Office 365 is categorizing all Bitwarden emails as a phishing attempt

I have submitted them to MS, and added the "[email protected]" address to the safe senders list, but this is not best practices. If that email is spoofed, basically anything can get in, and spoofing that email seems like it could be a pretty high value target.

A search of the forums has some other examples of users not getting invite or confirmation emails as well.

1 Like

I opened an issue at server level to easily track it :

Currently, Microsoft is marking some of our emails as possible phishing messages. We have reported this to Microsoft and are waiting on a response. In the meantime, please check your Quarantine. https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/find-and-release-quarantined-messages-as-a-user

You may want to add a rule to your Quarantine settings to allow emails from bitwarden.com until the issue is resolved.

I signed up for a new account yesterday. Same thing is happening on my Outlook.com premium account so Exchange Online Protection appears to be doing the same thing.
SPF and DKIM both pass

BCL:0;
X-Microsoft-Antispam-Mailbox-Delivery abwl:0;wl:0;pcwl:0;kl:0;iwl:0;dwl:0;dkl:0;rwl:0;ucf:0;jmr:0;ex:0;auth:1;dest:J;OFR:SpamFilterAuthJ;ENG:(5062000261)(5061607266)(5061608174)(4900115)(58390011)(98390011)(8390131)(8377080)(8386120)(4920090)(6382001)(4950130)(4990090)(9140004);RF:JunkEmail;

I can confirm that this is fixed now.

1 Like

Hello, how did you solve the problem?

Hernan,

We had to get our admin to manually release the emails from quarantine and then we changed over to a different 2FA method for about 4 months. When we came back to the email method in June of this year, the emails were no longer being quarantined and we could use it again.

Are you experiencing the same problem now?

yes, Ok, my mail server perfectly receives the emails, the problem occurs when I send an email to Outlook or Hotmail, it goes directly to SPAM, it does not reach the inbox