Skip to main content
All CollectionsGetting started with usecureEmail delivery on Microsoft 365
Prevent your emails from being caught in Microsoft 365 quarantine
Prevent your emails from being caught in Microsoft 365 quarantine

Find out how to allow-list platform emails to bypass the M365 quarantine.

Courtney Leacock avatar
Written by Courtney Leacock
Updated over 6 months ago

Microsoft 365 quarantines some emails automatically.

To prevent your system emails (e.g. course enrolments) from being stuck in M365 / Exchange quarantine, you can use an email header to allow-list your platform emails.

IMPORTANT NOTE: This method previously worked for phishing simulations. However Microsoft now block quarantine bypass mail flow rules on any email flagged as a "High Confidence Phish". Microsoft introduced Advanced Delivery to help ensure delivery of phishing simulations, you can find instructions to set that up here.

Note: This will not stop your platform emails from going into the Spam or Junk inbox, but will only stop them from being stuck in the M365 quarantine.

To do this, you will need to:

To make the rule more robust and certain to work, you should also:

How to add an email message header to use in allow-listing

1. Go to Platform Settings -> Email -> Email Allowlisting

2. Toggle the 'Enable email message header' switch to the ON position.

3. Configure the email header. Your new header will need a name and a value.

  • Header Name - This is pre-populated but you can change it if you wish. It must start with “X-” and only contain letters, numbers and dashes.

  • Header Value - Generate a header value by using the “Generate Random Code” button. You can also type your own, but the header value must not contain any whitespace e.g. spaces, tabs etc.

4. Click Save to complete setup. The header name and value will now be added to the metadata for all emails sent from the platform.

Next, you will need to add exceptions for the header name and value in your Microsoft 365 settings.


How to set up a mail flow rule to bypass spam and quarantine filtering in Microsoft 365

1. Open Exchange Admin Center and go to Mail Flow -> Rules

2. Click on the option + Add a rule dropdown and select Create a new rule.

3. Enter a name for your rule and under Apply this rule if... select The message headers... and in the next field select includes any of these words.

4. Click on Enter text...

5. In the window that pops open, enter the header name you set in your platform settings and click OK.

6. Click Enter words...

7. Enter the header value you set in your platform settings into the field and click on Add to add it to the list. Then click OK to update the condition.

8. Under Do the following select Modify the message properties and in the second field select the option Set the spam confidence level (SCL) to...

9. In the pop-up window where it says specify SCL, select the option Bypass spam filtering.

10. Click on the plus (+) icon to add an action and select Modify the message properties... -> set a message header

11. Click the first Enter text link and enter the below into the message header field before clicking OK

X-MS-Exchange-Organization-BypassClutter

12. Click the second Enter text link and enter “true” in the message header field then click Save.

13. Review your rule to ensure it is correct.

14. Click Next to ensure the rule mode is set to Enforce and click Next to finish creating your mail flow rule.

15. Review the rule set up and click on Finish.

You should also add an IP address rule to help ensure your whitelisting works correctly.


How to add an IP address condition to your Microsoft 365 quarantine bypass rule

For a more robust bypass rule you can restrict it to emails sent from the usecure mail server IP addresses. This is more likely to ensure that your emails always get delivered.

1. Select your bypass rule in Exchange Admin Center and click the edit button (pencil).

2. Click the plus sign (+) to add a condition.

3. Select The sender… -> IP address is in any of these ranges or exactly matches

The “specify IP address ranges” window should open automatically. If it doesn't, click Enter IPv4 or IPv6 addresses...

4. Paste each of the IP addresses below into the field

  • 198.21.6.191

  • 168.245.56.242

  • 99.80.168.14

5. Click Save to add the IPs.

6. Now click Save to finish adding the IP address condition to your mail flow rule.

Did this answer your question?