Microsoft fixes machine learning bug flagging Adobe emails as spam

Microsoft says it mitigated a known issue in one of its machine learning (ML) models that mistakenly flagged Adobe emails in Exchange Online as spam.

As the company revealed in an advisory on the Microsoft 365 admin center tagged as EX1061430, users had issues accessing alerts for Adobe URLs starting April 22 at 09:24 UTC while being warned that a potentially malicious URL click had been detected.

This type of alert is usually issued when Exchange Online users click a link in an email that is later found to be malicious.

“We’ve determined our machine learning (ML) model, which safeguards Exchange Online against risky email messages, was incorrectly identifying legitimate email messages as spam due to their similarity to email messages used in spam attacks, which was resulting in impact,” Microsoft said.

“To fix the issue we initiated Replay Time Travel (RTT) on the affected URLs to fully remediate impact. Impact was specific to some users who were served through the affected infrastructure.”

In a final update added on Thursday, April 24, at 11:04 UTC, the company said it implemented mitigations to lower the false positive rates by improving machine-learning logic to ensure that legitimate emails won’t be inaccurately classified as spam and not delivered in the future.

While the company didn’t share more information on the regions or the number of users affected, this incident has been tagged as a service issue that is typically limited in scope or impact.

Microsoft has handled similar issues over recent years, leading to emails being incorrectly quarantined or tagged as spam. For instance, last month, Microsoft addressed another Exchange Online false positive that was causing anti-spam systems to quarantine some users’ emails erroneously.

In August 2024, it also mitigated an Exchange Online bug that tagged emails containing images as malicious and sent them to quarantine automatically, while in October 2023, it had to disable a bad anti-spam rule that was flooding Microsoft 365 admins’ inboxes with blind carbon copies (BCC) of outbound emails mistakenly flagged as spam.