Solved Internal Email Forwarded To Outlook Junk

A colleague got me involved in an interesting case recently. When one Microsoft 365 user emailed another, the message was automatically forwarded to the recipient’s Junk folder. Both mailboxes were in the same tenant and had primary email addresses in the same domain. Since the messages were from an internal sender to an internal recipient, none of the email perimeter protection mechanisms should have been engaged.

I verified nothing was flagging or scoring the messages. Exchange’s message trace system showed the email being delivered to the recipient’s inbox. There were no flags or indicators of re-direction in the message’s header. To me this indicates the issue was happening after the message reached the recipient’s mailbox.

To make a long story short, I opened OneNote and jotted down a list of everything I could think of that had the ability to direct a message to the junk folder. On that list I included “native phone apps”. I decided this was the next thing to check. I logged on to the Microsoft 365 Azure Active Directory Admin Console and checked the sign-in logs for the user. Sure enough, I could see that the Samsung Mail App was authenticating on a regular basis.

The Samsung Email app has its own SPAM and rules engine just like Outlook does. Open the app, click the menu button, then settings, scroll down and you will find SPAM settings. Lo-and-behold, the sender’s email address was in the blocked list.

If you’re struggling to understand how your messages are moving around when there are no rules in Outlook and your security systems aren’t interfering, check for native phone apps. There are more of these out there than you might think. Smartwatches, phones, tablets, even smart cars have native email apps capable of their own rules and settings. These application’s actions are not always immediately evident in message logs and tracing.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s