All mail sent to hotmail/msn.com accounts unsuccessfully delivery

All internal network users on our Exchange Server are unable to send email to hotmail or msn accounts.  Our Exchange logs show successful sends.  This is the error that we receive:

Delivery has failed to these recipients or distribution lists:

emailname@hotmail.com
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.

The following organization rejected your message: bay0-mc5-f6.bay0.hotmail.com.

  _____  

Sent by Microsoft Exchange Server 2007


Diagnostic information for administrators:

Generating server: servername

emailname@hotmail.com
bay0-mc5-f6.bay0.hotmail.com #550 SC-002 Mail rejected by Windows Live Hotmail for policy reasons. The mail server IP connecting to Windows Live Hotmail has exhibited namespace mining behavior. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help. Email/network admins, please visit http://postmaster.live.com for email delivery information and support ##


PROJHOPEAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mdcseaCommented:
There are a number of possible reasons for this behavior.  Since it's Hotmail, some of the possibilities that first come to mind are that DNS is incorrectly configured for your domain.  Confirm that reverse record (PTR) and the SPF record for your mail server exist and are correct.  

The best place to start, to check the DNS config for your domain is to run a full DNS Report here:  www.dnsstuff.com.  Just enter your domain name in the DNSreport box and run the report.  
0
HaddionCommented:
Well, the reason your mail isn't being delivered is because hotmail is bouncing it.  I suspect this is because your mail server does not have correct Reverse DNS - can you confirm your DNS details for the server and I'll check it out further for you.
0
PROJHOPEAuthor Commented:
mdcsea: The DNS information appears correct.  The DNS report showed no problems other than a Postmaster tweak.

Haddion: Here is the DNS information:

 
14.42.199.65.in-addr.arpa       name = hq-mail.projecthope.org.
11.53.119.63.in-addr.arpa       name = bo-mail.projecthope.org.
 
Those answers are from me at home and also from UUNet public DNS server:
# nslookup 63.119.53.11 198.6.1.2
Server:         198.6.1.2
Address:        198.6.1.2#53
 
Non-authoritative answer:
11.53.119.63.in-addr.arpa       name = bo-mail.projecthope.org.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

mdcseaCommented:
There seems to be some confusion about the SPF record and your outbound mail servers (based on the DNSreport).

Your MX Records:

9 hq-homer.projecthope.org. [TTL=5400] IP=65.199.42.11 [TTL=5400] [US]
20 bo-homer.projecthope.org. [TTL=5400] IP=63.119.53.8 [TTL=5400] [US]


and your reverse DNS:

11.42.199.65.in-addr.arpa hq-homer.projecthope.org. [TTL=21600]
8.53.119.63.in-addr.arpa bethesda-3.projecthope.org. [TTL=21600]


are both correct but the SPF record contains the following:

"v=spf1 a:hq-mail.projecthope.org a:bo-mail.projecthope.org a:cable.projecthope.org ~all" [TTL=5400]


The servers listed here are:

hq-mail.projecthope.org     65.199.42.14
bo-mail.projecthope.org     63.119.53.11
cable.projecthope.org       74.94.210.225


none of these match your listed mail server IPs.  Essentially, the SFP record says that these three are the best servers to allow mail from.  You do have the entry "~all" but by default, this results in a SOFTFAIL result.  See these results:

SPF string used: v=spf1 a:hq-mail.projecthope.org a:bo-mail.projecthope.org a:cable.projecthope.org ~all.
Processing SPF string: v=spf1 a:hq-mail.projecthope.org a:bo-mail.projecthope.org a:cable.projecthope.org ~all.
Testing 'a:hq-mail.projecthope.org' on IP=206.80.108.41, target domain hq-mail.projecthope.org, CIDR 32, default=PASS.  No match.
Testing 'a:bo-mail.projecthope.org' on IP=206.80.108.41, target domain bo-mail.projecthope.org, CIDR 32, default=PASS.  No match.
Testing 'a:cable.projecthope.org' on IP=206.80.108.41, target domain cable.projecthope.org, CIDR 32, default=PASS.  No match.
Testing 'all' on IP=206.80.108.41, target domain example.com, CIDR 32, default=SOFTFAIL.  MATCH!

Result: SOFTFAIL


Possible Results:
Pass - This IP is authorized to send E-mail from this domain.
Fail - This IP is not authorized to send E-mail from this domain
SoftFail - This IP probably is not authorized to send E-mail from this domain, but the domain owners are not certain
Neutral - The domain does not know if the IP is allowed to send E-mail or not.
TempError - A temporary error occurred. The E-mail should be retried later.
PermError - A permanent error was encountered. The E-mail should be rejected.
None - No SPF record was found. It cannot be determined if the IP is allowed to send E-mail from this domain.
 
Since Hotmail does test the SPF record, your mails are probably being rejected because of the incorrect SPF.  Fix that up, allow it to propagate, and try again.




0
PROJHOPEAuthor Commented:
We have found that Hotmail feels that our email blasts are unsolicited.  We filled out a form from Microsoft to note our domain and mail IP addresses so it can take us off some blacklist...

Our users now are not having any problems we haven't adjusted anything on the Exchange server.
0
mdcseaCommented:
Who would have guessed - censorship rather than a real, functional, content-based spam filter solution.

Glad you got it working.  Might want to look at that SPF record anyway.

Thanks for letting us know.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.