Help with NDR Due to SPAM

We recently switched to a hosted Exchange solution using Office 365.  For a very small number of customers that we email, we receive a NDR stating that the message was rejected as SPAM.  We did not have this problem before and I am a bit stumped on what I can do on my end to resolve this.  Below is a copy of one of the NDRs.  

The one thing that stood out was that the NDR stated:

received-spf: None ( does not designate permitted sender hosts

However, I have setup my spf record as the following, where the IP addresss is in my public IP address:

v=spf1 -all

 Below is the NDR:

Your message to couldn't be delivered. suspects your message is spam and rejected it.

Messages suspected as spam

How to Fix It
Try to modify your message, or change how you're sending the message, using the guidance in this article: Bulk E-mailing Best Practices for Senders Using Forefront Online Protection for Exchange. Then resend your message.
If you continue to experience the problem, contact the recipient by some other means (by phone, for example) and ask them to ask their email admin to add your email address, or your domain name, to their allowed senders list.

Was this helpful? Send feedback to Microsoft.


More Info for Email Admins
Status code: 550 5.7.350

When Office 365 tried to send the message to the recipient (outside Office 365), the recipient's email server (or email filtering service) suspected the sender's message is spam.

If the sender can't fix the problem by modifying their message, contact the recipient's email admin and ask them to add your domain name, or the sender's email address, to their list of allowed senders.

Although the sender may be able to alter the message contents to fix this issue, it's likely that only the recipient's email admin can fix this problem. Unfortunately, Office 365 Support is unlikely to be able to help fix these kinds of externally reported errors.

Original Message Details
Created Date:      4/12/2018 3:14:11 PM
Sender Address:

Recipient Address:

Subject:      Test Message

Error Details
Reported error:      550 5.7.350 Remote server returned message detected as spam -> 550 5.7.1 w3CFEDG9001725 This message has been blocked for containing SPAM-like characteristics.
DSN generated by:
Remote server:

Message Hops
HOP      TIME (UTC)      FROM      TO      WITH      RELAY TIME
1      4/12/2018
3:14:11 PM      mapi      *
2      4/12/2018
3:14:11 PM      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)      *
Original Message Headers
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;;
 s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
Received: from ( by ( with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.675.9; Thu, 12 Apr 2018 15:14:11 +0000
Received: from
 ([fe80::4161:7337:5ec5:9596]) by
 ([fe80::4161:7337:5ec5:9596%3]) with mapi id 15.20.0675.009; Thu, 12 Apr 2018
 15:14:11 +0000
From: Chris <>
To: "" <>
Subject: Test Message
Thread-Topic: Test Message
Thread-Index: AdPSbfiKB/0r1CD2Sbyqvw5mytivkAAAugBA
Date: Thu, 12 Apr 2018 15:14:11 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1;BN6PR19MB1441;7:+gUuJYuthkciz0vw1bYGs0jF/36rEIcYHWTnV4bBXi/1wGiqp7lOgUtfPLsQq0gNAB8UtPPMtPGtEC3yZw85D8uGgv5c/LeV1VidyxeAEsiyN4DRKpVKJ7Do99ncEcfEZHLL5ArxiFwP9Af0BOzFeihj2dJ2jIWxh61A56hkynimFrUKJC00LsEpbZWG5qN+knvgdeXLzP6v7qhTPmCt67N2ewTL2MTqlXlGhBPBRXdzYfLBUpBrDSLgUVuylQKa
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(7021125)(5600026)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603328)(7153060)(7193020);SRVR:BN6PR19MB1441;
x-ms-traffictypediagnostic: BN6PR19MB1441:
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231221)(944501327)(52105095)(6041310)(2016111802025)(20161123558120)(20161123560045)(20161123562045)(20161123564045)(6043046)(6072148)(201708071742011);SRVR:BN6PR19MB1441;BCL:0;PCL:0;RULEID:;SRVR:BN6PR19MB1441;
x-forefront-prvs: 06400060E1
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(39380400002)(376002)(346002)(396003)(39830400003)(366004)(199004)(189003)(54504004)(2351001)(6916009)(7110500001)(53936002)(106356001)(14454004)(25786009)(6116002)(3846002)(3660700001)(6436002)(3280700002)(486006)(478600001)(10710500007)(2501003)(99286004)(2906002)(102836004)(236005)(5250100002)(97736004)(5640700003)(81156014)(6306002)(1730700003)(33656002)(2900100001)(54896002)(9686003)(8676002)(55016002)(81166006)(7696005)(74316002)(76176011)(8936002)(86362001)(5660300001)(11346002)(476003)(7736002)(68736007)(316002)(66066001)(15650500001)(606006)(105586002)(26005)(2420400007)(6506007)(2940100002)(44832011)(186003)(446003)(340984004);DIR:OUT;SFP:1102;SCL:1;SRVR:BN6PR19MB1441;;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1;
received-spf: None ( does not
 designate permitted sender hosts)
x-microsoft-antispam-message-info: v/bnlcqndqBSdFCdTSBTIegC800qYjzUQ2+rm29710qANm5z8E7zPJrhfuFSWG9NqUkA9H9Rn8yhhsFpOVvjxZGVKTqD2ZvSXDN/PdlpykRyktXqFkYG+o4T781y1CB9FKSp4DCC7HKTe8oDUIjD0QZ41s55V+Cn8RgtvPlhRMc3uEEKG1GmB0tMizHdTsZ1
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative;
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 25b7fe40-5355-4f3e-f93b-08d5a0880bba
X-MS-Exchange-CrossTenant-Network-Message-Id: 25b7fe40-5355-4f3e-f93b-08d5a0880bba
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Apr 2018 15:14:11.4342
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 528ff592-f6c5-4a7f-9e90-4ff3bf509e19
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR19MB1441
csimmons1324IT ManagerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jose Gabriel Ortega CastroCEOCommented:
Ok the 1st thing is to make sure that you SPF is resolving correctly

Open this web:
Then click next.

and you will get an email address, send the email to that address and you will get something like this:
Click on SPF and check if it's set correctly, if you see any error or red letter, you should start by fixing there.
Also if you have RLB or anything wrong you will get it from there.

Here's an SPF helper:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
timgreen7077Exchange EngineerCommented:
The issue is your IP address. since you are using office 365 an not your own on-prem Exchange server, you will need to setup your SPF record the way o365 gave it to you. Your IP address shouldn't be included. By including your IP which isn't a valid sending server for O365, it comes across as spam. Remove your IP address from the SPF record and set up the record with the SPF info provide by O365 when you initially setup your email domain in O365. This should resolve that issue.
csimmons1324IT ManagerAuthor Commented:

Everything passed with no warnings / errors.


Originally, the spf record only contained the Office 365 information and we were having this problem then,  When I reached out to support, they sent me articles on setting up spf, dkim and dmarc records.  After reading through that documentation, I added the public IP address of our on-prem Exchange server as some mail from our on-prem 3rd party programs are still using that server to send out email messages.  I will be reconfiguring those programs to route email through Office 365 at a later date.  

It is my understanding that the spf record simply indicates the servers that are approved to send email on behalf of our domain.  Therefore, having the public IP address of our on-prem Exchange server should not cause any issues as long as the Office 365 information is listed as well (which it is).  This is why mailchimp's servers are listed in the spf record as well because we use their service for bulk email.  

Please correct me if I am wrong.
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

timgreen7077Exchange EngineerCommented:
You are correct. I thought you was only hosted in O365.
timgreen7077Exchange EngineerCommented:
If SPF is correct then it could be the spam settings are really high on the recipient side. You can change the -all (hard fail) on the SPF record to ~all (soft fail), and see if that helps.
Jose Gabriel Ortega CastroCEOCommented:
Ok, those emails that are being rejected are coming from an application?
or just from regular users?

(if it's an application that goes thru mailcheap, probably you should add to your spf your mailcheaps spf's
csimmons1324IT ManagerAuthor Commented:
Apparently, this is something on their end and specific to that particular user.  We did some additional testing and we were able to successfully send to another user at the company.  

I am pretty green when it comes to all of the nuts and bolts of how email and spam works.  This was my first time setting up spf, dkim and dmarc records so I was not sure if I set them up correctly or not.  Apparently I did but they were not going to help resolve this particular problem anyway.  

I hate simply going back to the other party and stating that the problem is on their end without being certain.

I appreciate all of the comments and suggestions.
csimmons1324IT ManagerAuthor Commented:

No.  My internal user was simply using Outlook and the message was sent through Office 365 hosted Exchange server.  Mailchimp was not being used in this particular case.  I mentioned mailchimp previously to explain to TimGreen that we have a number of "authorized" servers to send mail on our domains behalf and that is why our on-prem Exchange server and mailchimps servers were listed in our spf record.
Jose Gabriel Ortega CastroCEOCommented:
You can always go and create a ticket with MS and check it with them.
Ohh, I see. well, I would recommend you create a ticket with them.
It can be that, or your IP is just blocked in the hotmail (MS)
Please read and double check that.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Office

From novice to tech pro — start learning today.