Emails getting lost without a trace is uncommon, but it can happen. Sometimes, you send an email campaign to your contact list, but an intended recipient doesn't receive the email. Your logs show that the email was delivered and accepted by the receiving mail server, yet it's nowhere to be found in the recipient's inbox or spam folder. And when you check, there was no bounce either, showing that the email was indeed received. So, what could be causing this?
1. When does this happen?
In most cases, this happens when a mail server accepts the email, but then anti-spam filters perform additional checks. This situation is most common with business domains because these systems provide email and IT teams with more configuration options than you get with personal email services.
2. Why does this happen?
Emails to business domains can be quarantined, meaning they are held back by the email filter, instead of being delivered to the recipient's mailbox or spam folder. This allows email and IT teams to monitor potential email spam or phishing attacks, and modify their security rules. Business email anti-abuse and security filter rules can be highly customized, even at the mailbox level. Therefore, an email might be rejected and quarantined for one recipient within the same organization, while others might receive it without any issues.
I asked a colleague of mine to provide me with some samples of quarantined messages from Microsoft 365 Defender tool and here are some common examples:
DetectionMethods | ConfidenceLevel | EmailAction |
{"Phish":["Impersonation domain"],"Spam":["Advanced filter"]} | {"Phish":"Normal","Spam":"Normal"} | Send to quarantine |
{"Phish":["URL malicious reputation"]} | {"Phish":"High"} | Send to quarantine |
{"Phish":["Mailbox intelligence impersonation"]} | {"Phish":"Normal"} | Send to quarantine |
{"Phish":["URL detonation reputation"]} | {"Phish":"High"} | Send to quarantine |
{"Phish":["File detonation reputation"],"Spam":["Advanced filter"]} | {"Phish":"High","Spam":"Normal"} | Send to quarantine |
{"Phish":["URL detonation reputation"],"Spam":["Advanced filter"]} | {"Phish":"High","Spam":"Normal"} | Send to quarantine |
{"Phish":["Impersonation user"]} | {"Phish":"Normal"} | Send to quarantine |
Email message patterns that trigger the "DetectionMethods" above with a "ConfidenceLevel" "Normal" or "High" will end up being quarantined and will not appear in the mailbox.
Explanations for some of these detection methods can be found online, like in this case where Microsoft explains what "URL detonation" means.
One crucial aspect to keep in mind is that these email filters can be triggered simply by sending yourself test emails, particularly if your email filters are configured to prevent phishing attacks. It's likely that your marketing and transactional emails will be sent using a subdomain of your organizational domain. For example, you might send a test email from sender@sub.domain.com to your own address name@domain.com. If you haven't informed your email or IT team to trust your marketing/transactional subdomain, your company's email filter may view these test emails as suspicious, and quarantine them.
3. What can I do about this?
3.a) Confirm delivery status:
Check your bounce and delivery reporting with your Email Service Provider (ESP) to verify that messages are delivered. If in doubt, check with your ESP Deliverability Support team. If messages show as bounced, this could indicate a larger underlying issue. However, if your delivery reporting does not show bounces (indicating delivery success), proceed with the next steps.
3.b) If missing emails are in your organization:
Contact your IT staff responsible for mail administration within your organization. They can help locate the quarantined message, explain what triggered the quarantine, and help explain what needs to happen to resolve the issue. Provide them with the following information:
From: sender@sub.domain.com - the email address that was used to send the message that was lost;
To: name@domain.com - the destination email address where the message should have landed but, is missing;
Subject Line of the missing email(s);
3.c) If a customer or other recipient complains about not receiving emails:
Ask the recipient to contact the IT staff responsible for mail administration within their organization. They should provide the following details to their IT staff:
- From: sender@sub.domain.com - the email address that was used to send the message that was lost;
- To: name@example.com - the destination email address where the message should have landed but, is missing;
- Subject Line of the missing email(s);
4. Help, the quarantined message cannot be found!
There may be various tools that cause similar issues out there, but all of them should have appropriate documentation on how to perform similar lookups.
Here are the two most common ones:
How to find and release quarantined messages using Google Workspaces
How to manage quarantined messages using Microsoft 365
5. We found the quarantined email, what is next?
What is next highly depends on your organization's security policy. Here are some options that should be considered:
a) Add the sender address to the "safe senders list", which would allow the sender to bypass additional mail filtering by default;
b) Review your email content and locate any of the content blocks that may trigger quarantine rules;
c) Collaborate with Deliverability Support staff from your ESP to understand what can trigger quarantine rules;
I hope this article has been helpful in resolving your email delivery issues.
If you have a similar issue but, it is related to free mailbox providers or you just want to get more information about the topic, please proceed to this article: