Many companies today are using providers for sending mass emails as this is something that is not supported by the most email providers like Exchange Online: Exchange Online customers who need to send legitimate bulk commercial email (for example, customer newsletters) should use third-party providers that specialize in these services. Exchange Online limits - Service Descriptions | Microsoft Learn
Sometimes the email authentications for these emails are not correctly set up and often smtp.mailfrom and the header.from are not matching. In addition, the DMARC is not passing. This will result in these messages being flagged as SPAM.
The sender's address or the sender's domain can be added in the allowed list, but this can open the door to hackers. If someone is spoofing the user or the domain, the emails will be let in even if they are not legitimate.
There is a safer way to allow these messages. A transport rule can be created in the Exchange Online admin center to bypass the SPAM filter for these messages if certain conditions are respected.
The rule must have the following conditions:
- Apply this rule if The message headers (Authentication-Results) includes any of these words (spf=pass) and matches these text patterns (dkim=pass)
- The sender domain or the sender's address is