Mail from my domain is being rejected by some recipient domains.

We have a Microsoft O365 hosted mail domain (jdmfg.com), that has been relatively stable since we transitioned to it a year ago.  Last week, I began to receive reports that some of our customer's were not receiving emails that my team were sending to them.  At first there were no NDR's generated, so I assumed that the problem was on the recipient's end (junk mail folder, spam filtering false positives).

Later that week we began to see mail to a few domains be rejected, and I was able to review the NDR.  In each case, the message we were receiving is something like this one from charter.net:


Emails rejected by Nordstromlbr.com  
 


_____________________________________________
From: Microsoft Outlook
Sent: Wednesday, October 21, 2015 9:20 AM
To: XXX XXXXX
Subject: Undeliverable: Confirmation
imp13 rejected your message to the following email addresses:
eric@nordstromlbr.com (eric@nordstromlbr.com)
There's a problem with the recipient's mailbox. Please try resending the message. If the problem continues, please contact your email admin.

imp13 gave this error:
XqLQ1r00P29xdZ301qLRnF Message identified as SPAM - Please visit http://www.charter.com/postmaster (http://www.charter.com/postmaster) E5110
Diagnostic information for administrators:
Generating server: BY2PR02MB124.namprd02.prod.outlook.com
eric@nordstromlbr.com
imp13
Remote Server returned '550 5.2.0 XqLQ1r00P29xdZ301qLRnF Message identified as SPAM - Please visit http://www.charter.com/postmaster (http://www.charter.com/postmaster) E5110'
Original message headers:
Received: from BY2PR02MB1749.namprd02.prod.outlook.com (10.163.27.147) by
BY2PR02MB124.namprd02.prod.outlook.com (10.242.43.149) with Microsoft SMTP
Server (TLS) id 15.1.300.14; Wed, 21 Oct 2015 14:20:23 +0000
Received: from BY2PR02MB1750.namprd02.prod.outlook.com (10.163.27.148) by
BY2PR02MB1749.namprd02.prod.outlook.com (10.163.27.147) with Microsoft SMTP
Server (TLS) id 15.1.300.14; Wed, 21 Oct 2015 14:20:21 +0000
Received: from BY2PR02MB1750.namprd02.prod.outlook.com ([10.163.27.148]) by
BY2PR02MB1750.namprd02.prod.outlook.com ([10.163.27.148]) with mapi id
15.01.0300.010; Wed, 21 Oct 2015 14:20:21 +0000
From: Lynn Stieber <LynnS@jdmfg.com>
To: "eric@nordstromlbr.com" <eric@nordstromlbr.com>
Subject: Confirmation
Thread-Topic: Confirmation
Thread-Index: AdEMC5ZZ3jKeXtLnSPqkcsFB0JJdpw==
Date: Wed, 21 Oct 2015 14:20:20 +0000
Message-ID: <BY2PR02MB1750EA6D2CB9098BE5AC4D25B1380@BY2PR02MB1750.namprd02.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is )
smtp.mailfrom=LynnS@jdmfg.com;
x-originating-ip: [71.13.170.34]
x-microsoft-exchange-diagnostics: 1;BY2PR02MB1749;5:zvxgF1K8ljlh/kMYyeIdA0RQTh41/6Z42iW8QKhPs3rhKhvFzLj4F5vD8lAkQHJjOeOST2MF7noiU+xvMNTPxcv7d3v2pBiMMaqOObSIiuYLxDx4PKqLM5Lz0wQ3D0JFN56aK0obH5gJav/i1aHzuA==;24:Sm1XcBDMBVGMtEjO0OlAcgs3qTySor9m7G3NTUJ5U1K+tzq89Di0qPkZdVa2w/eBau7+ZamwwWiqrPlM3ytLKLLa/UlwGAN/wsYusIOvT2w=;20:MWkuDn+QUkTYkUkD6WXMbTmBSl6OasBorm2u6XrS6ZqZAoSnr54naxyP0rSjxQORFeiuWLy6XVHSXfPIoGZCRA==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR02MB1749;
x-microsoft-antispam-prvs: <BY2PR02MB1749D220219F9A42F2133DBDB1380@BY2PR02MB1749.namprd02.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(601004)(2401047)(8121501046)(520078)(5005006)(3002001)(102115026);SRVR:BY2PR02MB1749;BCL:0;PCL:0;RULEID:;SRVR:BY2PR02MB1749;
x-forefront-prvs: 073631BD3D
x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(6009001)(189002)(199003)(16236675004)(92566002)(5004730100002)(5007970100001)(99286002)(73894003)(10400500002)(105586002)(11100500001)(76576001)(221733001)(101416001)(2900100001)(77096005)(5003600100002)(97736004)(102836002)(5008740100001)(81156007)(87936001)(46102003)(189998001)(33656002)(106356001)(450100001)(122556002)(40100003)(2351001)(229853001)(74316001)(64706001)(86362001)(5002640100001)(54356999)(66066001)(107886002)(110136002)(2501003)(5001960100002)(50986999)(80792005)(99936001)(14943795004);DIR:OUT;SFP:1101;SCL:1;SRVR:BY2PR02MB1749;H:BY2PR02MB1750.namprd02.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en;
received-spf: None (protection.outlook.com: jdmfg.com does not designate
permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/mixed;
boundary="_004_BY2PR02MB1750EA6D2CB9098BE5AC4D25B1380BY2PR02MB1750namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Oct 2015 14:20:20.8967
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 77ac37e5-25ee-4b69-bf60-39ad5a14a9cd
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR02MB1749
Return-Path: LynnS@jdmfg.com
X-Microsoft-Exchange-Diagnostics:
1;BY2PR02MB124;2:xgx497ci0k9/SSwOGx0DqsV6dacxY75BTAsyU1oyUa2+JR6Dp3Qn9/6G9F4uDViJRfUo7NVfufyoQtXT/MH1hQMk1A9x7T2dSUi2Czlr5xqjytuQF4iSlSKpFzi/YJlR1qQQ1mxcd1vAcSXW3vc/V78Fz0M3w4C/ZijPPiV8t74=;23:GIzAOBFGmw28yQGwCS8xFCFoMXugXOO/GP1Ac00frRbmN8Ad7qAeZ84vZwg8czptvIT7cXHhKBhGl8wu/s5UMBllalgUko16OS+7niDwYu/lEcnnVsDGwPfc6YOsDh2Ot9AuccF/EJjNr4PwjGJx1nPeXf7A2eluGbd7kJAnGtXXLjgM/Wnc1DeFr49l1PVh
X-OriginatorOrg: jdmfg.com



And here's a slightly different NDR, this one generated by synacor.com:


 

Your message to fullersorders@tds.net couldn't be delivered.

Security or policy settings at tds.net have rejected your message
scottm       Office 365       tds.net
Sender             Action Required
                             

            Sender not permitted


How to Fix It
Contact the recipient (by phone or instant messaging, for example) and tell them to ask their email admin to add you to their allow list.
If the problem continues, forward this message to your email admin.


Was this helpful? Send feedback.

________________________________________

More Info for Email Admins
This error occurs when the email system of the recipient's domain has security or policy settings that reject the sender's message. However, we were unable to determine the specific setting that's causing this.

To fix the issue, contact the email admin at the recipient domain and ask them to add the sender's email address to their allow list, or to relax the setting that's causing the rejection.

If you get this error when sending to recipients who are not hosted by Office 365 it's possible one or more of the sending IP addresses used by Office 365 has been placed on a block list or that the message appears to the recipient domain as malicious or as spam. Examine the "Reported error" in the Error Details section below to help determine the cause. If you determine that it's because Office 365 was placed on a block list, you can open a Service Request with Microsoft Support for assistance (choose Mail Protection -> Message was blocked as spam).

For more information, see Error code 5.7.1 in Exchange Online and Office 365.

Original Message Details
Created Date:      10/23/2015 4:56:52 PM
Sender Address:      scottm@jdmfg.com

Recipient Address:      fullersorders@tds.net

Subject:      test


Error Details
Reported error:      554 5.7.1 [P4] Message blocked due to spam content in the message.
DSN generated by:      BY2PR02MB1718.namprd02.prod.outlook.com
Remote server:      mx02.tds.cmh.synacor.com


Message Hops
HOP      TIME (UTC)      FROM      TO      WITH      RELAY TIME
1      10/23/2015
4:56:52 PM      BY2PR02MB1719.namprd02.prod.outlook.com      BY2PR02MB1719.namprd02.prod.outlook.com      mapi      *
2      10/23/2015
4:56:52 PM      BY2PR02MB1719.namprd02.prod.outlook.com      BY2PR02MB1718.namprd02.prod.outlook.com      Microsoft SMTP Server (TLS)      *
Original Message Headers
Received: from BY2PR02MB1719.namprd02.prod.outlook.com (10.163.27.141) by
 BY2PR02MB1718.namprd02.prod.outlook.com (10.163.27.140) with Microsoft SMTP
 Server (TLS) id 15.1.306.13; Fri, 23 Oct 2015 16:56:52 +0000
Received: from BY2PR02MB1719.namprd02.prod.outlook.com ([10.163.27.141]) by
 BY2PR02MB1719.namprd02.prod.outlook.com ([10.163.27.141]) with mapi id
 15.01.0306.003; Fri, 23 Oct 2015 16:56:52 +0000
From: Scott Milner <scottm@jdmfg.com>
To: "fullersorders@tds.net" <fullersorders@tds.net>
Subject: test
Thread-Topic: test
Thread-Index: AdENs821rwJkEe5nSa+1qjFZPkcrNA==
Date: Fri, 23 Oct 2015 16:56:52 +0000
Message-ID: <BY2PR02MB17191C0B2938BD50DA9C82FBC5260@BY2PR02MB1719.namprd02.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=scottm@jdmfg.com;
x-originating-ip: [71.13.170.34]
x-microsoft-exchange-diagnostics: 1;BY2PR02MB1718;5:sYVesZQzYbFbjxrW3lIaAXGHGvIPIAI65E09AxmXmksmFc/8e6T5JTwwslLw26bzFxc0NZv/EjdEMV2KjRpGWzlc/3zznclibkjnpiGbZftva0ez/dpHQUPHOYqP+bf4upOf39m0KQHH1LKvaDLddA==;24:PB/OO5Mh4/xYwUwo27rS+2XDa4ST+Es5LX+aJGMD4WnYALmSM+X6iMXrm+EN1FMOsyVkl6TpCb70hYx/rXErKwSFH7MA6uoYOpHGfXCJA/k=;20:GRQBSUEKjp3OibeUyglmYoFFcV/Om0D28eeAwyQm87XI1UDOmQzGJsYVuxLfJUcz8ZSOMixVFQcXPDBGTM9tRw==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR02MB1718;
x-microsoft-antispam-prvs: <BY2PR02MB1718811730BFCC0ABB74268FC5260@BY2PR02MB1718.namprd02.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(108003899814671);
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(601004)(2401047)(5005006)(520078)(8121501046)(3002001)(102215026);SRVR:BY2PR02MB1718;BCL:0;PCL:0;RULEID:;SRVR:BY2PR02MB1718;
x-forefront-prvs: 0738AF4208
x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(6009001)(189002)(199003)(221733001)(11100500001)(17760045003)(5002640100001)(450100001)(101416001)(102836002)(15975445007)(2900100001)(92566002)(5004730100002)(81156007)(97736004)(77096005)(5008740100001)(66066001)(19300405004)(74316001)(76576001)(5007970100001)(10400500002)(2501003)(40100003)(107886002)(18206015028)(110136002)(5001960100002)(122556002)(16236675004)(5001920100001)(54356999)(5003600100002)(19580405001)(19625215002)(2351001)(105586002)(558084003)(229853001)(19580395003)(106356001)(50986999)(86362001)(19627595001)(33656002)(99286002)(189998001)(87936001)(99936001)(7059030)(217283001)(220243001);DIR:OUT;SFP:1101;SCL:1;SRVR:BY2PR02MB1718;H:BY2PR02MB1719.namprd02.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en;
received-spf: None (protection.outlook.com: jdmfg.com does not designate
 permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/related;
      boundary="_004_BY2PR02MB17191C0B2938BD50DA9C82FBC5260BY2PR02MB1719namp_";
      type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: jdmfg.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Oct 2015 16:56:52.0940
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 77ac37e5-25ee-4b69-bf60-39ad5a14a9cd
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR02MB1718


-----------------------------------------------------------------------------------------------------------------------------------------------------------


My first troubleshooting step was to check jdmfg.com in the blacklists.  Our actual mail host is jdmfg-com.mail.protection.outlook.com.  MXToolbox finds no issues at all with this domain or it's associated IP address (the entire list of blacklists sites comes back green).

My next step was to review our antivirus logs (we use TrendMicro) for potential infections, thinking that one of my users may have spammed a user, causing the block without a blacklist entry.  I can find no trace of malware infections on any of our domain computers.

My next step was to open a case with Microsoft Office 365 support.  The looked over things on their end and didn't see any problems.  We sent a couple of test emails in non-html format (with the signature deleted), and received the same NDR as before.   The engineer reviewed the NDR and email header information with me, and showed that while the end user's systems were calling the blank message spam, Forefront doesn't see any issues with the email as it is being sent.  Therefore, he stated, this is a problem with the mail recipient's system, and there is nothing further he, nor I, can do.  He instructed me to contact the mail recipients and ask that our domain be whitelisted.

We've called the affected customers and made the request for whitelisting, but we have had no resolution to the problems yet.  As you can imagine, me telling my end users 'There's nothing more that I can do!' is going over like a lead balloon.

Is there some troubleshooting that I've missed?  The fact that these email/spam services (synacor, charter) are stating that email from my domain is spam really makes me wonder if there isn't some problem that I'm missing.

The only thing that has changed in any way with our email system in the past few weeks is that I set up a mail relay using O365, allowing machines on our network that cannot do TLS to send email to our email domain only.  I don't see that this has any bearing on our problem, but I'm hesitant to rule anything out at this point.

Does anyone have any ideas for me to try next?


Scott
Scott MilnerApplication AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

themrrobertCommented:
While I cannot see the content of the first email you provided the NDR report for, I am guessing it's a similar "test" email meant to test the delivery, because that's what you did the second time.

These NDRs are useless for troubleshooting, because the responses from the target server indicated that the message contains spam.

You (and anyone helping you) need to see NDR's from actual, valid, normal emails, including the original message. (Private areas can be redacted with comment if needed)

For charter, if the email still gets rejected, send the same email (not forwarded, same as original) to unblock@charter.net

Other carriers will have their own procedures, which are usually explained in the NDR.

You can also start using an "email delivery service" like SendGrid (most popular) or SocketLabs. These companies specialize in high deliverability rates.

Anyone who's run their own email server will tell you, that it's a tough job to do it on your own. It seems microsoft is merely provided SMTP service, not a deliverability service.

Hope this helps!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Scott MilnerApplication AdministratorAuthor Commented:
Hi themrrobert,

I see what you mean.  I've attached two emails, one the test that I just sent, and the other the NDR that I received in response to that test.

I will look into the email delivery service that you mentioned.  At this point, the owner of the company may deem it a good investment.

Scott
test.msg
Undeliverable-test.msg
themrrobertCommented:
I think you misunderstood, you need to send a normal email, that's not a test.

One that at least looks normal.

Because it's very well possible that these 'test' messages are being blocked for spam content, but that genuine messages are being blocked for a different reason.

So we need to see the original message and NDR for a typical message that doesn't look spammy.

However in any case for maximum deliverability you'll need to be ever-vigilant getting on whitelists, or use a 3rd party.
David Johnson, CD, MVPOwnerCommented:
There isn't anything that you can do at your end since the 'problem' is at the recipient end.
eric@nordstromlbr.com (eric@nordstromlbr.com)
There's a problem with the recipient's mailbox. Please try resending the message. If the problem continues, please contact your email admin.
uses charter you might want to contact postmaster@nordstromlbr.com & postmaster@charter.com to see if they can resolve the problem at their end.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet / Email Software

From novice to tech pro — start learning today.