Outlook displays phishing warnings when emails from CRMs via Sendgrid fail authentication due to spoofing attempts. This often stems from emails authenticating as Sendgrid, incomplete SPF records, missing DKIM signatures, or poor domain/IP reputation. Key solutions include ensuring SPF records cover all sending sources (including Sendgrid), implementing DKIM signing with your own domain (d=yourdomain.com), adopting a DMARC policy, monitoring domain/IP reputation, and ensuring proper alignment of SPF, DKIM, and DMARC. Authentication is not optional.
7 marketer opinions
Emails from CRMs sent via Sendgrid are often flagged as phishing in Outlook due to authentication issues. Common causes include incomplete SPF records, missing DKIM signatures, and poor domain/IP reputation. Implementing proper SPF, DKIM, and DMARC authentication, along with actively monitoring sending reputation and blocklists, are key to resolving these issues.
Marketer view
Email marketer from Reddit shares that implementing DKIM signing is crucial. By signing emails with a DKIM signature linked to your domain, you verify the email's authenticity and prevent it from being flagged as phishing.
3 Sep 2023 - Reddit
Marketer view
Email marketer from EmailGeeks Forum explains that setting up DKIM with your own domain (d=yourdomain.com) ensures that the email is signed by your organization, even when sent through Sendgrid, reducing the likelihood of phishing flags.
4 Dec 2022 - EmailGeeks Forum
3 expert opinions
Outlook displays phishing warnings on emails sent from CRMs through Sendgrid due to authentication issues. When emails authenticate as Sendgrid, they can appear as phishing attempts. Solutions involve ensuring SPF records cover all sending sources, implementing a DMARC policy, and signing emails with your own DKIM (d=yourdomain.com). Proper alignment of SPF, DKIM, and DMARC records is crucial.
Expert view
Expert from WtotheWise details that authentication is required, this requires that you are using SPF, DKIM, and DMARC records, and that they are aligned.
29 Nov 2024 - WtotheWise
Expert view
Expert from Spamresource explains that internal spoofing prevention is a frequent problem with hosted services. Ensure SPF records cover all sending sources and consider a DMARC policy to reject unauthenticated mail.
5 Jan 2023 - Spamresource
4 technical articles
Outlook flags emails as phishing when they fail authentication checks (SPF, DKIM, DMARC) due to spoofing attempts, especially when claiming to be from internal senders. Properly configured SPF records that include all authorized sending sources (like Sendgrid) and a well-defined DMARC policy are essential to prevent these warnings. The Sender Policy Framework (SPF) is designed to detect forged sender addresses.
Technical article
Documentation from Microsoft Learn explains that Outlook flags internal emails as phishing due to spoofing. If an email claims to be from an internal sender but fails authentication checks (SPF, DKIM, DMARC), Outlook may flag it as suspicious.
11 Jun 2022 - Microsoft Learn
Technical article
Documentation from Microsoft indicates that the Sender Policy Framework (SPF) is an email-authentication method designed to detect forging sender addresses during the delivery of email.
30 May 2021 - Microsoft
Are Sendgrid MTA retries damaging my sender reputation?
How can email senders and users prevent and identify phishing emails?
How do I get my emails out of spam for Hotmail and Outlook?
How can a phishing email pass SPF and DKIM authentication checks?
Do all email service providers support DMARC, and what does 'support' mean in this context?
How can I avoid Gmail security warnings on emails?
© 2025 Suped Pty Ltd