Something's wrong with this email server: mine can never reach it

Hi,
My Exchange 2016 seems to be unable to sends email to a compagny and I notice that it could be because of the header which is different then others:
Total retry attempts: 16

...@distmorissette.com
Server returned '400 4.4.7 Message delayed'

Here's the header in question:
[Contacting distmorissette.com [198.50.159.188]...]
[Connected]
220-rwh01.bigtek.org ESMTP Exim 4.91 #1 Thu, 14 Feb 2019 16:37:13 -0500
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
EHLO mx1.validemail.com
philjansAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Likely best to do an audit of your SPF + DKIM + DMARC infrastructure.

My guess is you'll find something wrong.

https://dmarcian.com/ provides a great toolset for this type of debugging.

To fully test your DKIM infrastructure, send an email to any Gmail address, then select the message to be read -> more -> Original Message...

Will show a DKIM pass/fail line at bottom of the message.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
If you have problems figuring out how to debug this, provide...

1) IP of server initiating SMTP send.

2) From: address of message sent.

3) If you're using a relay service, specify name of service used.
KimputerIT ManagerCommented:
The error is not very clear. Sometimes it's much easier to contact the IT on the other side. Could be something as simple as adding a whitelist entry (if they're willing).
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Dr. KlahnPrincipal Software EngineerCommented:
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.


After two or three tries a greylist would probably let the email through.  After 16 tries it's clear that the receiving MTA will not deliver this email.

That suggests to me that the sending domain or the sending MTA's CIDR block is on somebody's blacklist.  If that is the case and they are reporting attempts to a block list, then the more you hammer on that particular site the harder that block will become.

Suggestion:  Go out and check the spam blocklists and see if the sending domain or CIDR block is on one of them.

Here's five that I use.  There are many more.

spamhaus.org
spamcop.net
abuseat.org
uceprotect.net
barracudacentral.org
philjansAuthor Commented:
@David Foster
1) IP of server initiating SMTP send.
69.70.105.166

2) From: address of message sent.
pjanson@maisonsusineescote.com

3) If you're using a relay service, specify name of service used.
Right now our email server sends it directly but in 1 week it will be Proofpoint (which you can see their spf details in my spf)
skullnobrainsCommented:
your spf records is the following

~$ host -t txt XXXXXXXXXXXXXXX
XXXXXXXXXXXXX descriptive text "v=spf1 mx a include:interspireSPF.smtp.com a:dispatch-us.ppe-hosted.com include:retailspf.smtp.com ~all"

which breaks down as

interspireSPF.smtp.com descriptive text "v=spf1 ip4:192.40.160.0/19 ~all" ==> that is not your IP

retailspf.smtp.com descriptive text "v=spf1 ip4:192.40.160.0/19 ip4:74.91.80.0/20 ~all" ===> not you either

the final "~all" instructs the server to delay all mail

you need to add ip:YOURIP to the spf record

$ host dispatch-us.ppe-hosted.com
dispatch-us.ppe-hosted.com has address 67.231.154.189
dispatch-us.ppe-hosted.com has address 148.163.129.56
dispatch-us.ppe-hosted.com has address 148.163.129.63
dispatch-us.ppe-hosted.com has address 67.231.154.164
dispatch-us.ppe-hosted.com has address 148.163.129.52
dispatch-us.ppe-hosted.com has address 67.231.154.188
dispatch-us.ppe-hosted.com has address 67.231.154.186
dispatch-us.ppe-hosted.com has address 148.163.129.58
dispatch-us.ppe-hosted.com has address 67.231.154.187
dispatch-us.ppe-hosted.com has address 67.231.154.184
dispatch-us.ppe-hosted.com has address 148.163.129.62
dispatch-us.ppe-hosted.com has address 148.163.129.48
dispatch-us.ppe-hosted.com has address 67.231.154.183
dispatch-us.ppe-hosted.com has address 148.163.129.53
dispatch-us.ppe-hosted.com has address 67.231.154.165
dispatch-us.ppe-hosted.com has address 148.163.129.49

==> not you either

...

"~all" at the end means defer everything"

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
skullnobrainsCommented:
add "ip4:YOURIP" to the SPF record and you'll be able to send email.

remove other records if they have no reason to send on your domain's behalf
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.