We help IT Professionals succeed at work.
Troubleshooting Question

Blocked emails in Microsoft mail servers

65 Views
Last Modified: 2020-11-13
Hi,
Until today I have occasionally had a problem or other with sending emails that were easily overcome.
However since yesterday I noticed that microsoft is blocking all my emails to outlook.com. live.com and hotmail.com for no reason because I rarely send emails to these domains.
The returned message is this:


This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

    mycustomer@outlook.com
    host outlook-com.olc.protection.outlook.com [104.47.32.33]
    SMTP error from remote mail server after pipelined MAIL FROM:<myname@mydomain.net> SIZE=17985:
    550 5.7.1 Unfortunately, messages from [189.99.99.99] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [SN1NAM01FT036.eop-nam01.prod.protection.outlook.com]

best regards
Comment
Watch Question

Principal Software Engineer
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
rfl

Author

Commented:
Hi tried verify in:
https://www.spamhaus.org/lookup/
https://sender.office.com/
and is not marked as spam.

Best regards

Brian BEE Topic Advisor, Independent Technology Professional
CERTIFIED EXPERT

Commented:
That IP is listed with spamhaus, per https://www.spamhaus.org/pbl/query/PBL475460 

Looks like that block is not authorized to send email. So again, you either need to talk to your ISP, or ask them for their email relay to send your messages.
CERTIFIED EXPERT

Commented:
microsoft basically behave like they own email worldwide and will not help you get delisted easily. though this behavior is clearly abusive, there is not much you can do. they have a sender partnership program that will take ages to work through if you want to try. moreover, they could not care less since you are in brazil and likely not a major isp yourself.

the easy way is likely to go through a mail relay.

regarding the PBL, you cannot delist unless you own the ip and have been wrongly listed. the pbl is a list of end user ip addresses as opposed to corporate ones. it is not meant to be used for outright blocking, and never has been.

i have no idea whether microsoft relies on the pbl, their own list, or a combination.
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
This IP 104.47.32.33 shows to be owned by Microsoft, so this isn't... say a residential IP... so you might have a chance of getting this fixed.

You'll either debug this yourself, or provide your actual envelop sender.

An envelop sender (From address != myname@mydomain.net) is required for others to debug this for you.

If you're debugging this, the simple approach is to inject/enqueue the following email message into your MTA...

From: $sender
To: check-auth2@verifier.port25.com
Subject: SPF/DKIM/DMARC Test Email Message

Delivery tech verification test message...

Open in new window


Where $sender is an address handled by the sending MTA.

The report you get back is worth it's weight in gold.

You'll find out instantly, any basic problems with your config.

Likely you're trying to send a message through Microsoft with an envelop sender (From) which is incorrect.

To send through Microsoft's infrastructure requires using one of the following...

1) someone@microsoft.com (or some other Microsoft supported property) or said differently, an address assigned to you by Microsoft.

2) Microsoft is hosting email for one of your properties, similar to GSuite, where you pay them to run your email. They will then provide you with the correct SPF/DKIM (and maybe DMARC) settings to use with your DNS, which must be correct for mail to flow.
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
One other consideration.

Maybe Microsoft really does provide residential ISP services.

If this is the case, then all residential service IPs are auto blocked by many RBLs.

Which means if Microsoft really is your ISP, then you can never send mail from your IP.

Instead you'll use a Mail Relay service like MailGun or a relay only MTA you setup yourself.
CERTIFIED EXPERT

Commented:
you picked the wrong ip. the one you mention is one of hotmail entry points. the actual ip is 2 lines below. it is indeed in brazil and listed on the pbl.
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
@skullnobrains, you're correct. I picked the wrong IP.

The IP 189.99.99.99 is classified as a consumer ISP IP, so is blacklisted automatically... forever... never to be whitelisted...

https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a189.99.99.99&run=toolpage provides one such report.

As such, this IP can never reliably send an email... ever...
CERTIFIED EXPERT

Commented:
no. the pbl will make it harder to send email. not impossible unless the remote admins are dumbasses who use it wrongly. unfortunately, microsoft tends to qualify.
rfl

Author

Commented:
Hi,

Thanks for all. After filling a form in microsoft website, and some email exchanges with microsoft for 2 weeks, apparently everything seems to be working.

best regards
Brian BEE Topic Advisor, Independent Technology Professional
CERTIFIED EXPERT

Commented:
Thanks for letting us know. Most likely they made the changes that were suggested. If you look at your outbound mail, you'll probably see that your rDNS has been corrected. Feel free to accept whatever you think are the correct answers here to close the question.
CERTIFIED EXPERT

Commented:
i guess m$ agreed to whitelist you. good to see the process was only 2 weeks.
rfl

Author

Commented:
thanks