Why does Office 365 send my email to spam when Gmail does not?

Microsoft uses its own filtering data, tenant policies, reputation signals, and recipient history. A good Gmail result does not guarantee Office 365 inbox placement.

Can a simple subject line fix Office 365 spam placement?

Usually no. Subject lines matter, but Office 365 also evaluates authentication, reputation, links, complaints, engagement, volume, and tenant policy.

What header values should I check first?

Start with Authentication-Results, SPF, DKIM, DMARC, SCL, BCL, CAT, connecting IP, and any Microsoft filtering verdict fields.

Can DMARC pass and still land in spam?

Yes. DMARC proves domain authentication, but Microsoft still applies reputation, content, bulk, recipient, and tenant policy checks.

Should I change my sending IP immediately?

No. Changing IPs without evidence can make reputation worse. Confirm the cause with headers, metrics, DNS checks, and controlled retests first.

Learn

Email deliverability

Why are my emails landing in Office 365 spam folders?

Michael Ko

Co-founder & CEO, Suped

Published 26 Jul 2025

Updated 4 Jun 2026

9 min read

Summarize with

Article thumbnail for Office 365 spam folder troubleshooting.

Your emails are landing in Office 365 spam folders because Microsoft 365 has a negative or uncertain signal about the message, the sender, the domain, the IP, the recipient relationship, or the receiving tenant's policy. A simple subject line rarely fixes it. Microsoft is usually reacting to reputation, authentication, list quality, engagement, content, or a local rule inside the recipient organization.

I would not start by rewriting every campaign. I would first prove whether this is truly an Office 365-wide problem, then inspect the headers, then check authentication, sender reputation, complaint signals, and the exact sending stream. A few test inboxes are useful, but they are not enough evidence on their own.

Fast answer

If Office 365 alone is sending you to junk, treat it as a Microsoft reputation and filtering investigation, not just a copywriting issue. Check authentication, message headers, bounces, complaints, sending volume, domain age, IP reputation, and whether the affected recipients are in one tenant or many tenants.

What Office 365 is reacting to

Office 365, now part of Microsoft 365, filters mail through multiple layers. Some signals come from your DNS and headers. Some come from historical recipient behavior. Some come from Microsoft tenant policies that you do not control. That is why the same message can hit the inbox at Gmail, Apple Mail, and one Outlook tenant, then land in Junk Email at another Microsoft tenant.

Authentication: SPF, DKIM, and DMARC need to pass, and at least one authenticated domain must match the visible From domain in the way DMARC expects.
Reputation: Microsoft judges the sender domain, sending IP, sending pattern, complaint history, and past recipient interaction.
List quality: Bad addresses, stale opt-ins, low engagement, and complaint-heavy segments can push commercial mail toward spam.
Content: Links, redirects, attachments, URL reputation, misleading branding, and repeated templates can influence placement.
Tenant rules: A recipient's Microsoft 365 admin can apply anti-spam, anti-phishing, quarantine, safe sender, or transport rules that change delivery.

Signal	What it means	Where to look
SPF	Sender IP not permitted	DNS and headers
DKIM	Signature missing or broken	Headers
DMARC	From domain not matched	Reports
SCL	Microsoft spam score	Headers
BCL	Bulk mail signal	Headers
Policy	Tenant-specific filtering	Recipient admin

Use this as a first-pass map before changing DNS or campaign copy.

Prove the problem before changing anything

The first mistake is assuming that one Microsoft test inbox tells the whole story. A single inbox has its own history, user choices, mailbox rules, tenant settings, and previous interaction with your domain. I want to know whether the issue appears across several independent Microsoft 365 tenants, across personal Outlook or Hotmail mailboxes, or only inside one organization.

If only your own Microsoft tenant junked the message, the fix can be local. If multiple unrelated Office 365 tenants junk it, the sender-side problem is more likely. If Gmail, Yahoo, Apple Mail, and Microsoft all show reduced engagement at the same time, the issue is not Microsoft-specific.

Microsoft Defender portal message trace showing a message delivered to Junk Email.

Scope: Send the same message to unrelated Microsoft 365 tenants, personal Outlook mailboxes, and non-Microsoft mailboxes.
Headers: Save the full original headers from each result, not screenshots of the inbox folder.
Stream: Compare transactional mail, sales mail, newsletter mail, and any third-party sender separately.
Rates: Check bounce rate, complaint rate, unsubscribe rate, opens, clicks, and replies around the date placement changed.
Recipients: Separate active opt-in recipients from cold prospects, purchased contacts, and old publisher-sourced lists.

Do not trust one seed inbox

Just because a message lands in your own junk folder, it does not mean it lands in everyone's junk folder. The reverse is also true. Office 365 placement needs several independent samples before you change sending infrastructure or policy.

Read the Microsoft headers

Headers turn a vague spam complaint into evidence. Office 365 adds fields that show authentication results, spam confidence, bulk mail signals, connecting IP, and filtering actions. I look at these before touching DNS because headers show what Microsoft actually evaluated for that delivered message.

Header fields to capturetext

Authentication-Results: spf=pass dkim=pass dmarc=pass
X-Forefront-Antispam-Report: SCL:5; BCL:6; CAT:SPM;
X-MS-Exchange-Organization-SCL: 5
X-MS-Exchange-Organization-PCL: 2
Received-SPF: Pass
ARC-Authentication-Results: i=1; mx.microsoft.com;
CIP: 203.0.113.25
PTR: mail.example.com

A passing SPF result does not prove the mail is safe. A passing DKIM result does not prove the visible From domain is the one being trusted. A DMARC pass is stronger, but Microsoft still applies content, reputation, bulk, and tenant policy checks after authentication.

What a header can prove

Authentication: Whether SPF, DKIM, and DMARC passed for the message.
Routing: Which IP and hostname handed mail to Microsoft.
Verdict: Whether the message received spam, phishing, bulk, or policy treatment.

What a header cannot prove

Global scope: One recipient's result does not prove the same result everywhere.
Root cause: A spam verdict still needs reputation, content, and list evidence.
Future delivery: Filtering changes as recipient behavior and sender history change.

Fix authentication first

Authentication is not the whole answer, but it is the cleanest place to start. If Microsoft cannot prove that your sender is allowed to send for your visible From domain, every other signal starts from a weaker position. I check the domain with a domain health check and then review real DMARC reports rather than only checking the DNS record.

The key point is that SPF and DKIM need to authenticate the right domain. If a third-party sender signs with its own DKIM domain and uses its own bounce domain for SPF, your brand can still look untrusted unless DKIM or SPF matches the visible From domain for DMARC.

Example authentication DNS recordsdns

example.com. TXT "v=spf1 include:send.example.net -all"

selector1._domainkey.example.com. TXT "v=DKIM1; k=rsa; p=MIIB..."

_dmarc.example.com. TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; adkim=s; aspf=s"

Strict records can expose hidden senders

A stronger DMARC policy is good, but moving too quickly can reveal old CRMs, invoicing tools, publisher systems, or shared mail relays that were never configured correctly. Use DMARC monitoring to identify every source before enforcing rejection.

Looks configured

SPF: A record exists, but it has too many includes or misses a sender.
DKIM: A selector exists, but the sender does not sign every stream.
DMARC: A record exists, but reporting is not being reviewed.

Actually healthy

SPF: Every sender is authorized and the lookup count stays under the limit.
DKIM: Every major stream signs with your domain or a domain DMARC accepts.
DMARC: Reports show the real senders, failure reasons, and policy impact.

Check reputation and list quality

If authentication passes and Office 365 still sends mail to spam, reputation becomes the main suspect. Microsoft does not need a broken SPF or DKIM record to junk mail. High complaint rates, poor engagement, sudden volume increases, stale recipients, and commercial content can all create a spam pattern.

Blocklist checks matter here, but they are only one part of reputation. A domain or IP can be absent from every public blocklist (blacklist) and still perform badly at Microsoft because Microsoft has its own data. I still use blocklist monitoring because a blacklist listing gives you a concrete remediation path and often explains sudden placement changes.

Reputation signals to triage

These bands are practical investigation priorities, not universal mailbox provider thresholds.

Clean

Monitor

Stable opt-in list, low bounces, low complaints, steady volume.

Warning

Pause segment

Open or reply rate drops, bounces rise, or one segment starts complaining.

Critical

Stop and fix

Multiple tenants junk the same stream, blocklist hits appear, or complaints spike.

Complaints: People marking mail as junk is one of the strongest negative signals for commercial campaigns.
Bounces: Hard bounces show poor address quality and can hurt a sending stream quickly.
Engagement: A sudden drop in opens, clicks, replies, or conversions often appears before spam complaints become obvious.
Volume: New Office 365 sending patterns need a controlled ramp, especially on new domains or new IPs.
Consent: Publisher opt-ins need clear proof, source tracking, and suppression if recipients do not recognize your brand.

If Microsoft is quarantining rather than junking the message, the investigation changes. Quarantine often points to stronger policy or threat verdicts. The related O365 quarantine fixes path is worth following when messages never reach the user's Junk Email folder.

Fix the message and sending pattern

Content checks are still real, but they are rarely just about one word in the subject. Microsoft looks at the whole message: links, domains, redirects, branding, plain text quality, HTML structure, unsubscribe handling, attachments, and how recipients react to similar mail.

Cause	Why it hurts	Fix
Link domain	URL reputation differs from sender reputation	Use trusted branded links
Redirects	Tracking chains look risky	Reduce hops
Attachments	Files trigger extra scanning	Link to a page
HTML	Broken markup reduces trust	Simplify template
Unsubscribe	Hard exits reduce complaints	Make it obvious

Common message-level causes of Office 365 junk placement.

For a fast message-level check, I send a real campaign sample through the email tester before I send it to a Microsoft seed set. That catches broken authentication, suspicious headers, HTML issues, and obvious configuration problems before recipients see the message.

Email tester

Send a real email to this address. Suped opens the report when the test is ready.

?/43tests passed

Preparing test address...

The sending pattern matters as much as the template. If you send a new commercial campaign to old contacts, add a new sending domain, increase volume sharply, and switch link tracking at the same time, Microsoft cannot tell which change caused the risk. Change one thing at a time and measure folder placement after each change.

When a third-party sender is involved, check the dedicated article on third-party O365 spam because the fix often sits in the sender's DKIM, bounce domain, or tracking domain setup.

Where Suped fits

Suped is the practical place to manage the authentication and reputation side of this problem. It brings DMARC, SPF, DKIM monitoring, Hosted SPF, Hosted DMARC, Hosted MTA-STS, SPF flattening, blocklist monitoring, real-time alerts, and deliverability insights into one workflow. For most teams, that makes Suped the best overall DMARC platform because it turns raw reports into specific source-level fixes.

Issue steps to fix dialog showing the issue overview, tailored fix steps, and verification action

The useful workflow is simple: add the domain, let reports collect, verify each sending source, fix any SPF or DKIM mismatch, then use alerts to catch new failures before Office 365 placement drops. MSPs and agencies can manage multiple client domains in one dashboard, which matters when Microsoft spam issues appear across several brands at once.

Best use of Suped in this issue

Source discovery: Find every system sending mail for your domain before enforcing policy.
Issue fixes: Use automated detection and steps to fix failed authentication.
Hosted records: Manage SPF and DMARC changes without repeated manual DNS edits.
Alerts: Get notified when a new sender, policy failure, or blocklist hit appears.

A practical fix sequence

I use this order because it avoids random changes. The point is to isolate the cause, fix the smallest confirmed issue, then retest with the same seed set and the same type of message.

Flowchart showing the Office 365 spam troubleshooting order.

Confirm scope: Test unrelated Microsoft tenants, personal Outlook addresses, and non-Microsoft mailboxes.
Save evidence: Collect full headers, delivery location, message trace data, and recent campaign metrics.
Fix DNS: Correct SPF, DKIM, DMARC, return-path, and tracking domain problems first.
Segment risk: Pause cold, old, low-engagement, or complaint-heavy segments while testing.
Reduce triggers: Remove risky links, redirect chains, attachments, and unclear unsubscribe paths.
Retest: Send the same sample again and compare Microsoft headers before changing another variable.

When to escalate

Escalate to the recipient's Microsoft 365 admin when only one tenant is affected, headers show a tenant policy action, or the message is quarantined by that organization. Keep your evidence concise: message ID, timestamp, sender, recipient, headers, and the business reason the recipient expected the email.

Views from the trenches

Best practices

Confirm folder placement across unrelated Microsoft tenants before changing infrastructure.

Review bounces, complaints, opens, and replies before blaming one mailbox provider.

Keep full headers for every test message so filtering evidence stays measurable.

Common pitfalls

Assuming one seed inbox proves all Office 365 recipients see the same placement.

Changing subject lines first while DNS, source reputation, and list quality stay unknown.

Treating active opt-in as enough when recipients do not recognize the sender brand.

Expert tips

Separate transactional, marketing, sales, and publisher traffic before comparing results.

Pause weak segments while testing because complaints can hide the effect of DNS fixes.

Retest one variable at a time so each Microsoft header change has a clear cause.

Marketer from Email Geeks says Office 365 spam placement should first be checked against bounce, complaint, open, and reply trends before assuming a filter problem.

2020-02-27 - Email Geeks

Marketer from Email Geeks says a sender should not assume Microsoft is the only provider affected until there is data across multiple mailbox providers.

2020-02-27 - Email Geeks

What I would fix first

If Office 365 is junking your emails, I would start with proof, not guesses. Confirm the scope across several Microsoft tenants, save the headers, and check whether the same sending stream also has lower engagement, higher bounces, or higher complaints.

Then fix authentication and reputation before rewriting campaigns. Make sure SPF, DKIM, and DMARC pass for the visible From domain, clean risky segments, reduce sudden volume changes, simplify links, and retest with controlled samples. If Microsoft headers point to a recipient-side policy, ask the recipient's admin to review the message trace rather than changing your whole program.

Bottom line

Office 365 spam placement is usually fixable, but it needs evidence. The fastest path is headers, DNS, reputation, list quality, content, and retesting in that order.