Hi all,
Microsoft recently started flagging certain emails coming from my Anvil apps as phishing.
Specifically, any email that has an href in the body gets blocked.
My ITS department is currently only willing to whitelist on a per-url basis, which I can understand.
Has anyone else experienced this and is there something else I should be doing to prevent this from happening?
It’s not just Microsoft. One of our email clients, Thunderbird, is even less shy about it. It explicitly uses the word “scam” for the last sign-up confirmation email we received.
I’m reluctant to turn confirmation off – it greatly reduces the number of bot-generated sign-ups – but if the confirmation emails aren’t getting through to some folks because of it, then I might eventually have to.
Yikes. That sounds awful and annoying. I am trying to butter up our IT dept to whitelist emails coming from anvil.app. Takes a lot of butter.
I suppose we should consider implementing a “Plan B” confirmation process, for those users who simply can’t confirm by email. I’m not sure what that would look like…
Not a direct answer, but I recommend using custom login/registration flows and then using either an external email provider (I recommend mailgun) or, if you’re using a custom domain, pointing the Anvil mail service to your host’s smtp servers.
This is not great! Could anyone/everyone who is affected here please forward one of the offending emails to support@anvil.works?
We’ve recently switched off automatic click tracking in those emails, which should have made them look more trustworthy, but it’s possible it’s backfired!
I’m experiencing a similar issue. I can send emails from the app to Microsoft emails no problem (some get sent to junk mail but that’s manageable). I can even include hyperlinks and they still get delivered.
However, the password reset email and user confirmation emails get blocked somewhere upstream. I have asked my IT department to whitelist my app’s domain but that’s a whole process.