Mails goes directly to spam - Only outoook/hotmail/msn etc - Critical issue

lowprofile

Verified User
Joined
May 26, 2019
Messages
23
Hi,


We are experiencing huge email issues to Microsoft email accounts despite valid SPF, DKIM and DMARC setups. Mail goes directly into SPAM for only outlook/hotmail etc addresses - No problem with GMail or other providers.

We have also valid PTR/rDNS and our IP is not blocked on any public RBL. We have minimal email traffic and no spam issues.
We have contacted Microsoft and awaiting reply - We even tried to use a brand new IP address (thought maybe IP was blocked in their internal lists) but neither that helped.
We also tried to test on a server which was on another IP block - Same issue.

After spending enormous of time, i now suspect the headers in EXIM to trigger a this false spamflag at outlook. A quick google search reveals many identical issues.
One post from a guy gave me a hint that it is due to exim headers. See last comment in this thread:
https://github.com/MicrosoftDocs/OfficeDocs-o365seccomp/issues/211#issuecomment-523865562

So anyone else having issues and tried similar? I havent changed anything.

Running:
DA latest version CB2
EXIM latest version
blockcracking yes
easy_spam_fighter yes

A typical standard setup with no relay or smarthouse etc.

EDIT: Solution found. Contact Microsoft and explain them the issue. I used this link: https://support.microsoft.com/en-us/supportrequestform/8ad563e3-288e-2a61-8122-3ba03d6b8d75

Scroll down and read my post as well.
 
Last edited:

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
Seeing this issues on many servers nowadays, the outlook/hotmail are marking incoming emails as SPAM, when no other service marks them as spam. We suggest using 3rd party email services (free or paid) for sending emails to outlook/hotmail as the most simple solution.

If anybody else has another solution please let us know.
 

lowprofile

Verified User
Joined
May 26, 2019
Messages
23
I am in contact with Microsoft and when i get a better and specific reply on why it goes to spam i will notify you.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,289
Location
Maastricht
We had the same issue. For our volume 3rd party are too expensive and we just want to send mail our self.

A good choice is to become a member of there Smart Network Data Service )SNDS) which is totally free. Also join the Junk Mail Report Program from there (there is a link present).
This way, if people are making complaints, your quicker in preventing getting blocked.

There's always the dynamic spamfilter which is the worst. But you can create a good argument to ask for delisting if you are not on any blacklist with your ip and you are also member of SNDS and JMRP and had no complaints via those (tell them).
Still... it's no guarantee you will be delisted but there is a fair chance.

As said, the dynamic spamfilter is the worst. Especially if you host things like forums. People register their and if they stop using it, they don't ask to remove their account or something, but post notifications and even birthday messages will be just marked as spam by them.
This blunt behaviour of asocials often causes ip's with forums to get on their dynamic spamlist, it seems it does not take a lot of complaints to get on there.

Anyway, if you want to create -any- chance, follow MS's rules and RFC's and join SNDS and JMRP.
And... keep polite when writing to MS employees which answer your mail, even if their answers are short. As soon as people get impolite, you can forget about it.
 

lowprofile

Verified User
Joined
May 26, 2019
Messages
23
Yes i have joined SNDS and the junk mail report program - I dont see any complaints there either. I am on it and will get back with feedback.
Thanks for your suggestions.
 

mxroute

Verified User
Joined
Sep 24, 2019
Messages
54
Frankly, the best way to avoid this is to send mail through Office 365 Business. One might go as far as to suggest that this is an anti-competition practice on their part, but it's easily argued as simply being excessively militant spam filters.

The good news is you're in good company in the spam folder at Hotmail/Outlook. You can often find some of Microsoft's own email in that folder, ironically. The bad news is that there is nothing you can do to undo this, and here are some reasons:

1. SNDS can report everything fine, and likely will unless you are actively sending them spam.
2. Only SOME IP ranges actually get reports about emails that MS customers mark as spam through SNDS, others receive none (1 out of 3 of our /24s get this treatment, the other two do not). But taking action one way or the other won't help this unless, again, you're actively sending real spam.
3. Microsoft will not talk about their spam filters, and will only talk to you if they are returning a message declaring that they have blocked your IP. Instead they will repeatedly tell you that everything is fine.

Your best options are these:

1. Use mail-tester.com and aim for a 10/10 for your outbound mail.
2. Ask your recipients to mark your emails as not spam.
3. Recognize that it's not up to you what Microsoft does, and don't let you or your users hold yourself accountable for their failures.

Ultimately, when recipients continue to use an email service that consistently marks legitimate and clean email as spam, they have to take some responsibility for their situation. I hope the perspective helps, because it can be really frustrating when you consider it your job to fix something that a third party won't even talk to you about.
 
Last edited:

lowprofile

Verified User
Joined
May 26, 2019
Messages
23
Frankly, the best way to avoid this is to send mail through Office 365 Business. One might go as far as to suggest that this is an anti-competition practice on their part, but it's easily argued as simply being excessively militant spam filters.

The good news is you're in good company in the spam folder at Hotmail/Outlook. You can often find some of Microsoft's own email in that folder, ironically. The bad news is that there is nothing you can do to undo this, and here are some reasons:

1. SNDS can report everything fine, and likely will unless you are actively sending them spam.
2. Only SOME IP ranges actually get reports about emails that MS customers mark as spam through SNDS, others receive none (1 out of 3 of our /24s get this treatment, the other two do not). But taking action one way or the other won't help this unless, again, you're actively sending real spam.
3. Microsoft will not talk about their spam filters, and will only talk to you if they are returning a message declaring that they have blocked your IP. Instead they will repeatedly tell you that everything is fine.

Your best options are these:

1. Use mail-tester.com and aim for a 10/10 for your outbound mail.
2. Ask your recipients to mark your emails as not spam.
3. Recognize that it's not up to you what Microsoft does, and don't let you or your users hold yourself accountable for their failures.

Ultimately, when recipients continue to use an email service that consistently marks legitimate and clean email as spam, they have to take some responsibility for their situation. I hope the perspective helps, because it can be really frustrating when you consider it your job to fix something that a third party won't even talk to you about.
Thanks for your suggestion but in this case options 1, 2 and 3 didn't help. What did help was contacting Microsoft and explaining them the issue. The main reason for our IP was blacklisted in their internal systems was due to spam. I remember one of my client once got hacked and the limit of daily outbound mail was set to 1000 - His account managed to send out 3000 emails before it got suspended until everything was clean.

This 1 single occasion seemed to be enough to be blacklisted in Microsoft only.

Now the solution and pre-cautions was to tell them this and our IP was finally whitelisted again:

1. We now joined SNDS and the anti-mail junk program.
2. We lowered the outbound mail sending to maximum 100 pr. account (daily) in DirectAdmin to avoid any script go bananas.
3. We also never was or is registered on any DNSBL/RBL
4. Type of clients - What type of hosting etc (in our case WordPress hosting)
5. We always make use of SPF, DKIM and now also DMARC
6. No delivery problems to other providers.

These above pre-cautions and explanations was enough to start the mitigation of the IPs.
It took almost 7 days from start to finish - so one should have patience when communicating.


I was almost going to start using mail-gun for external smtp service, but thanksfully i didnt do that. Too much work when clients have external DNS (new DKIM, SPF settings etc)
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,289
Location
Maastricht
DMARC yes or no does not matter. I don't use DMARC on any customer domain by default and my issues were solved also.
The problem with Microsoft is that servers with low mail flow (or extensive high) and especially newly used ip's often automatically get on their grey list.
It's up to you to be a member of SNDS and JMPR and take care you got everything in top order. At least use SPF (best is with -all instead of ~all) and if possible also DKIM. MS is using this also to see if the reputation improves. It can get you automatically to the inbox, but can also take a lot of time.
Obey as much as Microsoft rules as possible, at least the technical guidelines.

If you do and still your mail gets into the spam folder, use the contact form mentioned and -be polite with them!- because they are there to help you.
In almost all cases I experienced that a default mail is send back which says you're not fitted for mitigation.
Reply to it, and explain why your ip should not be in the blacklist. A real person will take over and investigate and explain what could be wrong, or will get your ip of the grey list.

So as you see, only changing Dmarc is not enough, and Dmarc is not required either.
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
1,306
Location
Murfreesboro
Yep I have seen a lot of folks switch to a new IP thinking it will solve the problem. It just lengthens the process. MS and others will block you or deliver as spam just because the up is new thinking you are getting a new server set up to spam. Since the new ip has no reputation yet.

I welcome any new input on the guide as well.
 

tristan

Verified User
Joined
Feb 11, 2005
Messages
444
Location
The Netherlands
To go a little more in depth here:
  1. This IP address is quite high in volume, for a DirectAdmin server
  2. This IP is already active for over 10 years
  3. This IP isn't on any blocklist, also verified directly when I try to delist on https://sender.office.com
  4. This IP is already in our SNDS for years as well know, status normal
  5. This IP doesn't have any recent JMPR reports
  6. This IP email reputations is listed as Good on https://talosintelligence.com
  7. The domain has a valid SPF record
  8. The domains DKIM is setup and works as expected (10/10 score on http://www.mail-tester.com)
So like @mxroute writes, it's quite frustrating.

From a sample email to a Microsoft 365 hosted email account I did get some more clues in the headers. Spam Confidence Level 5 means it will be filtered as spam, also see: https://docs.microsoft.com/en-gb/mi...ty/spam-confidence-levels?view=o365-worldwide

09aeb462-6407-491e-99ea-f0ed985976ce.png

The headers with some explanation directly next to it:
image007.png
 
Last edited:

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
1,306
Location
Murfreesboro
Problem here is:
  1. the IP address is quite high in volume, for a DirectAdmin server,
  2. is already in business for over 10 years,
  3. isn't on any blocklist, also verified directly when I try to delist on https://sender.office.com
  4. domain has valid SPF
  5. DKIM works as expected (10/10 score on http://www.mail-tester.com)
  6. IP is already in our SNDS for years as well know, status normal
  7. No recent JMPR reports for this IP
So like @mxroute writes, it's quite frustrating.
Well that is good work.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,289
Location
Maastricht
I welcome any new input on the guide as well.
I just wrote some. :)

  1. IP is already in our SNDS for years as well know, status normal
  2. No recent JMPR reports for this IP
Especially mention these things on the reply to the mail you will get when you fill in the form. The reply in which you explain why you should not be grey- or blacklisted.
Using both and not getting any complaints belongs to the very good reasons why they can decide to get you of that greylisting.
Also use other facts like not having been on a blacklist for years (if true).
 

tristan

Verified User
Joined
Feb 11, 2005
Messages
444
Location
The Netherlands
Thanks for the suggestion, in my case it's not Outlook/Hotmail/MSN/Live.com etc but Microsoft 365 hosted email. You can only get support if you pay for support there I think.
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
1,306
Location
Murfreesboro
Thanks for the suggestion, in my case it's not Outlook/Hotmail/MSN/Live.com etc but Microsoft 365 hosted email. You can only get support if you pay for support there I think.
Should be this still

Microsoft blocklist delisting

based on this link

However, if the user chooses to block you not sure you can get around that.
 
Top