Suped

Why is Outlook displaying phishing warnings on emails sent from my CRM through Sendgrid, and how can I fix it?

Summary

Outlook displays phishing warnings when emails from CRMs via Sendgrid fail authentication due to spoofing attempts. This often stems from emails authenticating as Sendgrid, incomplete SPF records, missing DKIM signatures, or poor domain/IP reputation. Key solutions include ensuring SPF records cover all sending sources (including Sendgrid), implementing DKIM signing with your own domain (d=yourdomain.com), adopting a DMARC policy, monitoring domain/IP reputation, and ensuring proper alignment of SPF, DKIM, and DMARC. Authentication is not optional.

Key findings

  • Authentication Failure: Emails failing SPF, DKIM, and DMARC checks trigger phishing warnings.
  • SPF Incompleteness: Incomplete SPF records lacking Sendgrid's servers cause authentication failures.
  • DKIM Absence: Lack of DKIM signing with your own domain prevents verification of email authenticity.
  • Reputation Issues: Poor domain/IP reputation or blacklisting increases the likelihood of emails being marked as phishing.
  • Internal Spoofing: Hosted services are often open to Internal spoofing.
  • Auth as Sendgrid: Emails authenticating as Sendgrid can make it seem as if its an internal phishing attack
  • Authentication Required: SPF, DKIM and DMARC records are all required.

Key considerations

  • SPF Configuration: Update SPF records to include all authorized sending sources, like Sendgrid's IPs or domain.
  • DKIM Implementation: Set up DKIM signing with your own domain (d=yourdomain.com) to ensure emails are signed by your organization.
  • DMARC Adoption: Implement a DMARC policy to instruct mail servers on how to handle unauthenticated emails and prevent spoofing.
  • Reputation Monitoring: Regularly monitor domain/IP reputation on blocklists and address any issues promptly.
  • Dedicated IP: Consider using a dedicated IP address to build a positive sending reputation.
  • Alignment: Ensure that SPF, DKIM, and DMARC records are properly aligned.

What email marketers say

7 marketer opinions

Emails from CRMs sent via Sendgrid are often flagged as phishing in Outlook due to authentication issues. Common causes include incomplete SPF records, missing DKIM signatures, and poor domain/IP reputation. Implementing proper SPF, DKIM, and DMARC authentication, along with actively monitoring sending reputation and blocklists, are key to resolving these issues.

Key opinions

  • SPF Configuration: Incomplete SPF records that don't include Sendgrid's servers can cause authentication failures.
  • DKIM Signing: Lack of DKIM signing with your own domain makes it harder to verify email authenticity.
  • Domain/IP Reputation: Poor sending reputation and blacklisting can lead to emails being flagged as phishing.
  • Authentication: Authentication (DMARC, DKIM and SPF records) must be properly aligned.

Key considerations

  • Implement Authentication: Set up SPF, DKIM, and DMARC records to properly authenticate emails sent from your CRM via Sendgrid.
  • Monitor Reputation: Regularly check your domain and IP address against blocklists to identify and resolve reputation issues.
  • Dedicated IP: Consider using a dedicated IP address to build a positive sending reputation over time.
  • DKIM setup: When setting up DKIM, use your own domain (d=yourdomain.com) to sign emails even when sent through Sendgrid.

Marketer view

Email marketer from Reddit shares that implementing DKIM signing is crucial. By signing emails with a DKIM signature linked to your domain, you verify the email's authenticity and prevent it from being flagged as phishing.

3 Sep 2023 - Reddit

Marketer view

Email marketer from EmailGeeks Forum explains that setting up DKIM with your own domain (d=yourdomain.com) ensures that the email is signed by your organization, even when sent through Sendgrid, reducing the likelihood of phishing flags.

4 Dec 2022 - EmailGeeks Forum

What the experts say

3 expert opinions

Outlook displays phishing warnings on emails sent from CRMs through Sendgrid due to authentication issues. When emails authenticate as Sendgrid, they can appear as phishing attempts. Solutions involve ensuring SPF records cover all sending sources, implementing a DMARC policy, and signing emails with your own DKIM (d=yourdomain.com). Proper alignment of SPF, DKIM, and DMARC records is crucial.

Key opinions

  • Authentication as Sendgrid: Authenticating as Sendgrid can trigger phishing warnings in Outlook.
  • Internal Spoofing: Internal spoofing is a common problem with hosted services like Sendgrid.
  • Authentication Required: Proper authentication (SPF, DKIM, DMARC) and their alignment are essential for email deliverability.

Key considerations

  • DKIM Domain: Sign emails with your own domain in the DKIM (d=yourdomain.com).
  • SPF Coverage: Ensure SPF records include all sending sources, including Sendgrid.
  • DMARC Policy: Implement a DMARC policy to handle unauthenticated emails.
  • Authentication Alignment: Ensure SPF, DKIM, and DMARC records are properly aligned.

Expert view

Expert from WtotheWise details that authentication is required, this requires that you are using SPF, DKIM, and DMARC records, and that they are aligned.

29 Nov 2024 - WtotheWise

Expert view

Expert from Spamresource explains that internal spoofing prevention is a frequent problem with hosted services. Ensure SPF records cover all sending sources and consider a DMARC policy to reject unauthenticated mail.

5 Jan 2023 - Spamresource

What the documentation says

4 technical articles

Outlook flags emails as phishing when they fail authentication checks (SPF, DKIM, DMARC) due to spoofing attempts, especially when claiming to be from internal senders. Properly configured SPF records that include all authorized sending sources (like Sendgrid) and a well-defined DMARC policy are essential to prevent these warnings. The Sender Policy Framework (SPF) is designed to detect forged sender addresses.

Key findings

  • Spoofing Detection: Outlook flags emails as phishing to prevent spoofing, particularly internal spoofing.
  • Authentication Failure: Emails failing SPF, DKIM, and DMARC checks are often marked as suspicious.
  • DMARC Policy: A DMARC policy informs receiving mail servers how to handle emails failing authentication.
  • SPF Importance: Proper SPF records must include all sending sources, including Sendgrid.

Key considerations

  • Configure SPF: Ensure your SPF record includes all authorized sending sources to prevent emails failing SPF checks.
  • Implement DMARC: Establish a DMARC policy to instruct mail servers on handling unauthenticated emails, reducing phishing risks.
  • Authentication Alignment: Ensure that DKIM records are also properly configured, and that SPF and DKIM results align with the 'From' address to pass DMARC checks.
  • Regular Monitoring: Regularly monitor your domain's email authentication setup and adjust as needed to keep pace with evolving email security standards.

Technical article

Documentation from Microsoft Learn explains that Outlook flags internal emails as phishing due to spoofing. If an email claims to be from an internal sender but fails authentication checks (SPF, DKIM, DMARC), Outlook may flag it as suspicious.

11 Jun 2022 - Microsoft Learn

Technical article

Documentation from Microsoft indicates that the Sender Policy Framework (SPF) is an email-authentication method designed to detect forging sender addresses during the delivery of email.

30 May 2021 - Microsoft

Start improving your email deliverability today

Get a demo