Outlook / Microsoft 365 quarantines our ActiveCampaign emails as “High Confidence Phish” due to unsubscribe link

Question

Hi everyone,We are seeing a deliverability issue with ActiveCampaign emails sent from our own domain, and I’m curious whether others have experienced the same thing.SetupWe send newsletters from our own domain: @konfront.io	Example sender address: kv@konfront.io	Our sending domain in ActiveCampaign is:	Authenticated		Verified		DMARC exists on our domain	SPF passes	Composite authentication passesThe problemEmails are delivered fine to Gmail, but when we send to our own Microsoft 365 / Outlook inboxes, the emails do not appear in the inbox.In ActiveCampaign, the emails are marked as Delivered.When we checked Microsoft 365 / Defender quarantine, we found that the emails were being quarantined as:Quarantine reason: High Confidence Phish	Policy type: Anti-spam policy	Delivery action: Blocked	Detection technologies: URL detonation reputationImportant findingIn Microsoft Defender’s URL analysis, one of the URLs in the message is being flagged as phishing.The URL being flagged appears to be the ActiveCampaign unsubscribe link, for example something like:https://konfront.activehosted.com/box.php?...&funcml=unsub2&luh=1So the issue does not appear to be SPF/DKIM/DMARC failure.Instead, it looks like Microsoft is classifying the unsubscribe/tracking URL as phishing.QuestionHas anyone else seen Microsoft 365 / Outlook quarantine ActiveCampaign emails because of an activehosted.com unsubscribe or tracking link?  Did you find a fix? Thanks!

Alanna Hurley · Answer

Hi there!Thanks for laying all of that out so clearly. Based on what you shared, this does sound less like an SPF/DKIM/DMARC problem and more like Microsoft classifying the ActiveCampaign-hosted unsubscribe URL as suspicious.If Microsoft Defender is specifically flagging the konfront.activehosted.com/box.php unsubscribe URL with High Confidence Phish and URL detonation reputation, that usually points to URL reputation/filtering on the Microsoft side rather than a failure in your sender authentication.A couple of things that may help here:ActiveCampaign automatically adds the List-Unsubscribe header to emails sent from the platform, so this is not something you manually inserted into the campaign. That header is generally a deliverability best practice, but in this case it sounds like Microsoft is evaluating that URL negatively. How List-Unsubscribe helps email deliverabilityOne of the best next steps on the ActiveCampaign side is to set up a custom domain/CNAME for your account so generated links use your branded domain instead of *.activehosted.com. That can help mailbox providers better associate the URLs with your sending identity. How to set up a custom domain name (CNAME) in ActiveCampaignSince this is happening in your own Microsoft 365 environment, I would also have your Microsoft 365 admin submit the quarantined message/URL as a false positive and review whether the URL or domain can be allowlisted in Defender.So in short: I do think your diagnosis is reasonable. If Gmail is fine, authentication is passing, and Microsoft is specifically calling out the unsubscribe URL, this looks much more like a Microsoft filtering/reputation issue than a standard domain-authentication issue.If it were me, I’d prioritize these next:Set up a custom tracking domain/CNAME in ActiveCampaignSubmit the quarantined message to Microsoft as a false positiveRetest once the custom domain is live to see whether Microsoft still flags the branded link structureIf anyone else in the community has seen similar Defender behavior around activehosted.com unsubscribe or tracking links, I’d be curious what ended up resolving it on their side as well.

Setup

The problem

Important finding

Question

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded