I have encountered an unusual and concerning Office 365 antispam issue today. A customers emails with PDF attachments to an Office 365 mailbox have been 'silently' blocked (quarantined) by O365 because they had a PDF that contained a big pond (Telstra) email address in the footer. After a [long] period of investigation removing the big pond email address resolved the issue. The reason that was given by Office 365 was "Detection technologies: URL detonation reputation".

My biggest concern with this is that MS was 'quarantining' the email which means they weren't letting the recipient know that there was an email and wasn't letting the sender know that it wasn't being delivered. To me this breaks the fundamental rules of how email is meant to work. Either it should be delivered, or you should get an error message bounce back. This issue only occurred in the last week, the customer has been sending the same PDF for more than a year.

I will take this up with Microsoft and see what they say. My concern is how many other users have been sending PDF documents or quotes out to customers that contain emails or links that have them silently not delivered.

Note this finding is based on all the evidence I have been able to gather to-date.