Email Notifications sent as "Phishing" in Outlook

Email Notifications sent as "Phishing" in Outlook

I am sending email notifications from Outsystems to users using a generic from address "".  However, when the users are receiving the notifications it is being marked as a "phishing" email.  Does anyone no how to fix this so that users don't receive this warning?  I don't want to have to make each user add the email to their safe list.
Is it possible for you to determine exactly why is Outlook flagging your emails as phishing ?

It could be from a number of reasons like the smtp sending the email, some pattern in the content, etc.

I don't think there is a general solution to tell outlook "look, this is not spam / phishing. leave it be", so you'll need to identify why your particular email is being flagged as such and try to change that.
If you have a link in the message that is pointing to an ip address something like (http:\\111.X.X.X\abc) Ex: form which directs to a page, then you can Change the IP address to valid internal Domain name. That is one of the main reason behind this message. 
I had this problem specifically a few months ago. I believe it was caused by having relative URLs in the e-mail's html. Make sure you're using the MakeAbsoluteURL (or something like it) from HttpRequestHandler in all URLs.

If you're using different host names from the internet and within your network you might need to build the url yourself, usually using a site property with the external host.

I tried MakeAbsoluteURL but it still didn't resolve the phishing message.  I changed the "From" on the email notification to real email account and it fixed the problem.
Came acroos same issue today and found a solution. Thought I should share it. This issue was a result of using the same theme for webscreeens and emails. It was sending alot of css (which contained image urls etc.)in the email when I checked in view source on outlook. I created a new theme just for email and kept it really simple (didn't even use a base theme). It is working fine now. I think Gonçalo Veiga's comment about making urls absolute might also work . I think the solution of changing the from on the email is not addressing the real issue with the email but rather giving sender some elevated privileges. This might not work if the to email address doesn't understand the from email address as "TRUSTED".
The problem is the mailsettings in ServiceCenter ...
If that one is different than the "From" address in your email, Outlook will mark it as phishing ...
Had the same when using GMAIL as provider and wanted to send mail from another emailaddress.

Don't know any solution (yet)
Joop, Are you talking about the mail settings under administration > email ? To clarify I had our support email address in from section there and I didn't provide any email address in the from section of send email widget. 
khushwant s wrote:
Joop, Are you talking about the mail settings under administration > email ? To clarify I had our support email address in from section there and I didn't provide any email address in the from section of send email widget. 
 Yep that's the one I mean, the one in service center under administration to configure the mail sending itself...
Any bright ideas how to handle this ?

It's detected by Gmail, Windows Live Mail, Outlook and maybe other mail apps as well ...

This is a part of the email header
Received-SPF: softfail ( domain of transitioning does not designate as permitted sender);
       spf=softfail ( domain of transitioning does not designate as permitted sender);
       dmarc=fail (p=NONE dis=NONE)
Authentication-Results:; spf=softfail;
Joop -

Go add the appropriate SPF information to your DNS entry for the domain you are sending as, so that the SMTP server you are using is seen as an authorized sender by receiving systems.

In this case, it looks like you are using a "" address as the "from", but NOT sending through the SMTP servers.

Out solution to 99% of our email woes was to get an account with Mandrill and use it as our SMTP server, which then enabled us to integrate with its API to build advanced functionality into our application as well (we just completed two-way CRM-like emails).


I created a "multitenant" application and sending emails out with different from addresses.
Even if I start using MailChimp, I think, wouldn't solve the problem since I need to be able to add stuff to the DNS of my email and that's not possible to do. It's the domain of my internet provider :-)
Joost -

It actually DOES solve this problem, it sends it "from" an address at MailChimp (for an email campaign) with a "Reply-To" of your specified email address. That solves the problem nicely. If you use Mandrill, instead of using OutSystems' email system, you send through the Maindrill API (IU have a basic integration on the Forge), you can do the same thing. The recipient will see "from on behalf of Justin James", and a reply will go to me, but the spam filters will not filter it out.

We have a multi-tenant application and just built the CRM-style system of being able to reply to an email and have it go into our system, we used this technique with Mandrill and it works like a dream. Best of all, we don't need tracking numbers in the subject or for the user to re-arrange their SMTP settings, we use a fake email address that Mandrill routes to us when email comes in, we use the email address as a lookup to determine which conversation it belongs to, and send a nicely formatted email that the user can then reply to to have it go through. It's all very, very slick from the end user's view, and 100% painless and transparent.

Hi Justin,

Joop here (GRIN) it sure sounds nice, I'll look into that again.

Thanks for the info,
Hah! Sorry about that!

No problem, Joost is also working at COOLProfs :-)