Outgoing mail arrives in Spam folder of Hotmail mailboxes

Hi All,

I am having an issue when sending emails from my domain to any Hotmail or Live accounts, they appear in the spam folder of the recipients Hotmail/Live mailbox instead of their Inbox. Gmail/Yahoo accounts seem to be fine it's just Hotmail/Live accounts.

I have an Exchange 2010 Server running on SBS 2011.   My domain is   "todco.ie"

I came across this article and followed the guidelines:     https://www.rackaid.com/blog/email-going-to-spam-folder/
The advises to make sure the following is correctly setup :
    *Email Content
    *Sender Reputation
    *DNS Records

* It's not the email content. If I logon to OWA and send a basic test email with no signatures and send a test to a hotmail account it still goes straight to the spam folder.
* The Sender Reputation checks come back at 99% successful. No issues on this front.
* DNS records; I have set up the rDNS with the ISP and setup the SPF records with the provider hosting our records on their Names Servers. I also used Microsoft Sender ID Framework SPF Record Wizard to generate the SPF record.
I then used the Microsoft Remote Connectivity Analyzer:   https://testconnectivity.microsoft.com/    and the SPF records seem to check out fine unless I'm missing something.

Still our emails go straight into the spam folder of any hotmail account.

I've spent a lot of time digging on the web but I'm getting nowhere. Has anybody encountered this problem before? If so any solutions would be much appreciated.


Best Regards
ADAPTITAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ugo MenaCommented:
Try removing the DNS PTR records you have for mail.todco.ie and www.todco.ie 

or setup MX records for mail.todco.ie and www.todco.ie
ADAPTITAuthor Commented:
Hi Ultralites,

I already have MX Records setup for mail.todco.ie and an A Record for www.todco.ie.

What will removing the PTR records achieve?
Ugo MenaCommented:
I see an MX record for todco.ie  :

todco.ie. 86400 IN MX 10 scan2.adapt-it.com,todco.ie. 86400 IN MX 40 mail1.eircom.net,todco.ie. 86400 IN MX 20 mxbackup.adapt-it.com,todco.ie. 86400 IN MX 30 mxx.elive.net,  

But  I don't see an MX record for mail.todco.ie

mail.todco.ie. 86400 IN A 86.43.126.168,
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

ADAPTITAuthor Commented:
Hi Ultralites,

The reason for this is because "scan.adapt-it.com" is a 3rd Party spam filter mail service. Once the spam filter does its job and filters through all the mail it is then configured to forward the mail to "mail.todco.ie" which points to the local Exchange Server.

The Local Exchange Server is configured to route mail out automatically through DNS. The reason for this is because our ISP is Eircom and we constantly run into issues when routing out through their mail servers "mail1.eircom.net" because they are constantly blacklisted.

"mxbackup.adapt-it.com" and "mxx.elive.net" are backup mail servers for the primary "scan.adapt-it.com" in case this goes down.
Ugo MenaCommented:
HI ADAPTIT,

I understand your configuration, it is a common setup to have a 3rd party filtering mail before it gets sent to you.

Just to be clear,  your onsite Exchange servers are sending mail for your domain todco.ie,  they are just not receiving it (before the 3rd party spam filter does) is this correct?
Ugo MenaCommented:
looking at your SPF record... I think this may be part of your problem. You have too many hosts listed as authorized senders for your domain.

v=spf1 a mx ptr ip4:86.43.126.168 a:twohigaccountants.ie mx:mail1.eircom.net mx:mxbackup.adapt-it.com mx:mxx.elive.net mx:scan2.adapt-it.com mx:twohigaccountants.ie mx:mail.todco.ie ?all

Checking to see if there is a valid SPF record.
Found v=spf1 record for todco.ie:
evaluating...
Results - PermError SPF Permanent Error: Void lookup limit of 2 exceeded
Ugo MenaCommented:
this is what your SPF record should probably look like:

v=spf1 a:mail1.eircom.net a:mxx.elive.net a:scan2.adapt-it.com a:mail.todco.ie -all

which passes (http://www.kitterman.com/spf/validate.html) with the following results:


Mail sent from this IP address: 86.43.126.168
Mail from (Sender): admin@todco.ie
Mail checked using this SPF policy: v=spf1 a:mail1.eircom.net a:mxx.elive.net a:scan2.adapt-it.com a:mail.todco.ie -all
Results - PASS sender SPF authorized
ADAPTITAuthor Commented:
Hi Ultralites,

Your last comment was correct. That's how our mail is routed. I did not realize that there was a limit on the amount of hosts you can have listed. The reason I put "scan2.adapt-it.com" into the SPF record is because "scan2.adapt-it.com" can also route out mail. So I wanted to be covered in case I decided to configure our Exchange Server to send mail out through that. Am I correct in doing that?

Also we have an additional domain "twohigaccountants.ie" configured in Exchange and only a few users have this as their Primary domain, everyone else has "todco.ie" as their primary domain.

Do I have this correctly entered in the currect SPF record?
Should I create an SPF record for the "twohigaccountants.ie" domain?

Sorry for all the questions, I'm just finding it hard to wrap my head around SPF at the moment.
Ugo MenaCommented:
No problem.

You will want to create another spf record for the twohigaccountants.com at your DNS registrar. The record will probably look exactly the same if you are using the same setup.
ADAPTITAuthor Commented:
Thanks Ultralite,

For the "twohigaccountants.ie" domain, should I use the exact same SPF record as below:

"v=spf1 a:mail1.eircom.net a:mxx.elive.net a:scan2.adapt-it.com a:mail.todco.ie -all"

or should a create an A Record on the DNS Regitrars Name Servers of  "mail.twohigaccountants.ie" and point this to the Public IP of the Exchange Server. Then create an SPF record like below:

"v=spf1 a:mail1.eircom.net a:mxx.elive.net a:scan2.adapt-it.com a:mail.twohigaccountants.ie -all"
Ugo MenaCommented:
this is what my DNS shows for that domain.

host twohigaccountants.ie

twohigaccountants.ie has address 212.71.237.70

twohigaccountants.ie mail is handled by 10 scan2.adapt-it.com.
twohigaccountants.ie mail is handled by 30 mxx.elive.net.
twohigaccountants.ie mail is handled by 20 mxbackup.adapt-it.com.

and that :
mail.twohigaccountants.ie is an alias for twohigaccountants.ie.

So your Exchange server setup to answer on mutiple IPs. Right?

86.43.126.168 and 212.71.237.70
ADAPTITAuthor Commented:
Should I add an A record on the "twohigaccountants.ie" DNS Registrars pointing to 86.43.126.168 though?
Ugo MenaCommented:
no. I don't think you need it.

Is your onsite exchange server listening on both IPs  (86.43.126.168 and 212.71.237.70)?
Ugo MenaCommented:
Mail sent from this IP address: 212.71.237.70
Mail from (Sender): admin@twohigaccountants.ie
Mail checked using this SPF policy: v=spf1 a:mxx.elive.net a:scan2.adapt-it.com a:mail.twohigaccountants.ie include:todco.ie -all
Results - PASS sender SPF authorized

Mail sent from this IP address: 86.43.126.168
Mail from (Sender): admin@twohigaccountants.ie
Mail checked using this SPF policy: v=spf1 a:mxx.elive.net a:scan2.adapt-it.com a:mail.twohigaccountants.ie include:todco.ie -all
Results - PASS sender SPF authorized
Ugo MenaCommented:
You could probably add an A record on twohigaccountants.ie to point it back to 212.71.237.70

the current rDNS resolves to :
70.237.71.212.in-addr.arpa domain name pointer li666-70.members.linode.com.
Ugo MenaCommented:
you don't want to mix that with your rDNS for 86.43.126.168 which is :

168.126.43.86.in-addr.arpa domain name pointer www.todco.ie.
168.126.43.86.in-addr.arpa domain name pointer mail.todco.ie.
168.126.43.86.in-addr.arpa domain name pointer todco.ie.
ADAPTITAuthor Commented:
it's not listening on 212.71.237.70, this an IP the web designer who hosts the records has listed. Through him and his Name Servers we have our MX Records:

scan2.adapt-it.com
mxbackup.adapt-it.com
mxx.elive.net

which again goes to our spam filter service, from here the mail is forwarded to the Public IP on the onsite Exchange Server.
Ugo MenaCommented:
Ok. No worries. You can leave it as is.

There would be no reason for the reverse lookup to happen on that IP if your server is not listening or sending on that IP.
ADAPTITAuthor Commented:
Hi Ultralites,

I have added the SPF record for the "twohigaccountants.ie" domain but I am getting the following error when I query it on kitterman:

SPF record lookup and validation for: twohigaccountants.ie
SPF records are published in DNS as TXT records.

The TXT records found for your domain are:
"v=spf1 a:mxx.elive.net a:scan2.adapt-it.com a:mail.twohigaccountants.ie include:todco.ie -all"

Checking to see if there is a valid SPF record.

No valid SPF record found of either type TXT or type SPF


Any ideas?
Ugo MenaCommented:
you need to remove the quotes from both sides of the TXT record.


The TXT records found for your domain are:
"v=spf1 a:mxx.elive.net a:scan2.adapt-it.com a:mail.twohigaccountants.ie include:todco.ie -all"
like your todco.ie entry:

The TXT records found for your domain are:
v=spf1 a:mail1.eircom.net a:mxx.elive.net a:scan2.adapt-it.com a:mail.todco.ie -all

Checking to see if there is a valid SPF record.

Found v=spf1 record for todco.ie:
v=spf1 a:mail1.eircom.net a:mxx.elive.net a:scan2.adapt-it.com a:mail.todco.ie -all

That should do it.
ADAPTITAuthor Commented:
Hi Ultralites,

Still experiencing same issue. The SPF records are in place the last 5 days and still the emails go straight in the junk folder of any hotmail/outlook.com

Any ideas?
Ugo MenaCommented:
It looks like there are still some DNS errors that are probably playing into this.

Many servers perform a banner check as part of spam mitigation, and may use a mismatched or masked banner as an indication of a possible spam source in a scoring system, most will not reject incoming mail solely on this basis.

This is what MXtoolbox is still saying are problems with your DNS records.
Screen-Shot-2015-11-19-at-9.50.46-AM.pdf
Ugo MenaCommented:
Although most servers will not reject based on SMTP banner mismatch, you should ask to see if this can be setup by your provider to have the virtual instance they manage actually match your domain.

Some receiving mail servers may use a mismatched or masked banner as an indication of a possible spam source in a scoring system, but most will not reject incoming mail solely on this basis.

I would for sure try to take care of the DMARC record too, as that is fairly trivial to add to your DNS records.
DMARC policies are retrieved by the mail-receiving organization during a SMTP session, via DNS. When mail receivers query DNS, they look for a DMARC TXT record at the DNS domain that matches the one found in the RFC5322. From domain in the email message. If a policy is found, that policy is combined with the author’s domain and the SPF and DKIM results to deliver a DMARC policy result.
Here is what Kitterman tool recommends for your DMARC txt record:

 DMARC record for: todco.ie
Record should be published at _dmarc.todco.ie
v=DMARC1; p=none 

Open in new window

Ugo MenaCommented:
Hotmail does use DMARC to determine SPAM
Ugo MenaCommented:
Hard to know if being tagged as SPAM was based on the SPF and DNS records not being correct or if Microsoft has specifically tagged your domain.

Since this has not fixed your issue, I am going to guess that MS has your domain tagged as SPAM. You will probably need to contact Microsoft and update them with your Sender Information. I have seen this occur to some domains when Outlook.com Delivery is blocked entirely, but they usually get a bounced message error.

Here is the link to update your Sender Information with Microsoft (outlook/hotmail)

Update Sender Info at Microsoft
ADAPTITAuthor Commented:
Hi Ultralites,

Thanks for all your help. I have requested they untag us. I will also look into the DMARC records and get back to you.
ADAPTITAuthor Commented:
Hi Ultralites,

I hope you enjoyed the winter holidays. Sorry for not getting back to you sooner. We were crazy busy of the holiday period. I have a few things I'd like to go through and review and get your thoughts please if you have the time. Or if anybody else has an interest in this case they can offer their thoughts.


* I have realised that the Primary domain in Exchange is "twohigaccountants.ie" and the "todco.ie" domain is an additional domain.

* The PTR record for "twohigaccountants.ie" points to "212.71.237.70".
I'll just quickly explain how "twohigaccountants.ie" domain is setup.  The customer originally purchased it from a web designer who also hosts the DNS records (Name Servers). The IP address of his hosting server is "212.71.237.70". The DNS records on his Name Servers are pointing to a third party spam filter (which I manage). "scan2.adapt-it.com" & "mxbackup.adapt-it.com". The spam filter filters the mail and if it's deemed clean it releases the email and forwards it to the Public IP address of the Exchange Server "86.43.126.168".

* Exchange is then configured to route it's email back out through DNS.

* Should the PRT record for "twohigaccountants.ie" be returning the IP address of the DNS Registrar "212.71.237.70"? or should it be "86.43.126.168"?
I ask this because the additional domain "todco.ie" has a PTR pointing to "86.43.126.168". This domain has a different DNS Registrar but otherwise is set up the same way as the "twohigaccountants.ie" domain.

* SPF records are in place for both domains as instructed in earlier posts.

* I wonder should I add a DMARC record for the domain "twohigaccountants.ie" also?

* If so how do I create a DMARC record to for the "twohigaccountants.ie"?

* What section of MX toolbox did you use to check the problems on DNS which indicated it was a DMARC record? I would just like to know for my own knowledge.


I look forward to hearing from you
Ugo MenaCommented:
Hey ADAPIT!

It has been a long time. :)

I just ran tests on both domains and everything looks good!

      SPF Record Published       Record found
      SPF Syntax Check       The record is valid
      SPF Multiple Records       Less than two records found
      SPF Record Deprecated       No deprecated records found
      SPF Included Lookups       Number of included lookups is OK

Are you still having email blocked/go to SPAM when sent to hotmail?

I used MXToolbox Network tools found here : http://mxtoolbox.com/NetworkTools.aspx

The DMARC record for twohigaccountants.ie is still missing, but you already knew that.... again this is not required by most hosts. FYI, the DMARC records are also missing for my domain, which I just ignore.

here is the link for that DMARC response test:
http://mxtoolbox.com/SuperTool.aspx?action=dmarc%3atwohigaccountants.ie&run=networktools

Look forward to your response.
ADAPTITAuthor Commented:
Hi Ultralites,

Long time no hear but great to hear from you again my friend. The email is still going into the junk folders of outlook.com/hotmail.com mailboxes. I still haven't applied a DMARC record as of yet. I am currently doing some research on it so I can create one. It seems like this is the next step really. Whitelisting the domains in Outlook.com/hotmail.com, taking it out of the junk folder etc doesn't work, they still go in there. Once I get the DMARC record setup I'll let you know. Have any good links or resources for SPF/DKIM/DMARC?
Ugo MenaCommented:
Here is one of the better explanations of what your DMARC DNS text records should look like:

https://dmarc.org/overview/

Google has some good info on DKIM here:

https://support.google.com/a/answer/174124
Ugo MenaCommented:
here are a couple of great online DMARC record wizards:

https://www.unlocktheinbox.com/dmarcwizard/

http://www.kitterman.com/dmarc/assistant.html

You are going to find that in order to implement DMARC, you are also going to need to setup DKIM.

the first site also has a DKIM wizard to generate the public and private keys for you.

https://www.unlocktheinbox.com/dkimwizard/
ADAPTITAuthor Commented:
Hi Ultralites,

Thanks for the help. I thought you can set up DMARC with just SPF. But you think you need DKIM also. Since we have Exchange 2010 will we need a 3rd Party tool installed for this or can we get away with a free version?
Ugo MenaCommented:
This has certainly turned into quite a challenge and some interesting scope...

IMHO, I really don't think you need to implement DMARC or DKIM. They are nice to have, but definitely not required to pass SPAM scores.

Everything looks correct from just about every angle of MX and DNS.

However, after rereading your post on  2016-01-14 at 09:49:56, I do think there is something more with the twohigaccountants.ie hosting server :

host 212.71.237.70
70.237.71.212.in-addr.arpa domain name pointer li666-70.members.linode.com.
host li666-70.members.linode.com
li666-70.members.linode.com has address 212.71.237.70

$ host twohigaccountants.ie
twohigaccountants.ie has address 212.71.237.70
twohigaccountants.ie mail is handled by 20 mxbackup.adapt-it.com.
twohigaccountants.ie mail is handled by 10 scan2.adapt-it.com.
twohigaccountants.ie mail is handled by 30 mxx.elive.net.

You may need to add the IP address 212.71.237.70 to your SPF records.... let me check a few items and get back to you.
ADAPTITAuthor Commented:
Hi Ultralites,

It is a strange one, I added the IP address this morning to the TXT record. The following records handle only the incoming mail:


10 scan2.adapt-it.com.
20 mxbackup.adapt-it.com.
30 mxx.elive.net.

And the following record handles the outgoing mail:

mail1.eircom.net.
Ugo MenaCommented:
Hi ADAPTIT,

I am not 100% sure, but I think you may also need a CNAME for twohigaccountants.ie. to account for the reverse DNS lookup of the IP for 212.71.237.70.

A CNAME record points a name such as "bar.example.com" to "foo.example.com."

so the CNAME record would be :
 li666-70.members.linode.com CNAME twohigaccountants.ie

Open in new window


Otherwise, I think that should be it. I can see the changes you made to the SPF records. Everything looks good from an SPF and MX standpoint. :) Both kitterman and mxtoolbox show everything passes.




       
Test 	Result
	SPF Record Published 	Record found
	SPF Syntax Check 	The record is valid
	SPF Multiple Records 	Less than two records found
	SPF Record Deprecated 	No deprecated records found
	SPF Included Lookups 	Number of included lookups is OK

Open in new window


evaluating...
Results - record processed without error.

The result of the test (this should be the default result of your record) was, pass . The explanation returned was, sender SPF authorized 

Open in new window


Is Hotmail still marking your messages as SPAM?
Kyle SantosQuality AssuranceCommented:
Hi ADAPTIT,

Can you please reply to Ugo?
ADAPTITAuthor Commented:
Hi Ugo,

Sorry for taking so long to get back to you. They are still getting he emails marked as spam with hotmail/outlook.com still.

Should I create the following CNAME record "li666-70.members.linode.com" and have it directing to "twohigaccountants.ie"?
Ugo MenaCommented:
Hi ADAPIT!
I think the CNAME record for li666-70.members.linode.com to twohigaccountants.ie is what you need.

it will look like this:
li666-70.members.linode.com CNAME twohigaccountants.ie

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.