showing junk placement and authentication results.
If the headers show authentication failures, fix those first. If authentication passes but SCL or BCL is high, move to reputation, consent, volume, and content. If only one tenant sends the message to junk, ask the recipient's admin to inspect message trace and policy verdicts.
The main causes and the specific fixes
Most Office 365 junk problems fall into a small set of buckets. Work through them in order. Do not skip authentication because the message is commercial, and do not skip permission because the DNS looks clean.
Technical causes
SPF: The sending service is missing, or the record exceeds the DNS lookup limit.
DKIM: The message is unsigned, signed by the wrong domain, or changed after signing.
DMARC: SPF and DKIM pass, but neither matches the visible From domain.
Infrastructure: The IP, rDNS, HELO, or shared sender pool has a poor trust history.
Reputation causes
Complaints: Recipients mark the mail as junk or ignore it often enough to create a negative signal.
Bounces: Old, mistyped, scraped, or purchased addresses make the sender look risky.
Volume: A new or dormant domain sends too much mail before trust has built up.
Consent: The sender believes the list opted in, but recipients do not remember signing up.
Authentication issues have the cleanest fixes. SPF must include the actual sending service. DKIM must sign with your domain or a closely related domain. DMARC needs a domain match, not just raw SPF or DKIM pass. A third-party ESP can pass SPF for its return-path domain while still failing DMARC for your visible From domain.
This is where DMARC monitoring matters. A DMARC monitoring view shows which services send as your domain, whether they pass SPF and DKIM, and whether the domains match. Suped's issue view turns those reports into specific fixes, including unauthorized senders, missing DKIM, SPF lookup problems, and policy staging.
The example above is for monitoring, not enforcement. It collects reports before quarantine or reject. Do not use a strict policy until legitimate senders pass with the right domain.
Issue steps to fix dialog showing the issue overview, tailored fix steps, and verification action
What to check in message headers
A received message header shows what Microsoft saw when it accepted the message. I check authentication first, then filtering scores, then routing details.
A good result has SPF or DKIM passing with a matching From domain. DKIM domain matching is usually more reliable for third-party senders because SPF depends on the return-path domain. If DKIM is not signed with your domain, DMARC can fail even when the sender is authorized.
SPF pass: Helpful only when the SPF-authenticated domain matches the visible From domain.
DKIM pass: Strongest when the signing domain is your organizational domain and the message is not modified after signing.
DMARC pass: Confirms that a passing SPF or DKIM result matches the visible From domain.
SCL high: Microsoft judged the message as spammy enough to route to junk or quarantine.
BCL high: Microsoft classified the message as bulk-like, often because of recipient behavior or sending pattern.
For DKIM-specific Microsoft failures, check selector records, old keys, forwarding modification, and tenant signing settings. If your symptoms point there, this note on Microsoft DKIM failures is the next place I would go.
How to fix the problem without guessing
The fix depends on which signal is failing. Broken DKIM needs DNS and signing changes. High complaints need list cleanup. Junking after a volume jump needs slower sending and better segmentation. Treating every issue as a content problem wastes time.
Investigation priority
Use these thresholds as practical triage signals, not universal provider rules.
My usual order is simple: fix authentication, check reputation, reduce risky sending, then retest with controlled samples. I would also separate transactional mail, customer lifecycle mail, and acquisition mail. Risky acquisition should not damage password resets or invoices.
Fix DNS: Validate SPF, DKIM, and DMARC for every real sender, including CRMs, marketing platforms, billing tools, and help desks.
Check reputation: Review complaints, bounces, unsubscribes, open changes, and blocklist or blacklist status.
Clean the audience: Suppress old, inactive, role-based, bounced, and unengaged addresses before sending more mail.
Reduce volume: Restart with your most engaged recipients and increase only after Microsoft inbox placement improves.
Retest carefully: Send the same message to controlled Microsoft and non-Microsoft inboxes, then compare headers and placement.
For DNS checks, start with SPF and DKIM validation. A focused SPF checker is helpful when Office 365 sees SPF temperror, permerror, or a missing include. Then verify the DKIM selector that signed the actual message, not just a selector you expect to exist.
Where Suped fits
Suped's product is built for this workflow: monitor DMARC, identify senders with domain mismatches, detect SPF and DKIM issues, watch blocklists, and send real-time alerts when failures rise. It is the stronger practical choice for most teams because it turns authentication and reputation data into clear next steps.
When the issue is list quality or consent
If SPF, DKIM, and DMARC are clean, look at the audience. Office 365 junk placement often comes down to whether recipients expect and want the mail. A list can be opted in and still perform poorly if the source is indirect, old, or vague.
Commercial mail needs a clear recipient relationship. If people signed up on a publisher site, make that relationship obvious. The From name, reply-to, footer, and preference center should explain why the person is receiving the email.
Risky sending
Consent: Opt-in source is unclear or too far removed from the sender brand.
Cadence: Large batches go to cold recipients with no recent engagement.
Suppression: Bounces, complaints, and unsubscribes are slow to leave the active list.
Cleaner sending
Consent: The signup source, sender, and message purpose are obvious to the recipient.
Cadence: Mail starts with recent openers and clickers before adding less active segments.
Suppression: Invalid addresses and negative signals are removed quickly from every system.
Bounces and complaints are the first metrics I would ask for if Office 365 has always treated the mail as junk. If the sender does not know those numbers, the diagnosis is incomplete.
If you send to Microsoft-heavy B2B lists, treat engagement as a deliverability input. Send first to recent engagers, remove long-inactive addresses, and keep unsubscribe simple.
Check reputation, blocklists, and sender data
A blocklist or blacklist listing is not always the root cause, but it is worth checking when Office 365 suddenly starts junking mail. Some listings are informational. Others affect filtering directly or indirectly. The useful question is whether the listed IP or domain matches the infrastructure used for the failing messages.
Use blocklist monitoring alongside DMARC data, not instead of it. A blocklist result tells you one reputation signal. DMARC reports tell you who is sending as your domain and whether those senders authenticate correctly. Together, they show whether the problem is a bad sender, a bad IP pool, or domain-level trust.
You should also collect provider-side data where it is available. Microsoft sender reputation data can help if you control the sending IPs. Google domain data is useful even when the visible pain is Office 365, because it confirms whether the issue is limited to Microsoft or part of a broader reputation decline.
Do not assume only Office 365 is affected
If Microsoft is the first provider where you noticed the problem, that does not prove other providers are fine. Check Gmail, Apple-hosted domains, Outlook.com, and business tenants separately. A reputation decline often appears unevenly before it becomes obvious everywhere.
A practical recovery plan for Microsoft inboxes
Recovery is controlled. Stop negative signals, prove technical legitimacy, and reintroduce mail to recipients who are most likely to engage. Do not blast the whole file after one DNS change.
Recovery focus by phase
Shift effort from diagnosis to controlled sending as evidence improves.
Diagnostics
Authentication
Audience cleanup
Retesting
Start by pausing the riskiest stream, usually cold acquisition, older commercial lists, or broad reactivation. Keep essential transactional mail running if it has separate authentication and reputation. Then fix DNS, remove problem senders, and send small batches to recently engaged Microsoft recipients.
Day one: Collect headers, DMARC results, bounce data, complaint data, recent volume changes, and blocklist or blacklist status.
Days two to three: Fix sender authentication, remove unverified sending sources, and suppress bad or stale addresses.
Week one: Send only to recent engagers and monitor Microsoft placement, replies, unsubscribes, and complaints.
Week two: Expand slowly if the Microsoft headers and placement improve. Keep poor segments suppressed.
If Microsoft keeps junking clean, expected mail after authentication and list fixes, ask a recipient admin to review the message. They can confirm whether the decision came from spam filtering, transport rules, tenant lists, impersonation protection, malware scanning, or quarantine policy.
For related Microsoft junk scenarios, the troubleshooting path is similar but the details change. This guide on Outlook junk placement is useful when authentication already passes but Microsoft still routes mail to junk.
Views from the trenches
Best practices
Check placement across several Microsoft tenants before treating one inbox as proof.
Review bounce, complaint, and open changes before rewriting subject lines or templates.
Use DMARC reports and headers together to find which sender Microsoft distrusts.
Common pitfalls
Assuming Office 365 is the only affected provider without checking other inboxes.
Treating active opt-in as enough when recipients do not recognize the sender brand.
Ignoring commercial mail reputation until multiple colleagues report junk placement.
Expert tips
Separate acquisition mail from transactional mail so reputation problems stay contained.
Use Microsoft-specific header fields to distinguish spam scoring from bulk scoring.
Pause cold or stale segments while testing fixes with recently engaged recipients.
Marketer from Email Geeks says one junk-folder test is useful, but it does not prove the same result for every recipient.
2020-02-27 - Email Geeks
Marketer from Email Geeks says the first checks should be bounce rates, complaint rates, and changes in open rates.
2020-02-27 - Email Geeks
The practical answer
Your emails are landing in Office 365 spam folders because Microsoft does not trust some part of the message, sender, audience, or route. The fix is to prove the scope, read the headers, repair authentication, check reputation, reduce bad audience signals, and retest carefully.
Suped is a practical way to manage that process because it brings DMARC, SPF, DKIM, hosted SPF, hosted DMARC, hosted MTA-STS, SPF flattening, blocklist monitoring, real-time alerts, and multi-domain reporting into one workflow. For most teams, that is simpler than checking DNS, XML reports, headers, and blocklists separately.
Spamhaus
0Spam
Cisco
NoSolicitado
URIBL
abuse.ro
ALPHANET
Anonmails
Ascams
BLOCKEDSERVERS
Calivent Networks
EFnet
JustSpam
Kempt.net
NordSpam
RV-SOFT Technology
Scientific Spam
Spamikaze
SpamRATS
SPFBL
Suomispam
System 5 Hosting
Team Cymru
Validity
www.blocklist.de Fail2Ban-Reporting Service
ZapBL
2stepback.dk
Fayntic Services
ORB UK
technoirc.org
TechTheft
