Microsoft implemented stricter fraud detection checks in Office 365 and Exchange Online Protection and unauthenticated messages are automatically marked as spam and moved to the Junk Email folder. If an address is on the Safe list, Outlook will leave the message in the Inbox, with this message added:
[This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing at aka.ms/LearnAboutSpoofing]
I'm using a contact form on my website but even though I have added my domain as a safe sender, the emails are still going to junk folder. I don't know what else to do.
End-users can’t fix this by changing settings in Outlook. The problem is that messages sent from domains that have not published SPF, DKIM, or DMARC records to DNS risk being flagged as spoofed or moved to the Junk Email folder.
The administrator needs to verify the domain has SPF, DKIM, or DMARC records property configured for all servers that send mail from the domain, including website contact forms and mailing list services. I recommend adding SPF records first as they are the easiest to configure and supported by more mail servers.
For more information on this issue, see
The Junkings will Continue Until Morale Improves
Messages more marked as spoofed (and moved to Junk e-mail) in Office 365? You’re not alone!
Set up SPF in Office 365 to help prevent spoofing (TechNet)