A significant outage affecting Microsoft Exchange Online has left many legitimate business emails inaccurately flagged as phishing attempts. This issue, logged as incident EX1227432, began on February 5, 2026, and is causing valid messages to be quarantined, preventing them from reaching their intended recipients.
The root of the problem lies in a newly implemented anti-spam rule meant to identify malicious URLs within emails. While the intention was to thwart advanced phishing schemes, this update has resulted in an overzealous filtering process that erroneously classifies safe, everyday URLs as threats. As a result, harmless emails are being trapped in quarantine, leading to a surge in “false positives.”
Users are facing disruptions, with both incoming and outgoing emails becoming stuck. This is particularly critical for businesses, as essential communications—such as invoices or client updates containing links to trusted sites like Dropbox—are failing to deliver. Reports from administrators around the globe highlight a substantial impact on productivity, as teams work frantically to release the emails caught in quarantine.
Although Microsoft has not disclosed the exact number of affected users, organizations that utilize Exchange Online as part of Microsoft 365 are experiencing challenges. The issue targets specific URL patterns that mimic common phishing tactics, resulting in genuine links being mistakenly flagged by the filter.
The Exchange Online anti-spam system employs machine learning models trained on extensive datasets of phishing samples. The recent update aimed to address emerging threats without known signatures, but it inadvertently overgeneralized and misclassified many legitimate domains.
Quarantined emails can be reviewed in the Microsoft 365 Defender portal under “High Confidence Phishing.” While administrators can manually release these trapped emails, the process can be cumbersome. In response to the incident, Microsoft is working to whitelist affected URLs, allowing some previously blocked emails to resume normal delivery.
As of February 10, 2026, Microsoft is continuing its efforts to resolve the issue, though no definite timeline has been provided. While IT teams report intermittent improvements, comprehensive recovery remains ongoing.
This situation highlights the potential risks associated with artificial intelligence in security systems: while stronger defenses can prevent attacks, they may also backfire if not properly calibrated. Users are advised to monitor their quarantine lists regularly, submit any identified false positives for analysis, and review mail flow rules to prevent conflicts. Temporary workarounds include routing critical emails through approved gateways or employing transport rules for known safe domains.
Microsoft is committed to refining its filters to prevent similar incidents in the future. This ongoing issue serves as a crucial reminder that even leading platforms like Exchange require vigilant oversight and proactive monitoring to ensure seamless communication in the business environment.