Microsoft Office 365 Affecting Mail Flow

Incident Report for Mailprotector

Postmortem

On Tuesday, October 11, inbound email delivery to some Microsoft Office 365 domains was delayed between several minutes and 24 hours. Investigating the issue, Mailprotector determined that Microsoft was dealing with a high-risk email threat and graylisted two of Mailprotector’s transport IP addresses.

Microsoft has confirmed they made changes to the email perimeter on Tuesday due to a spike in connection volume they observed across all sending environments. The spike in volume was not specific to Mailprotector’s IP addresses but rather a more global change. Microsoft would not provide specifics, but the description aligns with some denial-of-service attacks.

Unfortunately, Mailprotector’s two IP addresses were caught in the changes made by Microsoft. Microsoft expects no anticipated repeat of this situation, and no guarantee of trusting Mailprotector IP addresses could be made.

However, Microsoft also confirmed that Inbound Connectors would help bypass the type of changes made on Tuesday and should prevent the excessive delays experienced by some domains. Therefore, Mailprotector recommends adding the Inbound Connector to all Exchange Online deployments. Documentation will be updated to reflect the new best practice considerations.

Posted Oct 17, 2022 - 11:04 EDT

Resolved

The graylisting by Microsoft appears to have stopped last evening, and this morning's logs show the expected mail flow. The issue is considered resolved.

However, Microsoft may change the perimeter behavior in the future. Mailprotector recommends implementing the Inbound Connector for domains in Microsoft Office 365. If you have further questions, please open a support request at https://support.mailprotector.com/hc/en-us/requests/new

Posted Oct 12, 2022 - 12:20 EDT

Update

Microsoft appears to have changed the Exchange Online perimeter, which may have introduced graylisting behavior. Microsoft's Exchange Online Advisory EX444758 is believed to be the reason for the changes. The start time of the advisory is 9:40 AM which coincides with email delivery delays appearing in Mailprotector's logs.

Mailprotector has not changed or altered any email delivery operations. The email delays are the result of Microsoft changing the behavior of the Exchange Online perimeter.

Any domain still impacted by Microsoft's changes today should implement the Inbound Connector for Mailprotector. The KB article that provides the information to implement the connector is found at https://support.mailprotector.com/hc/en-us/articles/115005484203-Office-365-Inbound-Connector.

Please configure the Inbound Connector and ensure it is enabled. Mailprotector will update recommendations and documentation to emphasize the importance of using the Inbound Connector. The connector will provide additional trust information to Microsoft and reduce the chances of delaying email.

Posted Oct 11, 2022 - 17:42 EDT

Update

Microsoft has "grey listed" some of Mailprotector's inbound transport IP addresses, causing mail delivery delays. The team is working diligently with Microsoft to understand why the addresses have been grey-listed and request status removal.

Partners trying to improve mail flow can implement the inbound connector to the tenant. The inbound connector is not a resolution but can enhance the trust between Mailprotector and Microsoft's Exchange perimeter. Please use the following link for the connector KB article.

https://support.mailprotector.com/hc/en-us/articles/115005484203-Office-365-Inbound-Connector

Posted Oct 11, 2022 - 15:24 EDT

Monitoring

We are receiving reports that a Microsoft Office 365 issue is delaying email delivery. Emails are being queued at Mailprotector.

Emails are automatically retried using an exponential backoff method. Once Microsoft's service issue has been resolved, emails will automatically be delivered.

Mailprotector is continuing to monitor updates from Microsoft for more information.

Posted Oct 11, 2022 - 13:17 EDT

This incident affected: Service Announcements.