Mail from my domain is being rejected by some recipient domains.
We have a Microsoft O365 hosted mail domain (jdmfg.com), that has been relatively stable since we transitioned to it a year ago. Last week, I began to receive reports that some of our customer's were not receiving emails that my team were sending to them. At first there were no NDR's generated, so I assumed that the problem was on the recipient's end (junk mail folder, spam filtering false positives).
Later that week we began to see mail to a few domains be rejected, and I was able to review the NDR. In each case, the message we were receiving is something like this one from charter.net:
Emails rejected by Nordstromlbr.com
__________________________
From: Microsoft Outlook
Sent: Wednesday, October 21, 2015 9:20 AM
To: XXX XXXXX
Subject: Undeliverable: Confirmation
imp13 rejected your message to the following email addresses:
eric@nordstromlbr.com (eric@nordstromlbr.com)
There's a problem with the recipient's mailbox. Please try resending the message. If the problem continues, please contact your email admin.
imp13 gave this error:
XqLQ1r00P29xdZ301qLRnF Message identified as SPAM - Please visit http://www.charter.com/postmaster (http://www.charter.com/postmaster) E5110
Diagnostic information for administrators:
Generating server: BY2PR02MB124.namprd02.prod
eric@nordstromlbr.com
imp13
Remote Server returned '550 5.2.0 XqLQ1r00P29xdZ301qLRnF Message identified as SPAM - Please visit http://www.charter.com/postmaster (http://www.charter.com/postmaster) E5110'
Original message headers:
Received: from BY2PR02MB1749.namprd02.pro
BY2PR02MB124.namprd02.prod
Server (TLS) id 15.1.300.14; Wed, 21 Oct 2015 14:20:23 +0000
Received: from BY2PR02MB1750.namprd02.pro
BY2PR02MB1749.namprd02.pro
Server (TLS) id 15.1.300.14; Wed, 21 Oct 2015 14:20:21 +0000
Received: from BY2PR02MB1750.namprd02.pro
BY2PR02MB1750.namprd02.pro
15.01.0300.010; Wed, 21 Oct 2015 14:20:21 +0000
From: Lynn Stieber <LynnS@jdmfg.com>
To: "eric@nordstromlbr.com" <eric@nordstromlbr.com>
Subject: Confirmation
Thread-Topic: Confirmation
Thread-Index: AdEMC5ZZ3jKeXtLnSPqkcsFB0J
Date: Wed, 21 Oct 2015 14:20:20 +0000
Message-ID: <BY2PR02MB1750EA6D2CB9098B
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is )
smtp.mailfrom=LynnS@jdmfg.
x-originating-ip: [71.13.170.34]
x-microsoft-exchange-diagn
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEI
x-microsoft-antispam-prvs:
x-exchange-antispam-report
x-exchange-antispam-report
x-forefront-prvs: 073631BD3D
x-forefront-antispam-repor
received-spf: None (protection.outlook.com: jdmfg.com does not designate
permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/mixed;
boundary="_004_BY2PR02MB17
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-
(UTC)
X-MS-Exchange-CrossTenant-
X-MS-Exchange-CrossTenant-
X-MS-Exchange-Transport-Cr
Return-Path: LynnS@jdmfg.com
X-Microsoft-Exchange-Diagn
1;BY2PR02MB124;2:xgx497ci0
X-OriginatorOrg: jdmfg.com
And here's a slightly different NDR, this one generated by synacor.com:
Your message to fullersorders@tds.net couldn't be delivered.
Security or policy settings at tds.net have rejected your message
scottm Office 365 tds.net
Sender Action Required
Sender not permitted
How to Fix It
Contact the recipient (by phone or instant messaging, for example) and tell them to ask their email admin to add you to their allow list.
If the problem continues, forward this message to your email admin.
Was this helpful? Send feedback.
__________________________
More Info for Email Admins
This error occurs when the email system of the recipient's domain has security or policy settings that reject the sender's message. However, we were unable to determine the specific setting that's causing this.
To fix the issue, contact the email admin at the recipient domain and ask them to add the sender's email address to their allow list, or to relax the setting that's causing the rejection.
If you get this error when sending to recipients who are not hosted by Office 365 it's possible one or more of the sending IP addresses used by Office 365 has been placed on a block list or that the message appears to the recipient domain as malicious or as spam. Examine the "Reported error" in the Error Details section below to help determine the cause. If you determine that it's because Office 365 was placed on a block list, you can open a Service Request with Microsoft Support for assistance (choose Mail Protection -> Message was blocked as spam).
For more information, see Error code 5.7.1 in Exchange Online and Office 365.
Original Message Details
Created Date: 10/23/2015 4:56:52 PM
Sender Address: scottm@jdmfg.com
Recipient Address: fullersorders@tds.net
Subject: test
Error Details
Reported error: 554 5.7.1 [P4] Message blocked due to spam content in the message.
DSN generated by: BY2PR02MB1718.namprd02.pro
Remote server: mx02.tds.cmh.synacor.com
Message Hops
HOP TIME (UTC) FROM TO WITH RELAY TIME
1 10/23/2015
4:56:52 PM BY2PR02MB1719.namprd02.pro
2 10/23/2015
4:56:52 PM BY2PR02MB1719.namprd02.pro
Original Message Headers
Received: from BY2PR02MB1719.namprd02.pro
BY2PR02MB1718.namprd02.pro
Server (TLS) id 15.1.306.13; Fri, 23 Oct 2015 16:56:52 +0000
Received: from BY2PR02MB1719.namprd02.pro
BY2PR02MB1719.namprd02.pro
15.01.0306.003; Fri, 23 Oct 2015 16:56:52 +0000
From: Scott Milner <scottm@jdmfg.com>
To: "fullersorders@tds.net" <fullersorders@tds.net>
Subject: test
Thread-Topic: test
Thread-Index: AdENs821rwJkEe5nSa+1qjFZPk
Date: Fri, 23 Oct 2015 16:56:52 +0000
Message-ID: <BY2PR02MB17191C0B2938BD50
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is )
smtp.mailfrom=scottm@jdmfg
x-originating-ip: [71.13.170.34]
x-microsoft-exchange-diagn
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEI
x-microsoft-antispam-prvs:
x-exchange-antispam-report
x-exchange-antispam-report
x-forefront-prvs: 0738AF4208
x-forefront-antispam-repor
received-spf: None (protection.outlook.com: jdmfg.com does not designate
permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/related;
boundary="_004_BY2PR02MB17
type="multipart/alternativ
MIME-Version: 1.0
X-OriginatorOrg: jdmfg.com
X-MS-Exchange-CrossTenant-
(UTC)
X-MS-Exchange-CrossTenant-
X-MS-Exchange-CrossTenant-
X-MS-Exchange-Transport-Cr
--------------------------
My first troubleshooting step was to check jdmfg.com in the blacklists. Our actual mail host is jdmfg-com.mail.protection.
My next step was to review our antivirus logs (we use TrendMicro) for potential infections, thinking that one of my users may have spammed a user, causing the block without a blacklist entry. I can find no trace of malware infections on any of our domain computers.
My next step was to open a case with Microsoft Office 365 support. The looked over things on their end and didn't see any problems. We sent a couple of test emails in non-html format (with the signature deleted), and received the same NDR as before. The engineer reviewed the NDR and email header information with me, and showed that while the end user's systems were calling the blank message spam, Forefront doesn't see any issues with the email as it is being sent. Therefore, he stated, this is a problem with the mail recipient's system, and there is nothing further he, nor I, can do. He instructed me to contact the mail recipients and ask that our domain be whitelisted.
We've called the affected customers and made the request for whitelisting, but we have had no resolution to the problems yet. As you can imagine, me telling my end users 'There's nothing more that I can do!' is going over like a lead balloon.
Is there some troubleshooting that I've missed? The fact that these email/spam services (synacor, charter) are stating that email from my domain is spam really makes me wonder if there isn't some problem that I'm missing.
The only thing that has changed in any way with our email system in the past few weeks is that I set up a mail relay using O365, allowing machines on our network that cannot do TLS to send email to our email domain only. I don't see that this has any bearing on our problem, but I'm hesitant to rule anything out at this point.
Does anyone have any ideas for me to try next?
Scott
Later that week we began to see mail to a few domains be rejected, and I was able to review the NDR. In each case, the message we were receiving is something like this one from charter.net:
Emails rejected by Nordstromlbr.com
__________________________
From: Microsoft Outlook
Sent: Wednesday, October 21, 2015 9:20 AM
To: XXX XXXXX
Subject: Undeliverable: Confirmation
imp13 rejected your message to the following email addresses:
eric@nordstromlbr.com (eric@nordstromlbr.com)
There's a problem with the recipient's mailbox. Please try resending the message. If the problem continues, please contact your email admin.
imp13 gave this error:
XqLQ1r00P29xdZ301qLRnF Message identified as SPAM - Please visit http://www.charter.com/postmaster (http://www.charter.com/postmaster) E5110
Diagnostic information for administrators:
Generating server: BY2PR02MB124.namprd02.prod
eric@nordstromlbr.com
imp13
Remote Server returned '550 5.2.0 XqLQ1r00P29xdZ301qLRnF Message identified as SPAM - Please visit http://www.charter.com/postmaster (http://www.charter.com/postmaster) E5110'
Original message headers:
Received: from BY2PR02MB1749.namprd02.pro
BY2PR02MB124.namprd02.prod
Server (TLS) id 15.1.300.14; Wed, 21 Oct 2015 14:20:23 +0000
Received: from BY2PR02MB1750.namprd02.pro
BY2PR02MB1749.namprd02.pro
Server (TLS) id 15.1.300.14; Wed, 21 Oct 2015 14:20:21 +0000
Received: from BY2PR02MB1750.namprd02.pro
BY2PR02MB1750.namprd02.pro
15.01.0300.010; Wed, 21 Oct 2015 14:20:21 +0000
From: Lynn Stieber <LynnS@jdmfg.com>
To: "eric@nordstromlbr.com" <eric@nordstromlbr.com>
Subject: Confirmation
Thread-Topic: Confirmation
Thread-Index: AdEMC5ZZ3jKeXtLnSPqkcsFB0J
Date: Wed, 21 Oct 2015 14:20:20 +0000
Message-ID: <BY2PR02MB1750EA6D2CB9098B
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is )
smtp.mailfrom=LynnS@jdmfg.
x-originating-ip: [71.13.170.34]
x-microsoft-exchange-diagn
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEI
x-microsoft-antispam-prvs:
x-exchange-antispam-report
x-exchange-antispam-report
x-forefront-prvs: 073631BD3D
x-forefront-antispam-repor
received-spf: None (protection.outlook.com: jdmfg.com does not designate
permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/mixed;
boundary="_004_BY2PR02MB17
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-
(UTC)
X-MS-Exchange-CrossTenant-
X-MS-Exchange-CrossTenant-
X-MS-Exchange-Transport-Cr
Return-Path: LynnS@jdmfg.com
X-Microsoft-Exchange-Diagn
1;BY2PR02MB124;2:xgx497ci0
X-OriginatorOrg: jdmfg.com
And here's a slightly different NDR, this one generated by synacor.com:
Your message to fullersorders@tds.net couldn't be delivered.
Security or policy settings at tds.net have rejected your message
scottm Office 365 tds.net
Sender Action Required
Sender not permitted
How to Fix It
Contact the recipient (by phone or instant messaging, for example) and tell them to ask their email admin to add you to their allow list.
If the problem continues, forward this message to your email admin.
Was this helpful? Send feedback.
__________________________
More Info for Email Admins
This error occurs when the email system of the recipient's domain has security or policy settings that reject the sender's message. However, we were unable to determine the specific setting that's causing this.
To fix the issue, contact the email admin at the recipient domain and ask them to add the sender's email address to their allow list, or to relax the setting that's causing the rejection.
If you get this error when sending to recipients who are not hosted by Office 365 it's possible one or more of the sending IP addresses used by Office 365 has been placed on a block list or that the message appears to the recipient domain as malicious or as spam. Examine the "Reported error" in the Error Details section below to help determine the cause. If you determine that it's because Office 365 was placed on a block list, you can open a Service Request with Microsoft Support for assistance (choose Mail Protection -> Message was blocked as spam).
For more information, see Error code 5.7.1 in Exchange Online and Office 365.
Original Message Details
Created Date: 10/23/2015 4:56:52 PM
Sender Address: scottm@jdmfg.com
Recipient Address: fullersorders@tds.net
Subject: test
Error Details
Reported error: 554 5.7.1 [P4] Message blocked due to spam content in the message.
DSN generated by: BY2PR02MB1718.namprd02.pro
Remote server: mx02.tds.cmh.synacor.com
Message Hops
HOP TIME (UTC) FROM TO WITH RELAY TIME
1 10/23/2015
4:56:52 PM BY2PR02MB1719.namprd02.pro
2 10/23/2015
4:56:52 PM BY2PR02MB1719.namprd02.pro
Original Message Headers
Received: from BY2PR02MB1719.namprd02.pro
BY2PR02MB1718.namprd02.pro
Server (TLS) id 15.1.306.13; Fri, 23 Oct 2015 16:56:52 +0000
Received: from BY2PR02MB1719.namprd02.pro
BY2PR02MB1719.namprd02.pro
15.01.0306.003; Fri, 23 Oct 2015 16:56:52 +0000
From: Scott Milner <scottm@jdmfg.com>
To: "fullersorders@tds.net" <fullersorders@tds.net>
Subject: test
Thread-Topic: test
Thread-Index: AdENs821rwJkEe5nSa+1qjFZPk
Date: Fri, 23 Oct 2015 16:56:52 +0000
Message-ID: <BY2PR02MB17191C0B2938BD50
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is )
smtp.mailfrom=scottm@jdmfg
x-originating-ip: [71.13.170.34]
x-microsoft-exchange-diagn
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEI
x-microsoft-antispam-prvs:
x-exchange-antispam-report
x-exchange-antispam-report
x-forefront-prvs: 0738AF4208
x-forefront-antispam-repor
received-spf: None (protection.outlook.com: jdmfg.com does not designate
permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/related;
boundary="_004_BY2PR02MB17
type="multipart/alternativ
MIME-Version: 1.0
X-OriginatorOrg: jdmfg.com
X-MS-Exchange-CrossTenant-
(UTC)
X-MS-Exchange-CrossTenant-
X-MS-Exchange-CrossTenant-
X-MS-Exchange-Transport-Cr
--------------------------
My first troubleshooting step was to check jdmfg.com in the blacklists. Our actual mail host is jdmfg-com.mail.protection.
My next step was to review our antivirus logs (we use TrendMicro) for potential infections, thinking that one of my users may have spammed a user, causing the block without a blacklist entry. I can find no trace of malware infections on any of our domain computers.
My next step was to open a case with Microsoft Office 365 support. The looked over things on their end and didn't see any problems. We sent a couple of test emails in non-html format (with the signature deleted), and received the same NDR as before. The engineer reviewed the NDR and email header information with me, and showed that while the end user's systems were calling the blank message spam, Forefront doesn't see any issues with the email as it is being sent. Therefore, he stated, this is a problem with the mail recipient's system, and there is nothing further he, nor I, can do. He instructed me to contact the mail recipients and ask that our domain be whitelisted.
We've called the affected customers and made the request for whitelisting, but we have had no resolution to the problems yet. As you can imagine, me telling my end users 'There's nothing more that I can do!' is going over like a lead balloon.
Is there some troubleshooting that I've missed? The fact that these email/spam services (synacor, charter) are stating that email from my domain is spam really makes me wonder if there isn't some problem that I'm missing.
The only thing that has changed in any way with our email system in the past few weeks is that I set up a mail relay using O365, allowing machines on our network that cannot do TLS to send email to our email domain only. I don't see that this has any bearing on our problem, but I'm hesitant to rule anything out at this point.
Does anyone have any ideas for me to try next?
Scott
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I think you misunderstood, you need to send a normal email, that's not a test.
One that at least looks normal.
Because it's very well possible that these 'test' messages are being blocked for spam content, but that genuine messages are being blocked for a different reason.
So we need to see the original message and NDR for a typical message that doesn't look spammy.
However in any case for maximum deliverability you'll need to be ever-vigilant getting on whitelists, or use a 3rd party.
One that at least looks normal.
Because it's very well possible that these 'test' messages are being blocked for spam content, but that genuine messages are being blocked for a different reason.
So we need to see the original message and NDR for a typical message that doesn't look spammy.
However in any case for maximum deliverability you'll need to be ever-vigilant getting on whitelists, or use a 3rd party.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I see what you mean. I've attached two emails, one the test that I just sent, and the other the NDR that I received in response to that test.
I will look into the email delivery service that you mentioned. At this point, the owner of the company may deem it a good investment.
Scott
test.msg
Undeliverable-test.msg