Outlook "550 5.7.350 Remote server returned message detected as spam"

What’s actually happening

A user on Exchange Online or Outlook.com hits send and gets a non-delivery report within seconds. The bounce is stamped with 550 5.7.350, frequently chained to a downstream 554 5.7.1. This is Microsoft's own egress filter, not the recipient's server — the mail never left Microsoft. It tends to hit newsletters, sales outreach, and any message heavy on links or images first, while plain one-to-one replies still go through.

Common causes

• Message content scores as spam: link-heavy bodies, URL shorteners, mismatched display-text vs. href, all-image emails, or classic trigger phrasing in subject/body.
• The sending tenant or its outbound IP has a soured reputation, often from a compromised mailbox blasting mail or a sudden volume spike.
• Broken or missing authentication on the sending domain — SPF/DKIM/DMARC not aligned — which raises the spam score on the way out.
• A tracking/branding URL in the signature or footer that points at a domain already on a blocklist.
• Sending through Microsoft's shared outbound pool (rather than a dedicated/high-reputation path) so you inherit other tenants' bad behavior.

How to fix it

1. Read the full bounce and isolate the triggerPull the complete NDR headers. Note whether it's pure 550 5.7.350 or chained to 554 5.7.1, and which recipient domain returned it. Resend a stripped-down plain-text version of the same message; if that delivers, the body content is your problem, not reputation.
2. Clean the content and linksRemove URL shorteners and make anchor text match the actual href. Cut to one or two links. Drop tracking pixels and giant inline images. Rewrite obvious spam-bait subject lines. Check every URL (including signature/footer links) against a blocklist tool like mxtoolbox blacklist or Spamhaus.
3. Fix domain authentication and check tenant healthConfirm SPF passes (see the SPF PermError entry), DKIM is signing for the From domain, and DMARC is aligned. In the Microsoft 365 admin center go to Settings > Domains and verify the domain shows Healthy. In Defender, check the Restricted entities / restricted users list — a throttled mailbox produces this exact bounce.
4. Rule out a compromised accountIf reputation cratered overnight, audit message trace in the Exchange admin center for unusual outbound volume, reset credentials on any suspect mailbox, enable MFA, and remove the account from the restricted-users list once clean. One hijacked mailbox poisons the whole tenant's outbound reputation.
5. Escalate or re-route persistent blocksIf authentication is clean and content is tame but mail still bounces, open a ticket with Microsoft support (or use the sender support form) to request delisting. For ongoing bulk sending, move that traffic to a dedicated outbound service with its own warmed IP rather than the shared Exchange Online pool.