Microsoft Hotmail/Live.com is blocking my email

If your VPS is sending out spam or attempting to harvest email addresses then you can expect your IP address to be blacklisted, but every now and then Microsoft seems to be overly aggressive in adding individual IP's or even complete network ranges to their blacklist for reasons we don't understand. Please note that Tilaa is not the only hosting provider affected by this aggressive policy.

If you are added to their blacklist you should get an email delivery issue notification from your mailserver stating something along the lines of:

550 SC-001 (BAY004-MC4F9) Unfortunately, messages from x.x.x.x weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors.

If you find that you experience email delivery issues to Hotmail or Live.com email addresses please first verify your VPS has not actually been sending out spam. When we receive spam or abuse reports we will always notify you directly. You should also check your system logfiles to ensure no actual spam has been sent out (i.e. by compromised websites or accounts) and your own emails are not considered spammy.

Next, verify that your domain set up is correct. For email delivery to Hotmail/Live.com and others it's important to set up a DMARC policy, enable DKIM to sign outgoing emails and set up SPF to specify which hosts can send email on your domain's behalf. Finally make sure the forward (A) and reverse (PTR) DNS hostname of your mail-server are set and match up.

We recommend you double-check your domain settings and possible listing on other blacklists using these tools:

http://dkimvalidator.com
https://mxtoolbox.com

If you're confident no abuse has been coming from your VPS and your domain has been properly set up we recommend you to submit a delisting request at:

https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&wfname=capsub&productkey=edfsmsbl3&locale=en-us&ccsid=635611717755428181

If you get notified your IP is "eligible for mitigation" your IP address should be able to deliver email to Hotmail/Live.com without further issues. In most cases the issues are resolved within 24 hours.

Update: This problem seems to have gotten worse in recent months. If anyone at Microsoft is reading this we'd love to get in touch with the Hotmail engineering team to figure out what's going on.

Have more questions? Submit a request

7 Comments

  • 1
    Avatar
    Hans van Eijsden

    There's another thing Microsoft did: they blackhole (without sending any delivery failure report) all the mail with DKIM-canonicalization "simple", which is used by the opendkim package as default.

    If you use opendkim please make sure you activate and change this line in /etc/opendkim.conf to let Microsoft accept your emails:

    Canonicalization relaxed/relaxed

  • 0
    Avatar
    Mathijs de Bruin

    It seems Microsoft is getting the AS wrong:

    Unfortunately, messages from [<ip>] weren't sent.
       Please contact your Internet service provider since part of their network
       is on our block list (AS3150).

    The IP in question is on AS196752.

  • 0
    Avatar
    Dennis Krul

    Actually, the AS is not referring to an Autonomous Network like one would expect, but to an internal Microsoft Anti Spam code. It took us a while to figure that one out.

  • 0
    Avatar
    Federico Tomassini

    We have open more ticket on https://support.microsoft.com without any good response.

    Currently we are blocked and in the better case we have a delay of 17 our for a email delivery.

     

    Also we have a good setup of dkim dmark and spf, and we have insert our IP into https://postmaster.live.com/

    of course without solve it!

    .

     

    Edited by Federico Tomassini
  • 0
    Avatar
    Hendrik Adriaan de Grauw

    Thanks for the article, this was helpful!

    I tried all the usual things -- check logs for any unusual activity, search for rootkits, etc. -- but am quite confident my server is not hacked. It's just Microsoft being "overzealous".

    Sorry to hear it is affecting others too.

    My (cynical) view is that Microsoft are doing whatever they can to make life impossible for independent mail server administrators, until everyone just switches to their Exchange/Outlook products.

    Tilaa, perhaps you should consider making a formal complaint to competition authorities. This sort of behaviour from Microsoft is neither new nor accidental...

    Keep up the good work!

    /Haro

  • 0
    Avatar
    Kenny Minnebo

    I had the same issue for four days, this is really annoying.. not only hotmail but also gmail. Logged a ticket to the support yesterday, got no reply, so I just tested it again this morning and it is working again for gmail/hotmail. 

    In a new customer migrated my first websites, and immediately issues. This is really bad advertising for you and for me. I see that this is going on for a few months now. Jump into a plane to Redmond, Washington ;-)

     

    Meanwhile I received a support answer from Tilaa stating: 'Your email is unknown to us, please mail this from the e-mail you used to rent the VPS'....It was sent from my VPS, with an e-mail of my company domainname.

     

    Makes me sad.

     

  • 0
    Avatar
    Ruud Harmsen

    Kenny wrote:
    ==
    Meanwhile I received a support answer from Tilaa stating: 'Your email is unknown to us, please mail this from the e-mail you used to rent the VPS'....It was sent from my VPS, with an e-mail of my company domainname.
    ==

     

    Actually this makes sense. The problem you are reporting to Tilaa support might in theory be so bad that your VPS isn't usable or accessible at all. In such a case, it would be rather stupid if Tilaa sent their response to the e-mail address which is served in your VPS, as you would not be able to read it.

    That is why Tilaa always registers an e-mail address for each client which is outside the client's domain(s) hosted at Tilaa, and they use that for support first. Thus there is a better chance of reaching the client.

Article is closed for comments.