The Foxy forums are on the move!

We're in the process of moving our forums over to a new system, and so these forums are now read-only.
If you have a question about your store in the meantime, please don't hesitate to reach out to us via email.

Email Receipts: "This sender failed our fraud detection checks "

Hi,

Our receipts are being sent to Junk Mail - message: This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing

We use Office 365 (Exchange online)... this is very worrying as we also had lots of customers today contact us regarding missing emails receipts.

Can you help please?

Kind regards
Comments
  • brettbrett FoxyCart Team
    @BLJ, can you whisper me an ID for a customer who reported this to you? We follow the best practices to send mail, and have a nearly 100% sender reputation.

    That said, it looks like Outlook might have just updated their DMARC settings, which is an additional (and more strict) anti-spam/anti-phishing standard.
    More info here:
    https://wiki.foxycart.com/v/2.0/emails#how_emails_are_sent_spf_dkim_dmarc_etc

    We'll dig in, but one thing you could try right now is to do the "enable email DNS" checkbox in your advanced settings, and add the include bit to your current SPF record. Then resend some receipts (which you can do from your transactions page) and see if it helps.

    We'll start testing on our end as well.

    (In case it's not clear: I think the issue is that Outlook is saying "We know your domain is using Outlook to send mail, and we know Outlook didn't send this mail that says it's from your domain, so we're going to reject it. We'll confirm and see what workarounds exist.)
  • Hi Brett, sorry delayed response... I've added the DMARC DNS record... would you like me to do anything else?

    Thanks again
  • brettbrett FoxyCart Team
    Note to anybody stumbling on this thread later: There are whispers that aren't public, so if the continuity of this thread is weird, that's why.

    @BLJ, thanks for configuring the advanced DNS settings. We've done a little testing on our end with an Office365 account, and we can't get the same message to happen (with or without the advanced DNS setting). I'm wondering about 2 things.

    1: Do you have custom spam or security settings on your domain, at this url: https://protection.office.com/#/antispam (check both tabs)
    1: Do you have anything else custom in your mail filtering?

    Also, if you could view the source (right click from the Outlook online, on the message in the left preview pane, and click "view message details") for one of the problem emails (preferably one with the "This sender failed our fraud detection checks" message), and paste it into a whisper to me so I can see the headers, that'd be great.

    You can also paste the source (headers) into the "message analyzer" tab here:
    https://testconnectivity.microsoft.com/
Sign In or Register to comment.