How to make sure False Positive Email are not getting blocked by O365 ?

This post is created by my friend and colleague Santosh Poojari. He is working Cloud Partner Services along with me. Santosh is an SME in FOPE. Enjoy the post.


Emails can we blocked by Anti-Spam application for number for reason, to list some reason:

1)     Bulk emails

2)     If IP address sending the email is in list of bad IP address

3)    Blacklisted email address.

and this list can go on, but has an administrator we have to ensure that because of this odd reason we have to ensure our end users receives all genuine email. So how to achieve the same.


Here I would share best practice in Exchange Online Protection to ensure your email is not blocked because of Anti-Spam filters. In Exchange Online Protection Anti-Spam works

1)   Connection Filtering: The SPAM filter check for the connecting IP address in allowed or block list. Please find the attached screenshot how to allow IP address in EOP.

a)    Login to Exchange Admin Center è Protection Link è Connection Filter è Click on Pencil (Edit Mode)

b)     To Allow IP address click on connection filtering è Add the Connecting IP address of the sending domain to the allow list, you can specify individual IP address (format: ) or a range if IP address (format:



Connection level of filtering is the best way to prevent genuine email to get blocked in domain level. But in some scenarios we would not go with connection filtering and wanted to white-list using sender domain or white-list using sender email address, same can be achieved using “Transport Rule”

We would talk more about Content filtering and Transport Rule to override the Content and Connection filtering set at domain level.

Comments (4)
  1. Anonymous says:

    I am introducing "How to" series for new Office 365, aka Wave 15. You will see few guest writers

  2. Leo Jacob says:

    What I want is an article on IP-based email blocking, and why it should be outlawed. It is not done in the interests of the end-users, but to restrict load on mail servers provided by giants like Apple, Microsoft, Google. We should demand our email is
    delivered, and use Interpol to get the spammers. If it means we have to pay for email, then that would probably be a good thing.

  3. rabelani says:

    I have email from certain domain that are getting blocked on office 365.i have released those email on quarantine and marked the as false positive . I have also add the email address to the safe sender list
    I have also check the transport rules the are okay .can you please advise what could be the problem that causing the email domain being blocked

    1. Hello Rabelani
      We need to check the headers to see what is making the messages to come in as SPAM
      The logic is its Connection Filtering –> Transport Rules —> Content filtering.
      The Headers should reveal the info

Comments are closed.

Skip to main content