Outlook and Hotmail receives all mail as spam

ericovk

Verified User
Joined
Apr 17, 2012
Messages
229
Location
Rotterdam, Netherlands
PHP mail (default Wordpress e-mails) and SMTP mail from default DA mail accounts are all being received as spam by Outlook. I have tested this with a standard free Outlook.com account. I think there is something wrong with my mail setting.

I've tried:
  • checking on blacklists, the server is not on any.
  • checked at Microsoft, the IP isn't on any of their "internal" blacklist.
  • added SPF record (a while ago)
  • added DKIM key (a while ago)
  • added a DMARC key (a while ago)
  • checked on www.mail-tester.com, score: 10 out of 10. Couldn't do any better.

I don't know what to try anymore.

The source code from a mail that has been received as spam:
Code:
Received: from BN3NAM01HT095.eop-nam01.prod.protection.outlook.com (2603:10a6:7:28::30) by HE1PR0602MB3516.eurprd06.prod.outlook.com with HTTPS
 via HE1PR05CA0143.EURPRD05.PROD.OUTLOOK.COM; Mon, 13 Nov 2017 11:17:09 +0000
Received: from BN3NAM01FT042.eop-nam01.prod.protection.outlook.com
 (10.152.66.56) by BN3NAM01HT095.eop-nam01.prod.protection.outlook.com
 (10.152.67.250) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.197.9; Mon, 13
 Nov 2017 11:17:08 +0000
Authentication-Results: spf=pass (sender IP is 37.xxx.xxx.114)
 smtp.mailfrom=source_domain.com; outlook.com; dkim=pass (signature was verified)
 header.d=source_domain.com;outlook.com; dmarc=pass action=none
 header.from=source_domain.com;
Received-SPF: Pass (protection.outlook.com: domain of source_domain.com designates
 37.xxx.xxx.114 as permitted sender) receiver=protection.outlook.com;
 client-ip=37.xxx.xxx.114; helo=c2.myserver.com;
Received: from c2.myserver.com (37.xxx.xxx.114) by
 BN3NAM01FT042.mail.protection.outlook.com (10.152.67.229) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.20.197.9 via Frontend Transport; Mon, 13 Nov 2017 11:17:08 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:139DA2C152DC380646F02F744435DA92562C77FF398B6BCA64B343224607C8BB;UpperCasedChecksum:C07189FEDE53670C3E592900642528AABDA8D154E743E8223AF6B00E6E1F66D2;SizeAsReceived:1450;Count:12
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
    d=source_domain.com; s=x; h=Message-ID:Subject:To:From:Date:Content-Type:
    MIME-Version:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
    Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
    :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
    List-Subscribe:List-Post:List-Owner:List-Archive;
    bh=mA2Oab4sn7E07tX2VCq0ofSSRS9ZDECromJw83IEKYc=; b=ncspWJrv0rltobZ/Yg0FuPDFXh
    wEdcn+8mfg2cYo0Cph9cgKkp7f18vlo4WcKwItU98ufGmEFsuddZim+zHbubW8giQd6GSeJuubaId
    wMJVx0M10q7gYQqZYynjEi0YoJ0r9OMMoFT1PNlt7vvk+yAfpy1QgYWb8hHBscQCmG/UdytNbE/70
    PkBonzX0VdsUGQxj9aVgUem/uvpyLNFIdMYjTiKJJkK3M9Q8s54vukQjchpgkMkeWxn+z4shuNsQs
    6zvLrf6YYJMqSsIqgFYcffzYx/lr0JogdfY8GgJDK/CDlfcoy8MxZMS64kCPA91Bh14Sb0jPBlPvu
    Nzavb7Ww==;
Received: from [127.0.0.1] (helo=c2.myserver.com)
    by c2.myserver.com with esmtpa (Exim 4.89)
    (envelope-from <test@source_domain.com>)
    id 1eECjj-0007lR-7z
    for [email protected]; Mon, 13 Nov 2017 12:17:07 +0100
Content-Type: multipart/alternative;
 boundary="=_ed74c8fa9d2eb80e51b51f607d3e31b4"
Date: Mon, 13 Nov 2017 12:17:05 +0100
From: test@source_domain.com
To: [email protected]
Subject: test mail
Message-ID: <6b67a95ca2142d9c3c89de11d77d6f6c@source_domain.com>
X-Sender: test@source_domain.com
User-Agent: Roundcube Webmail/1.3.3
X-Authenticated-Id: test@source_domain.com
X-IncomingHeaderCount: 12
Return-Path: test@source_domain.com
X-MS-Exchange-Organization-Network-Message-Id: a7732803-1597-4ff8-bf4f-08d52a881410
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Microsoft-Exchange-Diagnostics: 1;BN3NAM01FT042;1:T2RWjvu6NUmaDvEwkIpa8ULVnY8AesE1A0DmSBlklzUgow7Ky7cdGo2T1WNXya8PHsuGze04YL/vdMWLvPS9cIRJeu9+mx9g+bxq/HlM0h//K8pw8CZRVZTts+SuB0i3
X-Forefront-Antispam-Report: EFV:NLI;SFV:NSPM;SFS:(98901004);DIR:INB;SFP:;SCL:1;SRVR:BN3NAM01HT095;H:c2.myserver.com;FPR:;SPF:None;LANG:;
X-MS-Exchange-Organization-AuthSource: BN3NAM01FT042.eop-nam01.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a7732803-1597-4ff8-bf4f-08d52a881410
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(23075)(22001)(5000083)(610149)(650150)(651001)(8291501071);SRVR:BN3NAM01HT095;
X-Microsoft-Exchange-Diagnostics: 1;BN3NAM01HT095;3:1cyowoqS9fOn23T1XcLj3dLjRnoUeYXHRwusiOWEgwogvoLfZoZYQAD2qPxKsRaxzBEaxKoL5RCRCbDmuUy8QsVEQQBUoxn/huIu7GujtVwAMB+qqJucL5bKanZdFXxmoqf3c5kRCuEXsP9Lt4bdjpYL7DMLJxdCxHIO+pchpsjsfsWbORw9zP0KE0Oh7GzjbHvQcW2q1DfDclMOEX4OcSMRbTvDVyhXZv9d9SQLqLDtGamJ0UQJmh5S7NG7WBLplfwbtUu+l+pRga5vGdJrUZ7uVoYK2kK7ePloKdG0v8NwsCfWuUhDd54GbKOXsKHB;25:ZUfH/uPPRwYLXyO51F8rO/20Zs53YU5T0r6B5eLedCcZYlJTi1E0NvCNXmW4foP6FyLqEQ0wCnfjgHj2jm+jyBCGPKdQ7Q9W8pa5k+Ug2R7qVWmcrPvznwprFLQspGm2Tdgs/IjqaMz9KameSq0aNpgFryo2//opnYl7j6wq4vnR4RxxjeS3GJMmQi4tGloTeKXLB4AcnVJ4XBLxHrD8EJ5m7rwS1MVp9CvOIwiQsXM=;31:7D/oDGp29oDtKUYu3BstLIpCOieali2WdSKKZ12rp6o1sPDWFoxc6w0l6ku5lXcKJ81+1+X0ezn87aOtBujFyZG1SPEdb4fThYpriGjWulitRB8cLaS9EP0BZblJbKfc;4:27Ev6Y3D/ew3NmQ4LU4WDCJtMbqlRU+A157iRgv61r55Qc3x2zCbyWPtj37GtZc3QoMCn4wDsLofMyM9mH3XfZI+SRCg9Zy2DnFHQVpl85HcUFKrhiaZMYuiv0v/zeBVYWXOj2fCQPIAAyz6XTfmX2Mp0QjYNNFuOwBA04/T0UQ=
X-MS-TrafficTypeDiagnostic: BN3NAM01HT095:
X-MS-Exchange-EOPDirect: true
X-Sender-IP: 37.xxx.xxx.114
X-SID-PRA: TEST@source_domain.com
X-SID-Result: PASS
X-MS-Exchange-Organization-PCL: 2
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444111536)(595095)(82015058);SRVR:BN3NAM01HT095;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:BN3NAM01HT095;
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Exchange-Diagnostics: 1;BN3NAM01HT095;23:Ba0OQMu0gYXx77cHhS4PcMqel16VSsL/sODzW4iAM5vLj4zEHQVB2WgmTZY5SGgCcBN3xaXGM87zojVnuv725Zg9UzFoUkpcoJ9LV50bFZ4uSniwVHpyKHMpn82OWBlpJyYynWkp1BwW8zp2bNhuSdSQoedtHZi9efLeKyF0dLs=;6:2AI7C4odEWLsEvxLoWqWuFuSBICzV5Du7vzI0cg/a29yB3c8TC/aviKoIV+LII5RmJ8oz38uitNWUrJQ3gyiOf3jK4L1b67/jyt/ZfWJvrUG/y11eUsaJll2XPsHnQWXGFayl5TcabPY43Msr17lfsK7yVKUDccO001Sp4gcjnNy8Cl6xcLL+muvGPkQT4g85eg84vlq6ji5lA78QR8/XhLiqWepYC62VRJuTO+1Le/E6+/MQ/CCDFx1KTuGuje6;5:a9m0T9DkjkuFIhL5FP2gu/IM0vd8K/N4LiNoHNupCLGyOFjB8qtnAqdKHuAGzK/tnTvOVG49UaD1L/5P6xEuYsR2wXvT3M1VX/oZT+cENjr3DqZpdsReunD7AlR77PXRH3tG+rvT4WeIlrlZGDP1BFZVdT99yNHyYgG9LPIsCuE=;24:Ed0My4LG9KNxuPymq1b3Q3G7bAAS9EUDwsSOJWCydgQVtabPHB8gUGbpNVxnPagPvva6eF79hPRurV/Qn4jRnm4nT/gtgWAFPNynV1RgP9o=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;BN3NAM01HT095;7:PQA5bExTbEC0bOPH6USr6GyYkVD1NZGpl8V83+5ILApUMum1UhIyXg6paBwj9E1GsWLNc08K/h40URmo7A6lGLrmQHpZxzM+T0r01s4Q2hWavQLMPbyrQxmRWTFEwFf0CLsGge74ptl6DEACkcT73YBY2ZDuZPAU4mdQZV8B/wLm0x1TH6ZzijHZkCFjNA1XnboRz+BXe9o2+oXCCLzwvmA87xUxd6o83jQGKZhT4Dhn/r6ZQNgeQ+w16v3/ZT1d
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Nov 2017 11:17:08.2885
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a7732803-1597-4ff8-bf4f-08d52a881410
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3NAM01HT095
X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.6249186
X-MS-Exchange-Processed-By-BccFoldering: 15.20.0218.008
X-Microsoft-Exchange-Diagnostics:
    1;HE1PR0602MB3516;27:MlK3zpmW2bzqDqB5mMPH1qCrsjO154tIZeVoXyts0Vc+5CYnvgms2dMax+Wnh9B3enk1isd2lHa2YPfgrSOr3wMS7JvcXhI/QgMszhzYBqm07qX7SVWwOxY4Jsk1Bx0q
X-Microsoft-Antispam-Mailbox-Delivery:
    abwl:0;wl:0;pcwl:0;kl:0;iwl:0;dwl:0;dkl:0;rwl:0;ex:0;auth:1;dest:J;ENG:(400001000128)(400125000095)(5062000261)(5061607266)(5061608174)(4900095)(4920089)(6375004)(4950112)(4990090)(9140004);RF:JunkEmail;OFR:SpamFilterAuthJ;
X-Message-Info:
    qoGN4b5S4yqv5ZiVzhlzX+ToEuw4/+fzkcxthQ0TUMNz5b3xb3zt2yeCe8Yp30MNj90GvUZrZtw42qGsMiB30yoO/5eAlBwsz9yalEiYEAH5LwNKYo2uEnqGaNe1zpvv2hS3BR9YPSRdCPQBwfrsrlBKyTyerosdOn+tzYj72dyL9ynjnQuJm9K5iUnD9yUOqBEtuyDRQFIB2L26ZRzJpg==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
MIME-Version: 1.0


--=_ed74c8fa9d2eb80e51b51f607d3e31b4
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
X-Microsoft-Exchange-Diagnostics:
    1;HE1PR0602MB3516;27:MlK3zpmW2bzqDqB5mMPH1qCrsjO154tIZeVoXyts0Vc+5CYnvgms2dMax+Wnh9B3enk1isd2lHa2YPfgrSOr3wMS7JvcXhI/QgMszhzYBqm07qX7SVWwOxY4Jsk1Bx0q
X-Microsoft-Antispam-Mailbox-Delivery:
    abwl:0;wl:0;pcwl:0;kl:0;iwl:0;dwl:0;dkl:0;rwl:0;ex:0;auth:1;dest:J;ENG:(400001000128)(400125000095)(5062000261)(5061607266)(5061608174)(4900095)(4920089)(6375004)(4950112)(4990090)(9140004);RF:JunkEmail;OFR:SpamFilterAuthJ;
X-Message-Info:
    qoGN4b5S4yqv5ZiVzhlzX+ToEuw4/+fzkcxthQ0TUMNz5b3xb3zt2yeCe8Yp30MNj90GvUZrZtw42qGsMiB30yoO/5eAlBwsz9yalEiYEAH5LwNKYo2uEnqGaNe1zpvv2hS3BR9YPSRdCPQBwfrsrlBKyTyerosdOn+tzYj72dyL9ynjnQuJm9K5iUnD9yUOqBEtuyDRQFIB2L26ZRzJpg==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02


test mail
--=_ed74c8fa9d2eb80e51b51f607d3e31b4
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8
X-Microsoft-Exchange-Diagnostics:
    1;HE1PR0602MB3516;27:MlK3zpmW2bzqDqB5mMPH1qCrsjO154tIZeVoXyts0Vc+5CYnvgms2dMax+Wnh9B3enk1isd2lHa2YPfgrSOr3wMS7JvcXhI/QgMszhzYBqm07qX7SVWwOxY4Jsk1Bx0q
X-Microsoft-Antispam-Mailbox-Delivery:
    abwl:0;wl:0;pcwl:0;kl:0;iwl:0;dwl:0;dkl:0;rwl:0;ex:0;auth:1;dest:J;ENG:(400001000128)(400125000095)(5062000261)(5061607266)(5061608174)(4900095)(4920089)(6375004)(4950112)(4990090)(9140004);RF:JunkEmail;OFR:SpamFilterAuthJ;
X-Message-Info:
    qoGN4b5S4yqv5ZiVzhlzX+ToEuw4/+fzkcxthQ0TUMNz5b3xb3zt2yeCe8Yp30MNj90GvUZrZtw42qGsMiB30yoO/5eAlBwsz9yalEiYEAH5LwNKYo2uEnqGaNe1zpvv2hS3BR9YPSRdCPQBwfrsrlBKyTyerosdOn+tzYj72dyL9ynjnQuJm9K5iUnD9yUOqBEtuyDRQFIB2L26ZRzJpg==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02


<html><head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8"></=
head><body style=3D"font-size: 10pt; font-family: Verdana,Geneva,sans-serif=
">
<p>test mail</p>
</body></html>


--=_ed74c8fa9d2eb80e51b51f607d3e31b4--
 
Hi Eric,

Is this a new mail server? How long has the ip been in use?

We are seeing that hotmail is putting all email from new mail servers in the spambox directly, regardless of the mail server configuration.

Following all good practice guidelines doesn't appear to be enough anymore for hotmail/outlook.

Regards
 
Hi viadck,

The server has been in use for more than 4 years now. We are experiencing this issue for a while now. Not all servers don't have this issue. And the server provider unfortunately isn't being useful in solving this issue.
 
Thanks, but all are good. I have contacted Microsoft support multiple times, but they don't know what's the cause either :S
These guys only follow standard call/chat scripts.

symantec blacklist:
The IP address you submitted, 37.34.52.114, does not have a negative reputation and therefore cannot be submitted for investigation.

senderscore: MX record / SPF record / SSL certificate are all "green" and "checked". No warnings whatsoever.

And thanks for the good luck, I guess I really need it.
 
You are not alone. I have one server wich all emails from get in outlook/hotmail spam (also when sending with smtp authenticating), it's been like that for almost a year now, and I still have not been able to do anything about it. The ip is not on any blacklist, and I have a valid SPF and DKIM.
 
You're not using an ipv6 on the server next to your ipv4 are you?

And like ditto says, sometimes it goed wrong and nothing can be done about it.
 
Last edited:
IPv6 has been configured by our hosting provider. http://www.webdnstools.com/dnstools/dns-lookup-ipv6-results gives me a reverse DNS, but "No name server returned any records for this request."

When I test it in terminal with ipv4, I get the hostname under the "Answer section"
Code:
dig -x <ipaddress>

But when I try it with ipv6, I don't get an "answer section", only an "AUTHORITY SECTION". No hostname either.
 
Hi viadck,

The server has been in use for more than 4 years now. We are experiencing this issue for a while now. Not all servers don't have this issue. And the server provider unfortunately isn't being useful in solving this issue.

UH your provider i know them, it depend who is giving support , i gave them a testing website link out of my posted link here above, he ( someone from support) for himself has not 0 warnings 0 criticals.

Most of the BOXES don't have that, out of the BOX for more support you have to pay extra or a managed BOX, SLA and so on.

That is how Hosting company's have to earn their money nowadays. :( while to cheap defaults )

And yes they maid a failure in between when i asked them for a reverse ptr to set, the also changed another ip from the box, that is HUMAN to make mistakes sometimes is OK.
BUT result was for such a tiny mistake is not noticed before a failure is reported, could be Months later! :(
 
Last edited:
Should I disable ipv6 entirely? I haven't set it up on any other domain on the server. Only on the server's hostname.

The best is to set IPV6 for the Future see INternet.nl for test, so do it right or get rid of it, we go for right... ;)

The server Hostname is the default mailserver ip and so on.
 
Last edited:
Thanks ikkeben, I checked internet.nl. Got these results:

IPv6:

IPv6 addresses for mail server(s) close
Verdict: All receiving mail servers on your domain have an IPv6 address

IPv6 reachability of mail server(s) close
Verdict:
At least one of your receiving mail servers with an IPv6 address is not reachable over IPv6.


Test explanation:
We check if we can connect to your mail servers (MX) over IPv6 on port 25. We test all IPv6 addresses that we receive from the name servers of your mail server domain(s). A partial score will be given if not all IPv6 addresses are reachable. If an IPv6 address is (syntactically) invalid, we consider it unreachable.

I actually don't know what to do with the last sentence?

DNSSEC, DMARC, DKIM and SPF and STARTTLS
All okay/green.

2 exceptions:

Domain name on certificate:
The domain name on the certificate is strange. I set up Lets Encrypt certificates for all subdomains, but the report is saying that the server's hostname SSL is being provided as the mail server certificate???

DANE validity:
Verdict:
At least one of your mail server domains does not contain a TLSA record for DANE.

I read on the forum that DirectAdmin doesn't yet support TLSA for EXIM.

Guess I still have to put in some effort. Hope I can get some tips on where to edit what.
 
Eric do also all the other tests.

As also mxtoolbox and co. ssllabs and so on

Then first get things right for the ipv4 and Letsencrypt server and mailserver hostname's. ( IF DNSSEC then you probably have to stick with that and check everything is right, the domainnames on that server if not dnssec or needed then decide yourself/ company's

( DNSSEC but for all DANe if going something wrong, wich can happen to easily is a pain in the.. so do it with caution!.)

Then the Domains on it and their mx and co. >

Then decide yes no IPv6 yes or no, then have Server , DA and all as letsencrypt domains and mail the right settings ( each DA user should have in my opinion a own IPv6 at least, you have got a IPv6 block from you hoster so if needed they could support you with that. ;)

But as mentioned first take care of all IPv4 and then if problems also dnssec / dane, normally if you ad/change ipv6 after everything on the box is right this is easier.

There are also domains with own extern MX for mail on the box, take care the SPF,DMARC,DKIM are done right to for them. ;)


You also have to decide the domain use as mailserver the hostmailserver.url or the mail.domain.url howto is here in forum ans DA HELP, WIKI for that. ( i don't have the links sorry)
We use the host as mailserver mx for all domains on it, is easier, but it could be in your case not wanted by your Custommers on your server, while the mailserverhostname is one of your company's names.


If it takes to much time from you, you could again ask with the errors and wishes at your hosting company to make get you price offer for that work, or ask SMTALK here in this forum. (Caution if you did yourself a lot of changes to default BOX the hoster you are with will warn you for maybe loosing some.... :( )
 
Last edited:
To settup my Outlook I did next: I started for the first with the settings of the account, only by me. Because earlier I'm already have several bugs, sometimes because of someone pretty clever due email attachment sent some virus, and I had problems with the computer, malicious software absorbed my mail, and I could not do anything except to make attempts to import eml to outlook browse this page Very much I hope that so the purpose which you conceived to make via OutLook would not be harmful to mail users) cuz now I'm focusing on already successfully used Outlook and wouldn't want to get an attached "gift" anywhere on a working pc.
 
Back
Top