DRACOON cloud status:

Now available:  Two-step authenticationLearn more

Articles in this section

PROBLEM: Emails from DRACOON are not delivered because they are wrongly misclassified and blocked as phishing emails by Microsoft 365

  • Updated
Follow

Problem

If you use Microsoft 365 as an email service in your organization and have not set a CNAME DNS record for your DRACOON environment, your users may not currently receive emails from your DRACOON environment.

This is the case for DRACOON scenarios such as invitation emails for newly added users, password reset emails, and notification emails for specific events (for example, email notifications for recently uploaded files).

Affected are emails with links to the domains dracoon.cloud or dracoon.team. This is the case if you have not set your own CNAME DNS record for your DRACOON environment. 

Cause

Emails sent by DRACOON are currently wrongly classified by the Microsoft 365 mail service as phishing emails with supposedly malicious links, automatically moved to your organization's email quarantine, and not delivered to recipients.

In fact, emails from DRACOON are harmless emails with harmless links that just refer to your DRACOON environment.

Solution

Assign a CNAME DNS record for your DRACOON environment. As a result, emails from DRACOON will no longer contain the problematic domains dracoon.cloud or dracoon.team but instead the domain name specified by you in your CNAME DNS record, such as dracoon.ourcompany.com.

Restore previously blocked emails

Individual affected users, unfortunately, have no way to mark emails from DRACOON as secure (in Outlook, for example) to receive them successfully.

Currently, the only solution is for your organization's mail administrator to periodically unblock blocked emails from the mail quarantine, resulting in the instant delivery of these messages to your recipients.
To do this, proceed as follows:

  1. First, log in to the Microsoft 365 Admin Center with an administrative account.
  2. In the left navigation bar, in the Admin Center section, click Security Center / Microsoft 365 Defender. If the entry is not visible, you can expand the navigation bar by clicking Show All.
  3. In Microsoft 365 Defender, in the left navigation bar, click Email & Collaboration, click Review in the navigation bar, and then click the Quarantine box on the right side of the page.
  4. Under Quarantine, all emails are displayed that have been automatically filtered out and are therefore in quarantine. Filter the email list by the sender address noreply@dracoon.email.
  5. Select all the displayed emails (the easiest way is to click the top checkbox in the table header), and then click Release in the toolbar. 
  6. The "Release email to recipients' inboxes" dialog box appears. We ask you to select the Send message to Microsoft to improve detection (false positive result) checkbox. This will increase the likelihood that emails from DRACOON will not be filtered out by Microsoft as supposed phishing in the future.
    Finally, click Release message at the bottom of the dialog box.
  7. The selected emails will be removed from quarantine and delivered to your recipients immediately.
  8. Repeat steps 4–7 for the sender address support@dracoon-server.zendesk.com. If you have been using DRACOON for some time, there will probably be no emails quarantined for this sender address.

We are actively in contact with our email service provider Retarus as well as with Microsoft to permanently eliminate the misclassification of DRACOON emails.

Related articles

Comments

0 comments

Article is closed for comments.