View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Why is Microsoft blocking my emails?
Log in to Ask a Question

Why is Microsoft blocking my emails?

spam mail-server microsoft block-list
Linode Staff

My emails are bouncing back, and I don't know why. I get the below message. What does it mean?

Please contact your Internet service provider since part of their network is on our block list

48 Replies

Linode Staff

There are quite a few records that you will need to set up for a mail server. This will help validate your mail server to receiving mail servers. This Community site post from a couple of years ago is still rather relevant. It's a through explanation of how to set a mail server's records up.

I also recommend checking out the below resources for more information.

You may need to reach out to Support, if you find that you are still having issues sending email and it's only blocked by Hotmail/Outlook. We will be able to assist you with requesting a delisting from Microsoft. We will just need you to supply us with some information.

Please provide us with the following in your Support ticket:

  1. The full SMTP 5xx error message that you would have received when you were notified of this block from Microsoft. It should look something like this:
host mx3.hotmail.com[$MICROSOFTIPADDRESS] said: 550 SC-001
   (COL004-MC3F10) Unfortunately, messages from $YOURIPADDRESS weren't sent.
   Please contact your Internet service provider since part of their network
   is on our block list. You can also refer your provider to
   http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL
   FROM command)

  1. The domain that you were attempting to send mail from, and the domain that you were attempting to send to.

  2. Confirmation that you have a valid SPF Record and (rDNS) set up.

Microsoft will not accept mail from domains without a valid SPF record, and you are likely to have deliverability issues without valid reverse DNS set up. We can send a delisting request to Microsoft for you once we have that information and have ensured that your SPF and rDNS are set up correctly.

I hope this information helps!

They dont send any error anymore, they just drop the mail.

I use SPF/DKIM/DMARC. rDNS is set too.

Linode Staff

@Tntdruid could you elaborate a bit more on that? We've very recently received reports of customers receiving such messages from Microsoft.

Made a myname@outlook.com account to test if mail gets there, they did not. Dont see any errors from outlook.com.

I have the same problem. I am receiving the following message.

SMTP: 550 5.7.1 Unfortunately, messages from [x.x.x.x] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [MW2NAM10FT006.eop-nam10.prod.protection.outlook.com]

The settings of SPF, rDNS, tested on the site mxtoolbox(https://mxtoolbox.com/). Would you help me.

@rbarbosa --

Unfortunately, without mind-reading capability, it's going to be difficult to figure out what, exactly, is wrong without a lot of trial and error. Microsoft is very inarticulate/capricious/litigious about their internal IT policies…and even less-articulate about their policies regarding customer-facing services.

They are also not immune to the good, ol'-fashioned screw-up. You know…the contractor in Bangalore changed something in the world-wide Exchange network s/he shouldn't have…

-- sw

I totally agree with @stevewi when it comes to the consumer-focused Outlook.com (previously Hotmail and related ilk.)

However I have been pleasantly surprised with sending mail to Office 365 users (the “cloudy” version of Exchange.) I’ve had several IPs from Linode that were only blacklisted by 365, but they bounced with a clear message and a web link that prompted me to submit the IP.

Within a day or two the block was removed and never had another issue with those IPs.

I had already checked how I mentioned in the previous message with mxtoolbox he searches in several RBL. I also tested using the websites you mentioned, I have dmarc dkim and spf and rdns I am sending and receiving to other domains like gmail, etc. less for hotmail. I sent it from another Linode server that is in the same region(Atlanta) and it worked.

@rbarbosa --

I wrote:

Unfortunately, without mind-reading capability, it's going to be difficult to figure out what, exactly, is wrong without a lot of trial and error.

Since you have access to an email server that works, I would do one of two things:

  1. use that server for your emails to Microsoft domains (easier); or
  2. figure out how your mail-server configuration is different than the one that is known to work (harder).

However, the situation you describe with the two servers in the same datacenter is not unusual in my experience. Are the two servers in the same subnet? Does mail from the two servers use the exactly the same SMTP "route" from source to destination?

Microsoft undoubtedly has developed proprietary sources of information that they use in making rejection decisions. Because of this, and their understandable reluctance to talk about internal IT security policies, you have no way of knowing exactly what the reason for rejection was…and Microsoft is never going to tell you either (you could always try asking but I wouldn't get overly hopeful about a response…or even an acknowledgement).

While mxtoolbox is a good toolset, the list of things it checks is not exhaustive. Because Microsoft uses proprietary sources of information in their decision-making process(es), mxtoolbox can never check those.

I suggest you get cracking on that trial-and-error process…you're going to be at it awhile (keep good notes). Don't be surprised when the thing you discover solves your problem stops working after awhile for no reason. Ditto for your "known-working" configuration exemplar. Unfortunately, Microsoft is flying this plane and, like in commercial airliners, there are locked, bullet-proof doors without windows between you and the pilot.

-- sw

Same thing has just started happening with my server as well. It was working fine 24 hours ago, so this is very recent.

At first I thought I had messed up my postfix setup (I've been rejecting spam emails sent to (not from) my server, but double checking has shown that it's all fine.

I've also used mxtoolbox and I'm not blacklisted (except via Hotmail/Outlook).

Cheers,
Darren

@cashdj --

You write:

Same thing has just started happening with my server as well. It was working fine 24 hours ago, so this is very recent.

Welcome back, my friend, to the show that never ends…

Back in my working days, I worked on a project that was a partnership with M$…partnership agreement & everything. M$ stole our idea(s) and marketed their own product…completely cutting us out. Needless to say, we abandoned our efforts. Fortunately, most of our IP was patented so M$ had to eventually pay us for a license to use it so we were able to recover some of the cost of this "relationship" (my former employer was particularly ferocious about this).

When we asked the M$ "VP of whatever Marketing" who was heading up their side of things what had gone wrong with the relationship and why they had done what they'd done, he said (and I'll never forget this): "You made a fatal mistake…you trusted us."

-- sw

Aaaand now I'm getting it too.

Unfortunately, messages from [104.237.131.xxx] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors.

I've added the server IP to the MS tool, but it's listed as "Blocked due to user complaints or other evidence of spamming". Unless I've completely missed something there is not and has never been any mail from my domain that I didn't type individually. I don't conduct mailing campaigns, and I don't sell anything, it's just a personal domain and has been for the better part of a decade. I've got DKIM/SPF/DMARC configured, and a PTR record for the IP, and I've been able to send mail to outlook.com and hotmail.com users (as well as friends at higher ed and other commercial domains) for years.

I did reply when I got the "not qualified for mitigation" message, and received this in response:

My name is xxx and I work with the Outlook.com Deliverability Support Team.
IP: 104.237.131.xxx
We will be looking into this issue along with the Escalations Team. We understand the urgency of this issue and will provide an update as soon as this is available. Rest assured that this ticket is being tracked and we will get back to you as soon as we have more information to offer.
Thank you for your patience.

That was on Saturday, so I'll see where it goes. Just happened to find this thread while checking to see if anyone else was experiencing it.

@not_that_dave yes, this started happening to me about 2 or 3 weeks ago as well. No explanation given, not very useful data provided by Microsoft in their dashboard thing, and my mail server has SPF, DKIM, DMARC… very frustrating. I too have got the 'not qualified for mitigation' twice now.

Did they end up delisting you after you followed up on their 'not qualified for mitigation' message?

Same problem here, it started a couple of weeks ago. Configuration is fine (checked on mxtoolbox) but received "not qualified for mitigation". I've even tried to switch the mail server to another IP, but with no results. Now I will try to contact linode support as described in the first reply.

It seems that microsoft blocks your IP even if it's not sending spam, but there is another linode in your subnet (with an IP near yours) that is sending it. It seems to me that this practice should be against some internet rules and/or email rules, couldn't linode complain with some authority?

@digitaldruid writes:

It seems to me that this practice should be against some internet rules and/or email rules, couldn't linode complain with some authority?

Policies governing email arriving at a particular email server (which may or may not be different from a domain), are under the control of the server owner/operator…not "the internet." The only rules that matter are the rules the server owner/operator wants to set up and enforce.

I own/operate my own email server. If you (the sender) didn't have an SPF record or didn't have rDNS set up or used an invalid HELO hostname, my server would reject your messages too. I don't need permission of "the internet" to do any of this. Neither do you. "The internet" ends once the packets cross the boundary into M$s private networks (where M$s email servers undoubtedly live).

M$ has the right to protect it's private property with whatever policies they want. You/me/Linode/USGovt/IETF/whoever can complain about it until the sky turns green. The only complaints that matter are from M$s internal policy makers.

-- sw

Same happening now. Have all above settings done right and getting blocked sending to outlook/live/hotmail addresses. On their Junk Reporting and snds lists too - never any spam reported.

Support says nothing we can do - they asked for remediation and Microsoft refused. Bounce still says:

XXXXX@live.com: host live-com.olc.protection.outlook.com[MY IP]
said: 550 5.7.1 Unfortunately, messages from [MY IP] weren't sent.
Please contact your Internet service provider since part of their network
is on our block list (S3140). You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors.
[DM6NAM10FT043.eop-nam10.prod.protection.outlook.com] (in reply to MAIL
FROM command)

Is there any hope, or best to move email off linode for good?

I ran https://talosintelligence.com/reputation_center/lookup?search=MY IP and found some IP's with Poor reputation in my IP block on Linode. Have reported this with my support request and no response on that so far.

Please run a report and see if this is the problem. Maybe Linode is letting too many bad players send spam and is hurting us all.

Linode Staff

@lukydesigns I've found your ticket, and it looks like you've received the most recent response from us. Let us know if you have any other questions!

I'm having similar issues with Microsoft. This is pure extortion.
SPF, DKIM, DMARC all set. Our IP isn't listed on any block list.
I've opened ticked but so far received nothing that could help us out. I've also opened ticked with Microsoft. Nothing so far.
My coworkers are getting pissed. We can't work with 5 of our partners anymore.

What to do?

WINLV.EDFS.WW.00.EN.MSF.RMD.TS.T01.SPT.00.EM@css.one.microsoft.com: host
css-one-microsoft-com.mail.protection.outlook.com[104.47.53.36] said: 550
5.7.511 Access denied, banned sender[176.58.X.X]. To request removal
from this list please forward this message to
delist@messaging.microsoft.com. For more information please go to
http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410)
[BL2NAM06FT004.Eop-nam06.prod.protection.outlook.com] (in reply to RCPT TO
command)

Yup, just started getting these a few days ago.

I will log a support ticket with Linode.

Oh that one (banned sender […]) sounds very familiar.

We have that as well since Dec 20th.

On 2 servers in Frankfurt. They both are fully blocked by Microsoft.
Fun facts: Using their delisting option https://sender.office.com says "the IP is NOT blocked".

I opened a ticket on the same day. No useful progress so far. They simply do not understand the issue, nor do they grasp the implications.

I wonder whether they simply blocked all Linode IPs somewhere manually?

We don't do our own email via Linode. We have an account with an ISP (pair.com) for $6 a month and use it for email only. We direct email to them and web traffic to Linode via the registry's DNS records.

(For backup outgoing email we have an account at smtp2go.com)

Since email is a 'core business' of most ISPs, they are usually very proactive about IP blocks and blacklists… getting off them and staying off of them by shutting down the accounts of spamming customers.

Has anyone had any success with resolving this? I have two servers now being blocked by Outlook 365. Emails being returned with error:

"host
xxx-com.mail.protection.outlook.com[104.47.60.36] said:
550 5.7.511 Access denied, banned sender[xxx.xxx.xxx.xxx]. To request removal
from this list please forward this message to
delist@messaging.microsoft.com. For more information please go to
http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410)
[QB1CAN01FT020.eop-CAN01.prod.protection.outlook.com] (in reply to RCPT TO
command):"

So, we follow up with that, get automated email to use the delisting profile, go through the steps there, and at Step 3 to see message that the IP is NOT blocked!

So far, all I've received from Linode Support is a boilerplate response to the issue… two different support tickets, one for each Linode - exact same cut and paste reply.

No further updates from them.

Linode Staff

@ianscottgroup I've think I've found one of your tickets and I'll be replying shortly.

I have the same problem. I filed tickets with MS and Linode before Christmas and the problem was fixed but only for a day or two, now I'm blocked again by MS. Grrr… Needless to say this is incredibly bad for business.

We need to hear from Linode why this happens and what their plan is avoid it in the future. I have to change provider asap after New Years if this continues.

Is it your incoming mail that is being returned to the sender or is outgoing mail being returned to you?

If outgoing it would be simple to just send your mail via a 3rd party SMTP company. We use smpt2go.com on occasion.

For incoming, as I said above, get a 3rd party in-box and set your MX record to send it to them.

Seems they blocked most of ip range now
just created another server and that ip is also blocked
no matter what you do regarding communication with MS
either they tell you that your ip is not blocked or they tell you it's an error

but their own status says: Blocked due to user complaints or other evidence of spamming

server has only been running for 4 hours

@acanton77 Thank you for the tip. As we're not running any mailing lists I think the free plan of smtp2go.com with 1k mails/month will actually suffice and it seems to work fine with our 365 clients. Smooth setup!

However, I'd still want to have an action plan from Linode on how they are going to fix this.

However, I'd still want to have an action plan from Linode on how they are going to fix this.

What, exactly, would such an action plan look like?

M$ operates its own firewalls and mail scanners and lives by it's own rules (which are an M$ state secret). Linode is good at a lot of things but reading the minds of Indian IT 'droids is probably not one of them…

-- sw

What, exactly, would such an action plan look like?

That would be steps to identify and eliminate unsolicited email traffic originating from Linode IP blocks.

I doubt that MS blocks us without a good reason and I do not think they conspire to force the whole world to move into Exchange hosted by MS by blocking everyone else.

@cdmackay - did you ever get a resolution to this? It's been 4 weeks for you.

This has now got to the point of being beyond frustrating for my clients.

How about you, @liayn ?

I hate the idea of having to use and pay for another smtp sender… a couple of my clients won't accept that and will just want to leave Linode all together if this mess is not straightened out ASAP.

Same problem here, seems to be growing across 365 exchange servers:

From Australian Linode:
Remote-MTA: dns; ed-act-edu-au.mail.protection.outlook.com
Diagnostic-Code: smtp; 550 5.7.511 Access denied, banned
sender[172.105.172.47]. To request removal from this list please forward
this message to delist@messaging.microsoft.com. For more information please
go to http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410)
[ME3AUS01FT005.eop-AUS01.prod.protection.outlook.com]

delist@messaging.microsoft.com claims IP address is not currently blocked.

I have signed up to SNDS https://sendersupport.olc.protection.outlook.com/snds/

It does list the IP address as "Blocked due to user complaints or other evidence of spamming"

It doesn't provide any further info about removing the blockage.

@pmcneil - I have been using sendersupport for a long time. Neither of the two IP's in question are listed there.

I think sendersupport is more to do with hotmail/live.com emails than Office 365 clients. But you could be on both.

On the other hand, who really knows? Every time I go to the delist portal, follow through with the delisting procedure, at Step 3, I am told the ip is NOT being blocked….

Linode support really need to step up here and make every possible use of their contacts to get this figured out…. for their benefit, or there is going to be an exodus. And yes, Microsoft Office 365 needs to be held accountable as well - Microsoft always seems to have an attitude that they own the internet (from personal experience going back to 1997).

Linode support also need to be a bit more proactive and tell us exactly what they are doing, what progress is being made, and what issues on their end are being faced… just like a company that has been compromised. They need to be more forthcoming rather than boilerplate responses so we know there is actual work and effort being put into this, and to prepare to help those of us being hurt to find a solution.

The only other option at this point is to leave Linode.

This has now gone too long without any proper response from Linode, I'm moving out.

Does anyone have any Linode-like provider they can recommend?

Update from my side again.

We actually got de-blocked after 4.5 days after opening the support ticket at Microsoft. That was on Dec 23rd.
Today, we got blocked again.

Also today, we changed the IP of the Linode to a new one. Guess what, it is blocked too.

Two things I'm wondering:
(1) Is Microsoft using this (blocking with very broad actions instead of focusing on spammers) as a way to harass and possibly drive out of business competitors like Linode?
(2) Is Linode so dependent on accounts that it turns a blind eye to bad spamming practices?

I was having some troubles with gmail bounces, but finally figured out how to set up SPF, DKIM, DMARC and I think the trouble has subsided. I don't think I've had bounces from Microsoft Outlook yet. From what I'm reading here, it's just a matter of time, probably.
Mostly Linode has been quite supportive. I hope (2) is not true and they do institute/enforce some sort of good neighbor email policy. Otherwise (1) is likely to succeed.

UPDATE: just spotted a similar thread with an update from Linode from 9 hours ago, https://www.linode.com/community/questions/22287/550-57511-access-denied-banned-sender-office-365#answer-78938 followed closely by some good advice from @amityweb and @vegard. I think letting our friends using Outlook that Microsoft is screwing up, and also friends that aren't, wouldn't hurt. Squeaky wheel and all that. Just occurs to me that I have a contractor-work account I can test. If it doesn't work, maybe I can get the IT staff at UCSF to register a complaint with Microsoft.

Another update:

Finally, a Microsoft support guy revealed that the blockage might be due to a blacklisting on https://www.uceprotect.net/en/rblcheck.php.

It turns out that not our single IPs are blocked, it is the WHOLE AS63949.

Our job is done, Linode's turn.

Linode Staff

I shared an update here:

https://www.linode.com/community/questions/22287/550-57511-access-denied-banned-sender-office-365#answer-79031

Finally, a Microsoft support guy revealed that the blockage might be > due to a blacklisting on https://www.uceprotect.net/en/rblcheck.php.

If you could update your ticket with more information about this (i.e. what specifically you were told), it'd be helpful. So far as we know, Microsoft maintains their own blocklists and does not use UCEProtect.

@jackley

Attached the mail's content to ticket 16754803

-

No specific information whether they use it, or not.

@liayn

Our company paid the fee have a single IP whitelisted so it would not be included in the lvl3 at UCEPROTECT.
We have confirmed that this worked, but it did not affect the bouncing issue. We are still not able to send emails from our IP to Office 365 users.

We've been having this problem since about Dec 21. I have used non-Linode servers to ask our members who can't receive our weekly newsletter to ask their IT staff to look into it. At least three of these Microsoft customers have pointed to our server's listing on UCEPROTECTL3 as the reason the mail isn't going through. They forwarded screengrabs that appear to be from mxtoolbox.com.

However, I was able to send from another Linode server that is also on listed with UCEPROTECTL3. But perhaps not this week… we'll see.

@pascual, that is a very interesting data point. Could you please keep us updated if that extortionist fee ever does you any good?

I have the same problem. Setting up another email server while I'm on Linode doesn't sounds acceptable. If Linode cannot recognize this as a real issue and don't approach MS then I'm afraid it's time to move on and find a new provider after many years.

@aasv

I am sorry to say that it did indeed have zero effect. We paid the 25 CHF for one month of whitelisting, and after an hour or so UCEPROTECT confirmed that the whitelisting was in effect.
For UCEPROTECT's part it seems to work fine as our specific IP for our mailserver no longer is listed at lvl3 for just being part of an AS with low reputation, but emails of Office 365 are still bouncing the very instant moment they are sent from our our server.

I can't conclude from this with absolute certainty that there is no link between Microsoft's internal blocklist handling and data from UCEPROTECT, as Microsoft might cache such data.
However, it has been over 48 hours since we tried the whitelisting, and the issue remains in full effect.

@pascual It would be a better idea to invest that 25 CHF in an external smtp service for now.
Please do not pay those extortionist fees to uceprotect, they are not referents at all, although I'm also sorry that the solution did not work for you.

My business partner believes it typically takes Microsoft staff at least a month to resolve issues of this kind. I, on the other hand, have given up waiting for Microsoft to work out what the hell their systems are doing. I am also of the opinion that this kind situation may become more common as spamming continues to grow.

After losing some customers and multiple others repeatedly complaining to me on a near daily basis I have subscribed to SendGrid and spent the hours necessary to authorise each and every domain running off of my servers.

I'm not happy about it but in the end I needed this issue to go away and I can't have it happen again, so if that is what I have to do then I'll lump the cost for now and consider raising my hosting prices down the track.

So far so good, mail-flow through to all destinations is successful.

@ianscottgroup No, I had no luck.

Linode Support were very helpful indeed, but unable to make any further progress with Microsoft than me, nor suggest anything else.

i.e. we are both told by Microsoft that my Linode IPv4 is not blocked. When we send a follow-up, asking what /is/ being blocked, and showing them the bounce messages (which quote my IP), we receive no reply. Repeated contacts to MS produce the same result. Hopeless.

This affects multiple users from my domain, so doesn't seem likely to be an envelope-sender (rather than IP) block. Those same users can send email successfully from my domain, as long as the emails don't go out via my Linode. And blocking on something like sender that could be forged would be stupid, surely?

I've taken out an outgoing-only SMTP mail service with Mythic Beasts (who I strongly recommend). At the moment, I'm diverting emails addressed to a small (manually-maintained) list of MS/O365-hosted domains via MB, and they get delivered fine (from the same envelope-senders who are blocked when sending via my Linode). All other emails continue to go out via my Linode.

I'm struggling to see the point of paying for both, so am considering shutting down my Linode. But I've sent my own email out for over 20 years, so that would be a shame.

[and just to note: I believe I'm fully SPF, DMARC & DKIM compliant, and all the testing tools I've tried confirm that, including headers added on receipt at e.g. gmail. mxtoolbox shows me on no lists other than the discredited UCE. We send email to hundreds of domains, many with strict RBLs, with no issues, except for MS/O365]

I'm facing exact issues as @cdmackay mentions and concur with everything mentioned above. In my case I've redirected to sendgrid.com which offers 100 free relays/day.

Perhaps linode should offer a safe [for free] relay for it's customers or actively work with MS to remove their IP blocks from their blacklists.

As mentioned by @cdmackay i am also fully compliant and pass all smtp tests with full rDNS, DKIM, SPF, TLS, spamassassin, closed relay, etc so it not the specific Linode IP address at fault but a whole block. I know of at least 2 other linodes (that i maintain for friends) in the 178 block that facing the same issue. One is in the process is moving off Linode.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct