[annoyingnoob]

I have an O365 account in one of Microsoft's Government clouds. I sent an email from my personal (privately run) email to my o365 account with only newclimate.org in the body of the message. The message was sent to Quarantine in the Gov cloud - where it shows as Malware. Microsoft shows "URL detonation reputation, Mixed analysis detection". Seems Microsoft thinks newclimate.org is hosting malware.

I sent a second message from my personal account to my O365 account, with just my company's URL in the body. This one was delivered right to the Inbox.

[SoftTalker]

> Microsoft thinks newclimate.org is hosting malware

Maybe they are? Not saying intentionally, but perhaps they have been compromised?

[annoyingnoob]

I was trying not to make a judgement call and just report my findings.

In my experience with Microsoft's URL detonation, it could go either way and be a false positive or be real. In one case where I had a definite false positive, opening a ticket with Microsoft resolved the issue within a few hours. Both myself and the entity with the false positive are government cloud customers, maybe our experience would be different in the commercial cloud. Interestingly, this issue seems to affect anyone using Microsoft hosted email without regard to which cloud you are using. Different data centers, separate implementation, but some shared data apparently.