Email: Messages Not Delivered to Inbox as Expected
Updated: 24 July 2020 03:14 PM
A message or mulitple messages you were expecting from a legitimate known external sender was never delivered to your Inbox. There are many reasons this may have occurred, but first we'll clear a few things up:
We occasionally come across a situation where employees tell us that someone sent them an email but it never arrived to their Inbox. Typically, we find that these messages are coming from an external organization using a custom domain and hosting services. When we investigate the reason for non-delivery, Exchange Online Protection has deemed to message to be suspicious due to poor configuration at the originating end (the sender domain).
We're going to get a little technical...
One of the 'bolted-on' DNS-based technologies referred to above is called SPF (Sender Policy Framework). Simply, this framework tells receiving mail servers (us) that a message did or did not originate (the sender) from an expected and approved IP address (a potential sign of spoofing or malicious activity). If an incoming message fails the SPF check, it is treated harshly by Exchange Online Protection. Failing this check identifies a message as possible spoofing and the message is often routed to a quarantine and not your Inbox - for your own and the institution's protection.
SPF is perhaps a bit confusing for some folks running small businesses and is therefore often overlooked when setting up their business domain and email services. However, it is a vital component in the fight against malicious email, and time should be spent setting it up properly based on the best practices of a hosting provider.
What can you do?
If you were expecting a message from someone and it did not arrive to your Inbox within a reasonable time frame (lets say 30 minutes to cover other potential unexpected delays in delivery), please contact firstname.lastname@example.org and state the exact sender email address and approximate date you were expecting to receive the message (we really need details here). Systems administrators will analyse the mail flow for you and identify the exact reason a message was not delivered.
We can release any quarantined message to your Inbox, but it is also entirely possible we will come back to you and say the sender does not have a properly configured SPF record on their domain. If this is the case, we cannot guarantee the future delivery of mail from that sender to your Inbox until they have resolved the issue at their end. The reason you did not receive the message has nothing at all to do with OCAD U 365 and everything to do with how they have configured things at their end. IT Services will never add these senders to any 'whitelist' that can bypass protections and put the institution at risk.
It is the sole responsibility of senders and domain owners to ensure they are following best practices in email delivery to protect their domain, brand, business interests, and reputation.