Share via

External Sender

Glenn Maxwell 13,841 Reputation points
2026-06-18T00:38:13.0766667+00:00

Hi Team,

I am having an issue where emails from a legitimate external sender are being flagged in Outlook as "Unverified".

An external user (extuser(at)somedomain.com) sends email to an internal user. The email is delivered successfully to the Inbox, but Outlook displays the warning:

"We can't verify that this email came from the sender so it might not be safe to respond to it."

The sender is a known and trusted external contact. I verified the recipient's Junk Email configuration: Below is the output.

Enabled : True
TrustedListsOnly : False
TrustedSendersAndDomains : {extuser(at)somedomain.com}
TrustedRecipientsAndDomains : {extuser(at)somedomain.com}

The sender's email address has already been added to both Trusted Senders and Trusted Recipients.

In Outlook, emails from this sender sometimes appear with only the display name (e.g., "Ext" lets say Ext is FirstName of the user) rather than the full SMTP address. When replying, Outlook does not automatically resolve the sender's email address, requiring the recipient to manually enter it.

Exchange Online
Exchange Online

A cloud-based service included in Microsoft 365, delivering scalable messaging and collaboration features with simplified management and automatic updates.

0 comments

Answer accepted by question author

Teddie-D 18,620 Reputation points Microsoft External Staff Moderator
2026-06-18T01:31:57.58+00:00

Hi @Glenn Maxwell

The sender is a known and trusted external contact, and based on your PowerShell output, the address has already been added to both Trusted Senders and Trusted Recipients. However, this is not related to the behavior you are seeing.

The “Unverified” warning is generated by Exchange Online Protection / Defender for Office 365 when Outlook is unable to fully validate the sender using email authentication methods such as SPF, DKIM, and DMARC. Even if a message is delivered to the Inbox and the sender is marked as trusted, Outlook can still display this warning if the authentication signals are weak, missing, or inconsistent.

Safe Senders only affects spam filtering (for example, ensuring messages are not moved to Junk), but it does not override authentication‑based safety indicators. This is why the warning can still appear even though the sender is already in the trusted list.

At this point, the issue is most likely related to the sender’s email authentication configuration. You may want to ask the sender to review the following:

  • SPF
  • DKIM
  • DMARC

These need to be properly configured and aligned for Microsoft 365 to validate the sender’s identity successfully.

If needed, you can also share the message headers (with any sensitive information removed). This can help identify exactly which authentication check (SPF, DKIM, or DMARC) is causing the warning.

I hope this helps clarify the current behavior.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".     

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Was this answer helpful?

1 person found this answer helpful.
0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. EmilyS_726 20,840 Reputation points Volunteer Moderator
    2026-06-18T02:30:51.25+00:00

    A simple way to think about it: imagine you give your child’s school a list of people allowed to pick them up. If someone shows up and says they’re authorized but their name isn’t on the list, the school would treat them as unverified. If that person keeps showing up, the school may eventually refuse them entirely.

    In this case, SPF, DKIM, and DMARC are that “approved list.” For high-volume senders, Microsoft now enforces these checks more strictly. Without proper setup, messages may not just be marked as unverified, they can be blocked outright too eventually.

    Only the sender can fix this issue. They must properly set up SPF, DKIM and DMARC records on their end via their domain management. That way, when they send emails to Microsoft users, Microsoft can check these records, and then compare them with the actual service the email was sent from. If the service appears in their SPF record for example, Microsoft will let them in and will not mark them as "unverified". I hope this makes sense.

    Was this answer helpful?

    0 comments

  2. AI answer

    2026-06-18T00:38:39.0366667+00:00

    Outlook’s “Unverified” (question-mark avatar) warning is driven by email authentication and sender verification, not by the Safe Senders / Trusted Recipients lists. Adding the sender to Safe Senders or Safe Recipients prevents messages from being treated as junk, but it does not suppress the “Unverified” banner or question-mark icon.

    Key points based on the behavior described:

    1. Why the “Unverified” warning appears
      • Outlook shows a ? in the sender image and the “We can't verify…” warning when it cannot verify the sender using email authentication techniques.
      • This can happen even for legitimate, trusted senders if their domain’s authentication (SPF/DKIM/DMARC or equivalent) is not set up or is misconfigured.
      • The warning is therefore expected behavior for messages that fail or lack authentication, regardless of Safe Sender status.
    2. Safe Senders / Trusted lists vs. Unverified indicator
      • Safe Senders / Safe Recipients lists (including the PowerShell TrustedSendersAndDomains and TrustedRecipientsAndDomains) instruct Outlook/classic Outlook not to treat those messages as junk.
      • As documented, when the mailbox is hosted on Exchange/Exchange Online, changes made to Safe Senders may not be recognized by Exchange/Exchange Online for server-side filtering, and messages can still land in Junk.
      • These lists do not control the “Unverified” label or the ? avatar; those are driven by authentication checks.
    3. Display name-only behavior and address resolution
      • The behavior where messages sometimes show only the display name (e.g., “Ext”) and replies do not auto-resolve the SMTP address is consistent with Outlook treating the visible From as different from the actual sending address.
      • Outlook can show additional indicators (for example, a “via” tag) when the actual sender differs from the From address. This is another anti-spoofing/suspicious-message signal.
    4. What to do next (high-level)
      • The technical fix is on the sender side: ensure that the external domain correctly publishes and uses standard email authentication (SPF/DKIM/DMARC or equivalent) so that Outlook can verify the sender.
      • On the recipient side, continue to treat the “Unverified” banner as a security signal. Even if the sender is known, any sudden change (for example, a sender that previously did not show ? now does) should be treated cautiously, as it may indicate spoofing.
      • If this is an important partner, tenant admins can review any whitelisting or external-partner configuration that might affect how external labels and indicators appear, but this will not override missing/broken authentication on the sender’s side.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.