Microsoft is investigating an Exchange Online issue causing legitimate emails to be incorrectly quarantined as phishing attempts due to an overly aggressive URL filtering rule.
Microsoft Exchange Online is currently misidentifying legitimate emails as phishing attacks, causing widespread disruption for organizations relying on the platform. The issue began on February 5th and continues to affect customers globally, with Microsoft confirming it's actively investigating the problem.
"Some users' legitimate email messages are being marked as phish and quarantined in Exchange Online," Microsoft stated in an official service alert. The root cause appears to be an updated URL filtering rule designed to combat sophisticated phishing techniques. This security enhancement accidentally flagged valid URLs as malicious, causing corresponding emails to be automatically quarantined.
According to Microsoft's incident report: "An updated URL rule intending to identify more sophisticated spam and phishing email messages is incorrectly quarantining legitimate email messages in Exchange Online, resulting in impact." While the company hasn't disclosed affected user counts, it classified this as a high-impact incident due to its effect on business communications.
Practical Implications and Mitigation Steps
For affected organizations:
- Check quarantine folders daily: Legitimate emails might be trapped there instead of reaching inboxes
- Release critical messages: Use the Exchange admin center to manually release falsely quarantined emails
- Monitor delivery status: Track important communications through alternative channels until resolution
- Report false positives: Submit misclassified messages to Microsoft via the Report Message add-in
Microsoft engineering teams are working to release quarantined messages while refining the problematic URL detection logic. "We're reviewing the release of quarantined messages for affected users and working on confirming legitimate URLs are unblocked," the company noted. Some users have already seen previously blocked messages delivered.
Pattern of Filtering Challenges
This isn't an isolated incident. Similar Exchange Online filtering errors occurred:
- March 2025: Anti-spam systems quarantined legitimate emails
- May 2025: Machine learning model incorrectly flagged Gmail messages as spam
- September 2025: Anti-spam bug blocked URLs and quarantined emails
These recurring issues highlight the challenge of balancing security with accessibility in email filtering systems. As phishing techniques evolve, security vendors must continuously update detection mechanisms - sometimes with unintended consequences.
Microsoft advises administrators to monitor the Service Health Dashboard for resolution updates. Until full remediation, organizations should implement secondary verification for critical communications and maintain alternative contact methods for time-sensitive correspondence.
Comments
Please log in or register to join the discussion