Some customers using Microsoft 365/Office 365 business email may find that important emails from MobiSystems - such as account verification, password reset, add team members, and support-related emails - are accepted by Microsoft 365 but then quarantined before reaching user inboxes.
This guide explains how the IT administrator can allow (whitelist) MobiSystems emails, so they are delivered reliably.
1. Sender Domains Used by MobiSystems
Please allow the following domains:
- mobisystems.com
- All subdomains of mobisystems.com
- mobisystems.zendesk.com (used for support and ticket-related emails)
We cannot provide static IP addresses because our email infrastructure may rotate dedicated IPs for deliverability. Therefore, the instructions below rely on authentication-based allow rules, which is the method recommended by Microsoft.
2. Add MobiSystems Domains to the Microsoft 365 “Allow & Block List”
1. Open the Microsoft Defender portal:
https://security.microsoft.com
2. Navigate to:
Email & collaboration → Policies & rules → Threat policies → Anti-spam → Allow & block list
3. In Allowed domains, add:
o mobisystems.com
o mobisystems.zendesk.com
This allows Microsoft 365 to treat these domains as trusted and reduces the chance of spam or phishing false positives.
3. Create an Authentication-Based Mail Flow Rule (No IPs Required)
Since MobiSystems uses SPF, DKIM, and DMARC authentication, the most reliable approach is to allow authenticated messages rather than fixed IPs.
1. Open the Exchange Admin Center:
https://admin.exchange.microsoft.com
2. Go to Mail flow → Rules → Add and create a new rule.
3. Name the rule:
Bypass spam filtering for authenticated MobiSystems emails
4. Under Apply this rule if…, configure:
Condition A — Authentication results
Add a condition that checks the email authentication header:
-
A message header includes…
o Header name: Authentication-Results
o Header value includes one or more of:
▪ dkim=pass and d=mobisystems.com
▪ dkim=pass and d=zendesk.com
▪ (Optional) dmarc=pass or spf=pass
Condition B — Sender domain
Add scope conditions:
-
The sender domain is:
o mobisystems.com (this also matches all subdomains)
o mobisystems.zendesk.com
5. Under Do the following…, set:
o Modify the message properties → Set the spam confidence level (SCL) to –1
(This bypasses spam filtering for authenticated messages.)
6. Save and enable the rule.
This rule ensures that only properly authenticated messages from MobiSystems bypass spam filtering, without weakening security.
4. If Messages Are Blocked as “Spoofed”
If any emails appear in Microsoft 365 Quarantine with a “Spoof” verdict:
1. Open the Tenant Allow/Block List in the Microsoft Defender portal.
2. Add an Allow entry for:
o The specific sender address, or
o The specific “spoofed pair” (domain + sending service) flagged by Microsoft.
This is Microsoft’s recommended method for handling spoof false positives.
5. Release Current Quarantined Messages
If messages from MobiSystems are currently in quarantine:
- Open Email & collaboration → Review → Quarantine.
- Locate the affected messages.
- Release them to the inbox.
- After the allow rules above are configured, future messages should deliver normally.
6. Verifying the Fix
After configuration, we recommend testing with an email from MobiSystems. This can be done by logging with your MobiSystems account in https://accounts.mobisystems.com/ and changing your password. This article provides the full steps.
This will force an email to be sent to your account, and the IT admin can check Message Trace in the Exchange Admin Center and confirm:
- Authentication-Results header shows dkim=pass
- SCL is set to –1
- The message was delivered directly to the inbox