Help with NDR Due to SPAM

We recently switched to a hosted Exchange solution using Office 365.  For a very small number of customers that we email, we receive a NDR stating that the message was rejected as SPAM.  We did not have this problem before and I am a bit stumped on what I can do on my end to resolve this.  Below is a copy of one of the NDRs.  

The one thing that stood out was that the NDR stated:

received-spf: None (protection.outlook.com: mycompany.com does not designate permitted sender hosts

However, I have setup my spf record as the following, where the IP addresss is in my public IP address:

v=spf1 ip4:xxx.xxx.xxx.xxx include:spf.protection.outlook.com include:servers.mcsv.net -all

 Below is the NDR:


Your message to mary@ourcustomer.com couldn't be delivered.

ourcustomer.com suspects your message is spam and rejected it.

Messages suspected as spam


How to Fix It
Try to modify your message, or change how you're sending the message, using the guidance in this article: Bulk E-mailing Best Practices for Senders Using Forefront Online Protection for Exchange. Then resend your message.
If you continue to experience the problem, contact the recipient by some other means (by phone, for example) and ask them to ask their email admin to add your email address, or your domain name, to their allowed senders list.


Was this helpful? Send feedback to Microsoft.

________________________________________

More Info for Email Admins
Status code: 550 5.7.350

When Office 365 tried to send the message to the recipient (outside Office 365), the recipient's email server (or email filtering service) suspected the sender's message is spam.

If the sender can't fix the problem by modifying their message, contact the recipient's email admin and ask them to add your domain name, or the sender's email address, to their list of allowed senders.

Although the sender may be able to alter the message contents to fix this issue, it's likely that only the recipient's email admin can fix this problem. Unfortunately, Office 365 Support is unlikely to be able to help fix these kinds of externally reported errors.

Original Message Details
Created Date:      4/12/2018 3:14:11 PM
Sender Address:      chris@mycompany.com

Recipient Address:      mary@ourcustomer.com

Subject:      Test Message


Error Details
Reported error:      550 5.7.350 Remote server returned message detected as spam -> 550 5.7.1 w3CFEDG9001725 This message has been blocked for containing SPAM-like characteristics.
DSN generated by:      BN6PR19MB1441.namprd19.prod.outlook.com
Remote server:      mail197c2.megamailservers.com


Message Hops
HOP      TIME (UTC)      FROM      TO      WITH      RELAY TIME
1      4/12/2018
3:14:11 PM      BN6PR19MB1089.namprd19.prod.outlook.com      BN6PR19MB1089.namprd19.prod.outlook.com      mapi      *
2      4/12/2018
3:14:11 PM      BN6PR19MB1089.namprd19.prod.outlook.com      BN6PR19MB1441.namprd19.prod.outlook.com      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)      *
Original Message Headers
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mycompany.com;
 s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=JFByvbhj2Zmjq/lBkY+UBHhh9ze1kM4Jk3Vh4hI5iqw=;
 b=TMkH4lJf7KRfttDXn1qBaD+QxndZIT+eGtkXUQaxi24epULHySLXvZ/kJ9x0NnFhZjdXnmgHN0asJb9dn+0GgGXcuZO715//uGjk/QU5640aOCkb5zEdbvB0sH2Y8tJzSzQQm3/oBs15P7mYE683iBxDbxR4Df5WSUmHq7LsDHg=
Received: from BN6PR19MB1089.namprd19.prod.outlook.com (10.173.152.23) by
 BN6PR19MB1441.namprd19.prod.outlook.com (10.175.193.23) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.675.9; Thu, 12 Apr 2018 15:14:11 +0000
Received: from BN6PR19MB1089.namprd19.prod.outlook.com
 ([fe80::4161:7337:5ec5:9596]) by BN6PR19MB1089.namprd19.prod.outlook.com
 ([fe80::4161:7337:5ec5:9596%3]) with mapi id 15.20.0675.009; Thu, 12 Apr 2018
 15:14:11 +0000
From: Chris <chris@mycompany.com>
To: "mary@ourcustomer.com" <mary@ourcustomer.com>
Subject: Test Message
Thread-Topic: Test Message
Thread-Index: AdPSbfiKB/0r1CD2Sbyqvw5mytivkAAAugBA
Date: Thu, 12 Apr 2018 15:14:11 +0000
Message-ID: <BN6PR19MB1089CE5A960B94CAD8E3D0EBE5BC0@BN6PR19MB1089.namprd19.prod.outlook.com>
References: <BN6PR19MB1089D7D7C3CB56DFA7A001A9E5BC0@BN6PR19MB1089.namprd19.prod.outlook.com>
In-Reply-To: <BN6PR19MB1089D7D7C3CB56DFA7A001A9E5BC0@BN6PR19MB1089.namprd19.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=chris@mycompany.com;
x-originating-ip: [66.xxx.xxx.xxx]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1;BN6PR19MB1441;7:+gUuJYuthkciz0vw1bYGs0jF/36rEIcYHWTnV4bBXi/1wGiqp7lOgUtfPLsQq0gNAB8UtPPMtPGtEC3yZw85D8uGgv5c/LeV1VidyxeAEsiyN4DRKpVKJ7Do99ncEcfEZHLL5ArxiFwP9Af0BOzFeihj2dJ2jIWxh61A56hkynimFrUKJC00LsEpbZWG5qN+knvgdeXLzP6v7qhTPmCt67N2ewTL2MTqlXlGhBPBRXdzYfLBUpBrDSLgUVuylQKa
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(7021125)(5600026)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603328)(7153060)(7193020);SRVR:BN6PR19MB1441;
x-ms-traffictypediagnostic: BN6PR19MB1441:
x-microsoft-antispam-prvs: <BN6PR19MB14413E35B2740F05430CF8D0E5BC0@BN6PR19MB1441.namprd19.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231221)(944501327)(52105095)(6041310)(2016111802025)(20161123558120)(20161123560045)(20161123562045)(20161123564045)(6043046)(6072148)(201708071742011);SRVR:BN6PR19MB1441;BCL:0;PCL:0;RULEID:;SRVR:BN6PR19MB1441;
x-forefront-prvs: 06400060E1
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(39380400002)(376002)(346002)(396003)(39830400003)(366004)(199004)(189003)(54504004)(2351001)(6916009)(7110500001)(53936002)(106356001)(14454004)(25786009)(6116002)(3846002)(3660700001)(6436002)(3280700002)(486006)(478600001)(10710500007)(2501003)(99286004)(2906002)(102836004)(236005)(5250100002)(97736004)(5640700003)(81156014)(6306002)(1730700003)(33656002)(2900100001)(54896002)(9686003)(8676002)(55016002)(81166006)(7696005)(74316002)(76176011)(8936002)(86362001)(5660300001)(11346002)(476003)(7736002)(68736007)(316002)(66066001)(15650500001)(606006)(105586002)(26005)(2420400007)(6506007)(2940100002)(44832011)(186003)(446003)(340984004);DIR:OUT;SFP:1102;SCL:1;SRVR:BN6PR19MB1441;H:BN6PR19MB1089.namprd19.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1;
received-spf: None (protection.outlook.com: mycompany.com does not
 designate permitted sender hosts)
x-microsoft-antispam-message-info: v/bnlcqndqBSdFCdTSBTIegC800qYjzUQ2+rm29710qANm5z8E7zPJrhfuFSWG9NqUkA9H9Rn8yhhsFpOVvjxZGVKTqD2ZvSXDN/PdlpykRyktXqFkYG+o4T781y1CB9FKSp4DCC7HKTe8oDUIjD0QZ41s55V+Cn8RgtvPlhRMc3uEEKG1GmB0tMizHdTsZ1
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative;
      boundary="_000_BN6PR19MB1089CE5A960B94CAD8E3D0EBE5BC0BN6PR19MB1089namp_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 25b7fe40-5355-4f3e-f93b-08d5a0880bba
X-OriginatorOrg: mycompany.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 25b7fe40-5355-4f3e-f93b-08d5a0880bba
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Apr 2018 15:14:11.4342
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 528ff592-f6c5-4a7f-9e90-4ff3bf509e19
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR19MB1441
csimmons1324IT ManagerAsked:
Who is Participating?
 
Jose Gabriel Ortega CConnect With a Mentor CEO J0rt3g4 Consulting ServicesCommented:
Ok the 1st thing is to make sure that you SPF is resolving correctly
how?

Open this web: http://www.appmaildev.com/en/dkim
Then click next.

and you will get an email address, send the email to that address and you will get something like this:
1.png
Click on SPF and check if it's set correctly, if you see any error or red letter, you should start by fixing there.
Also if you have RLB or anything wrong you will get it from there.

Here's an SPF helper: https://www.spfwizard.net/
0
 
timgreen7077Exchange EngineerCommented:
The issue is your IP address. since you are using office 365 an not your own on-prem Exchange server, you will need to setup your SPF record the way o365 gave it to you. Your IP address shouldn't be included. By including your IP which isn't a valid sending server for O365, it comes across as spam. Remove your IP address from the SPF record and set up the record with the SPF info provide by O365 when you initially setup your email domain in O365. This should resolve that issue.
0
 
csimmons1324IT ManagerAuthor Commented:
Jose,

Everything passed with no warnings / errors.

Timgreen,

Originally, the spf record only contained the Office 365 information and we were having this problem then,  When I reached out to support, they sent me articles on setting up spf, dkim and dmarc records.  After reading through that documentation, I added the public IP address of our on-prem Exchange server as some mail from our on-prem 3rd party programs are still using that server to send out email messages.  I will be reconfiguring those programs to route email through Office 365 at a later date.  

It is my understanding that the spf record simply indicates the servers that are approved to send email on behalf of our domain.  Therefore, having the public IP address of our on-prem Exchange server should not cause any issues as long as the Office 365 information is listed as well (which it is).  This is why mailchimp's servers are listed in the spf record as well because we use their service for bulk email.  

Please correct me if I am wrong.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
timgreen7077Exchange EngineerCommented:
You are correct. I thought you was only hosted in O365.
0
 
timgreen7077Connect With a Mentor Exchange EngineerCommented:
If SPF is correct then it could be the spam settings are really high on the recipient side. You can change the -all (hard fail) on the SPF record to ~all (soft fail), and see if that helps.
0
 
Jose Gabriel Ortega CCEO J0rt3g4 Consulting ServicesCommented:
Ok, those emails that are being rejected are coming from an application?
or just from regular users?

(if it's an application that goes thru mailcheap, probably you should add to your spf your mailcheaps spf's https://kb.mailchimp.com/accounts/email-authentication/set-up-custom-domain-authentication-dkim-and-spf)
0
 
csimmons1324IT ManagerAuthor Commented:
Apparently, this is something on their end and specific to that particular user.  We did some additional testing and we were able to successfully send to another user at the company.  

I am pretty green when it comes to all of the nuts and bolts of how email and spam works.  This was my first time setting up spf, dkim and dmarc records so I was not sure if I set them up correctly or not.  Apparently I did but they were not going to help resolve this particular problem anyway.  

I hate simply going back to the other party and stating that the problem is on their end without being certain.

I appreciate all of the comments and suggestions.
0
 
csimmons1324IT ManagerAuthor Commented:
Jose,

No.  My internal user was simply using Outlook and the message was sent through Office 365 hosted Exchange server.  Mailchimp was not being used in this particular case.  I mentioned mailchimp previously to explain to TimGreen that we have a number of "authorized" servers to send mail on our domains behalf and that is why our on-prem Exchange server and mailchimps servers were listed in our spf record.
0
 
Jose Gabriel Ortega CCEO J0rt3g4 Consulting ServicesCommented:
You can always go and create a ticket with MS and check it with them.
Ohh, I see. well, I would recommend you create a ticket with them.
It can be that, or your IP is just blocked in the hotmail (MS)
Please read and double check that.
https://www.rackaid.com/blog/hotmail-blacklist-removal/
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.