I have been googling on this topic for over a solid hour now and can't seem to find an answer.

At my work, all employees get the following (good old) warning whilst firing up their Outlook clients:

security certificate does not match the name of the site

My colleagues told me not to worry about it, just ignore the warning, etc. I was wondering, could that, in any way, lead to your mail server's IP getting blacklisted by spam filters? (Namely backscatterer in this case.)

(For example, could it happen that you send out an email, some spam filter sees the mismatch in the certificate, suspects possible spamming activity, or some sort of security breach behind it, and blacklists the IP?)

  • Simply because the certificate is might be "unsafe" due to a ruleset, does not mean it's insecure, furthermore the guidelines of what will block you by backscatterer seems cut and dry. Just because there is a mismatch does not mean your domain is known for sending spam, however, you really should fix your certificate for a varity of reasons.
    – Ramhound
    Commented Sep 12, 2019 at 6:47

2 Answers 2


This warning is about communication between Outlook and whatever mail system (probably Exchange). This communication is not checked by spam filters.

And even then, a a spam filter/blacklist would never cause a warning like this.

This warning hints at a misconfiguration, either on the mail server or in Outlook:

  • Outlook is connecting to the server using an IP address instead of a host name
  • Outlook is using a host name, but it’s not the correct one
  • The certificate does not have the host name used

You can check the server address as used by Outlook in your account settings in Outlook.

Note that an internally-hosted Exchange does not need paid-for certificates, so there’s really no excuse not to set this up correctly.

  • 1
    +1 for pointing out that certificates within an internal network should be configured and created properly using best practices. There is of course madness to do that, you get used to everything working perfectly, so when you do purchase a certificate and it isn't created properly your OCD goes crazy.
    – Ramhound
    Commented Sep 12, 2019 at 7:01

Not in the case you described - for the following reasons -

  1. Your browser is asking to trust the remote server - this is a 1 way trust - the server trusts you in your username and password only. This means the server does not know if you are trustworthy based on your answer (to the question your browser is asking). This us the main reason.

  2. Certificates are almost always tied to DOMAINS, not IP addresses, so there is no associated IP to block. What is happening is your computer is checking the name embedded in the servers cert and not accepting it as valid. IP is irrelevant to the security layer here.

None if this is relevant to spam / reputation management which is not linked to your accepting a cert.

That said, its not a good practice to blindly accept a cert - it opens your connection up to being attacked (a man-in-the-middle attack) - the appropriate course of action is to change the SMTP/IMAP/pop domain name to match the cert, otherwise there is limited value in having a secure connection.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .