Is mailprotector down?

We are currently experiencing an issue with our Microsoft 365 tenant that is preventing us from receiving email replies to our support address. We are working to resolve this. If you need to reach us, please log into the support portal (support.mailprotector.com) and submit or update your request there. Portal submissions are working normally and will reach our team. We will update this notice once email replies are restored.

Support tickets and replies from Mailprotector will temporarily originate from a zendesk.com email address rather than our standard mailprotector.com domain. This is an intentional change we made to restore email reply functionality to our ticketing system. Emails arriving from zendesk.com on behalf of Mailprotector Support are legitimate. If your email filtering flags these messages as possible impersonation, they are safe to release and trust. We will update this notice when we return to our standard domain.

Support tickets and repllies are back to originating from mailprotector.com. No changes or actions need to be taken. Support emails will resume their normal behavior.

Microsoft is experiencing intermittent issues with mail flow. Please see their notice for reference. https://admin.cloud.microsoft/#/servicehealth/:/alerts/EX1331830 Mailprotector is monitoring the situation. However, mail flow with CloudFilter and Shield appears to be normal. Please check logs to identify bounces or delays from Microsoft hosts to confirm potential effects from their systems.

Microsoft Defender is restricting connectors due to false-positive reports. Please go to Microsoft Defender > Restricted Entities and unblock the listed connectors. (https://security.microsoft.com/restrictedentities) You will need to monitor and check on this restriction for the time being. We have observed that Microsoft restricts the connector after a short time, and the unblock request must be made again. We are continuing to monitor and investigate possible mitigation options.

Earlier today, Microsoft identified some of Shield's services as suspicious or compromised. This caused emails to bounce or be delayed. As of approximately 2:30 PM ET, the status began to lift, and we observed a return to expected mail flow. A support request has been opened with Microsoft to help us determine how and why this incident happened. We have not received a response yet. We are not closing this issue as resolved. Our intention is to get to the root of the incident. Our first priority was to find a way to resume normal mail flow, and it appears we have done so. We are continuing to monitor the situation, including the Microsoft notice regarding mail flow issues in Exchange Online, which appear to have been resolved.

We have begun reprocessing and redelivering emails that bounced during the affected time period. Here is what to expect: Most emails should be delivered, but not all of them. Some bounces during the incident may have been legitimate, and those messages will not be recoverable through reprocessing. Duplicates are possible. If a sender resent their email after the incident and the original message is also redelivered through our reprocessing, recipients may receive both. This is expected behavior and not a cause for concern. Reprocessing takes time. We expect this to be completed by midnight ET tonight, though it may finish sooner.

This incident has been resolved.

This morning, a third-party package repository used by our virus scanning infrastructure experienced an outage following an attack on its systems. Because our virus scanning instances rely on this repository at startup to pull the latest files and configurations, affected instances were unable to start. This reduced the capacity of our virus-scanning cluster below demand. When a virus scan cannot complete, our system quarantines the email as a precaution. As a result, emails processed during this window were quarantined rather than delivered to inboxes. No emails were lost. Affected emails can be released from quarantine by users or admins. Resolution The virus scanning cluster has been reconfigured to pull packages directly from the source repository, eliminating the dependency on the third-party intermediary. Monitoring and alerting thresholds have also been updated to surface this class of issue more quickly in the future. The issue is fully resolved.

We have been made aware that emails sent from Google Workspace accounts via CloudFilter/SafeSend are failing intermittently. There may also be delays in delivering inbound email due to an issue Google is experiencing. If you have a domain affected by this incident, we recommend temporarily disabling the outbound mail routes for Gmail. You may check the status of Google's incident at https://support.cloud.google.com/portal/system-status?product=WORKSPACE&cssp=true

This incident has been resolved.

An update to improve brand-related impersonation attacks was aggressively holding outgoing messages and sending inbound emails to the Junk E-mail folder. The update has been rolled back, and the held outgoing emails have been released. Emails delivered to the Junk E-mail folder must be moved out by users. The aggressive protection was active from approximately 2:00 PM ET to 3:00 PM ET.

Emails that were delivered to the Jail due to the aggressive behavior of the update have been released. The emails may still end up in the Junk E-mail folder if the risk level is medium or low from a new sender.

An update released at approximately 2:00 PM ET today was designed to improve protection against brand impersonation. It behaved more aggressively than intended, holding and jailing legitimate emails, particularly those with signatures containing social media links. The update was rolled back at approximately 2:50 PM ET. This issue is resolved. Actions taken to remediate after rollback: - Inbound emails delivered to Junk have been reprocessed to ensure appropriate risk and moved to the Inbox. - Released jailed emails; they may still land in Junk if the sender is new or carries a medium risk level. - Outgoing emails that were held have been released. No action needed.