What is SCL and how does it affect Outlook 365 deliverability?

SCL (Spam Confidence Level) is a score assigned by Microsoft 365 to each incoming email, indicating its likelihood of being spam. A score of 5 or higher usually means the email will be directed to the junk folder. This score is influenced by sender reputation, content, and authentication status.

How do SPF, DKIM, and DMARC prevent emails from being marked as junk?

SPF, DKIM, and DMARC are email authentication protocols that verify the sender's identity and ensure the email hasn't been forged or tampered with. Proper configuration of these records is crucial because failures signal to Outlook 365 filters that an email might be suspicious, leading to it being marked as junk or phishing.

Why are my password reset emails ending up in junk in Outlook 365?

Password reset emails, especially those with single-use links, can be flagged due to Microsoft's advanced link scanning. Their filters may click these links in a sandboxed environment, inadvertently expiring them before the legitimate user can use them, which can trigger suspicious behavior warnings. It's recommended to restructure these links to require user interaction before expiration.

Can a sudden increase in junk flags indicate a blocklist issue?

Yes, a sudden increase in junk flags can definitely indicate a blocklist (or blacklist) issue. If your sending IP or domain is listed on a blocklist, it will severely impact your deliverability to Outlook 365 and other providers. Regularly checking relevant blocklists is a critical part of monitoring your sender reputation.

What is sender reputation and how does it impact Outlook 365?

Sender reputation is your sending domain's trustworthiness based on factors like complaint rates, bounce rates, and engagement. A low sender reputation is a primary reason emails land in the junk folder, as it signals to Outlook 365 that your emails may not be wanted or are associated with unwanted sending practices.

Why are emails being marked as junk or phishing in Outlook 365? - Troubleshooting - Email deliverability - Knowledge base

Many businesses and individuals are finding their legitimate emails consistently flagged as junk or even phishing in Outlook 365. This can be a frustrating experience, leading to missed communications and reduced engagement. Understanding why this happens is the first step toward resolving these deliverability challenges.

This challenge has become more prevalent, with many noticing a significant increase in junk placement issues for Outlook.com and Office 365 addresses. Even emails sent through various Email Service Providers (ESPs) are affected, often receiving a Spam Confidence Level (SCL) score of 5 or higher. This suggests a potential shift in how Microsoft's filters are evaluating incoming mail.

I often find that merely changing the sending domain or adjusting email content can sometimes get messages to the inbox, but the sheer volume of these incidents has escalated significantly. This points to a need for a deeper understanding of the underlying causes and effective strategies to combat this growing issue.

Outlook 365's filtering mechanisms

Microsoft's email filtering mechanisms are constantly evolving to combat spam and phishing attempts. At the core of Outlook 365's defense is the Spam Confidence Level (SCL) score, a numerical value assigned to each incoming email indicating its likelihood of being spam. An SCL score of 5 or higher typically signals to Microsoft 365 that an email is indeed spam, leading to its automatic placement in the junk folder.

Beyond SCL, Microsoft Defender for Office 365 employs advanced threat protection policies, including Safe Attachments and Safe Links. These features are designed to detect and neutralize malicious content. Recent observations suggest that Microsoft has updated its anti-spam policies, potentially incorporating new rulesets and more aggressive filtering techniques. This could explain why more legitimate emails are now facing junk placement or phishing flags, even if they previously delivered successfully.

One significant development noted is Microsoft's increased scrutiny of links within emails. They appear to be opening links in sandboxed browser environments, complete with JavaScript and possibly network access. This proactive scanning allows them to evaluate the linked content more thoroughly for suspicious behavior, but it can also inadvertently impact legitimate emails, especially those containing one-time or expiring links like password resets.

Phishing vs. junk

When Microsoft Outlook identifies an email as suspicious, it categorizes it as either junk or phishing. These classifications guide how the message is handled and what actions the user might take. Knowing the distinction is crucial for senders because it helps pinpoint the specific issues triggering the filters.

Junk (spam): These are unsolicited bulk emails, often promotional or advertising content that the recipient did not opt in to receive. Filters identify these based on content, sender reputation, and user complaints. When an email is marked as junk, it's typically moved to the Junk Email folder.
Phishing: These are malicious emails designed to trick recipients into revealing sensitive information, such as passwords or financial details. Phishing detection often involves scrutinizing links, attachments, sender identity, and deceptive language. Emails flagged as phishing pose a higher security risk and might be quarantined or receive prominent warnings.

Common reasons your emails get flagged

Several factors contribute to emails being marked as junk or phishing in Outlook 365. Understanding these common culprits is essential for diagnosing and resolving deliverability issues.

Sender reputation: Your domain and IP address reputation are paramount. If your sending IP or domain has a poor history, or if it's listed on a public or private blacklist (or blocklist), your emails are far more likely to be flagged. Factors like spam complaints, low engagement rates, and sending to invalid addresses can severely damage your reputation. Even if your emails pass authentication checks, a poor reputation can still land them in the junk folder, as observed in cases where Microsoft's Bulk Complaint Level (BCL) score is high.

Authentication issues: Proper email authentication is non-negotiable. Missing or misconfigured SPF, DKIM, and DMARC records are major red flags for email providers. These protocols verify that your email is legitimate and hasn't been tampered with. Failures in these checks often result in emails being sent directly to junk or flagged as phishing, even if the content is benign.

Content and formatting: The actual content of your email plays a critical role. Spam filters analyze text for common spam trigger words, excessive use of images, broken links, hidden text, or deceptive formatting. Phishing emails often use urgent or threatening language, generic greetings, and suspicious links, all of which filters are trained to detect. Even subtle issues, like embedding too many images, can increase the SCL score and push emails into the junk folder.

Strategies to improve deliverability

To ensure your emails reliably reach Outlook 365 inboxes, you need a multi-faceted approach addressing technical configurations, sender reputation, and content quality.

Strengthen email authentication: Ensure your SPF, DKIM, and DMARC records are correctly configured and aligned. This is fundamental for proving your emails are legitimate. Regularly monitor your DMARC reports to identify any authentication failures or unauthorized sending sources. For Microsoft 365, complying with their sender requirements is crucial for avoiding junk folder placement.

Maintain a healthy sender reputation: Focus on sending to engaged recipients. Regularly clean your email lists to remove inactive or invalid addresses, which can lead to bounces and spam trap hits. Encourage recipients to mark your emails as

not junk in Outlook and add you to their safe senders list. A higher engagement rate signals to filters that your emails are valued.

Optimize email content: Avoid characteristics commonly associated with spam or phishing. This includes excessive capitalization, unusual fonts, too many images without corresponding text, and suspicious-looking links. Ensure your subject lines are clear and avoid spam trigger words. Craft personalized and relevant content to boost engagement and reduce the likelihood of being marked as junk.

Content optimization checklist

Review subject lines: Avoid words like 'free', 'win', 'guarantee', and excessive punctuation. Keep them concise and descriptive.
Balance text and images: Don't rely solely on images; always include sufficient text content for filters to scan.
Clean HTML: Ensure your email's HTML is well-structured and free of errors or obfuscated code.
Legitimate links: Ensure all links point to reputable domains and are relevant to the email's content. Avoid redirects or shortened URLs where possible.

Advanced considerations and proactive measures

Beyond the fundamental steps, adopting advanced practices can significantly boost your deliverability to Outlook 365 and other major inboxes.

Regularly monitor blocklists: Being listed on an email blocklist (or blacklist) can severely impact your deliverability. Proactive monitoring blocklists allows you to identify and address listings promptly, initiating delisting processes if necessary. Keep in mind that Microsoft maintains its own internal blocklists in addition to consulting public ones.

Implement feedback loops: Register for Feedback Loop (FBL) programs with major ISPs, including Outlook.com's program. FBLs notify you when a recipient marks your email as spam, allowing you to promptly remove that subscriber from your list and reduce future complaints. High complaint rates are a significant negative signal for deliverability.

Adapt to link scanning behaviors: With Microsoft's increased link scanning, especially with JavaScript execution on destination pages, single-use links (like password reset tokens that expire after one click) are highly problematic. Consider restructuring processes so that links lead to an intermediate page requiring a user action (e.g., a submit button click) before the link expires. This ensures the link remains valid until the user genuinely interacts with it.

Views from the trenches

When facing deliverability challenges, it's easy to feel like you're alone. However, many email professionals share insights and strategies in online communities. Here's a glimpse into some of those discussions related to Outlook 365 junking and phishing flags.

A common topic revolves around the Spam Confidence Level (SCL) score. If an email has an SCL of 5 or higher, it is almost certainly going to be placed in the spam folder. Recent discussions suggest Microsoft may have recently updated its anti-spam policies or rulesets, leading to a noticeable increase in legitimate emails being flagged. This could be due to more aggressive filtering or a fix where spam that previously bypassed filters is now being correctly identified.

Another significant insight is Microsoft's new approach to link scanning. It appears they are deploying infrastructure that opens links in a sandboxed browser environment, allowing for full JavaScript and possibly network access. This enables them to analyze the content of linked web pages more deeply, moving beyond just the email content. This behavior has particularly impacted emails with single-use links, such as password reset emails, as the automated click by Microsoft's filters can expire the link before the user even receives the message.

Views from the trenches

Best practices

Always validate and configure your SPF, DKIM, and DMARC records to authenticate your sending domain.

Regularly monitor your domain and IP reputation using available tools and maintain a consistent sending volume.

Clean your email lists frequently, removing inactive or invalid addresses to prevent bounces and spam trap hits.

Common pitfalls

Sending emails with generic subject lines or content that heavily uses spam trigger words.

Using single-use or expiring links for critical actions like password resets, which can be broken by automated scanners.

Neglecting to monitor DMARC reports, missing critical authentication failures or unauthorized sending.

Expert tips

If using one-time links (e.g., password resets), design them to lead to an intermediate page where the user must perform an action, such as clicking a submit button, before the link expires. This ensures the link remains valid until a human interacts with it.

For transactional emails, prioritize clear, concise content that directly addresses the user's need, reducing the chance of misinterpretation by filters.

Consider implementing BIMI to display your brand logo in supported inboxes, further building trust and recognition with recipients.

Expert view

Expert from Email Geeks says that an SCL score of 5 or higher is essentially Microsoft's explicit declaration that an email is spam, and it will be moved to the junk folder according to standard Office 365 policies.

2025-01-23 - Email Geeks

Marketer view

Marketer from Email Geeks says they are seeing a significant increase in junk placement issues with Outlook 365 addresses this year, particularly with SCL scores of 5+, across multiple ESP products.

2025-01-23 - Email Geeks

Navigating Outlook 365 deliverability

Emails being marked as junk or phishing in Outlook 365 is a complex issue influenced by a combination of factors, from sender reputation and authentication to email content and Microsoft's evolving filtering policies. While it can be challenging, a proactive and systematic approach is key to improving your email deliverability. By focusing on strong authentication, maintaining a pristine sender reputation, optimizing your content, and adapting to new filtering behaviors, you can significantly increase the chances of your emails reaching the inbox.

Regularly reviewing your email program against these guidelines and staying informed about changes in major mailbox provider policies, like those from Microsoft, will help you navigate the complexities of email deliverability and ensure your messages consistently land where they belong: in the recipient's inbox.