Outlook quarantining emails triggered by Auth0

Problem statement

Emails such as verification or password reset are quarantined for Outlook-based inboxes.

Symptoms

Outlook inboxes are affected, but other types, such as Gmail, are not impacted.
Custom email template in use

Troubleshooting

  • Check email headers of successful and failing emails - look for DKIM and SPF checks passing.
  • Check the body of emails for any references to different domains to the sender.
  • Check by sending the email without customization to an affected inbox.

Cause

Outlook has quarantining rules in place, which can consider the content of email templates “phishy”.

Solution

If the email provider used by the Auth0 tenant has DKIM and SPF set up correctly, but emails are being quarantined by Outlook mailboxes and you have gone through the common issues here: Troubleshoot Custom Email Provider Delivery Issues, there may be a hyperlink or image source within the body of the email that is triggering the Outlook rules.

For example, an image hosted on a different domain to the sender can cause emails to be quarantined or a hyperlink.

If using a custom domain, this can be used for the automatically generated links for email verification or password resets, by enabling it in the tenant’s settings: