Blackholed Emails to hotmail unless email is added to the accounts address book?

phillbooth

Active Member
Sep 9, 2013
41
4
8
cPanel Access Level
Root Administrator
Hello, apologies if you have seen a similar email on this forum I know there are quite a few.

I run a small server for my company and we seem to have trouble sending emails to hotmail.com users the emails are simply go missing, we do get a rejected message neither do they appear in the spam box.

We have however found that only hotmail.com user that have the email address in their address list receive the email.

We do not send out marketing emails just business emails to customers and suppliers.

Things like HELO and Sender Verification Callouts compliance are set up in the EXIM config.

We have a correct SPF and DKIM and we use DMARK reporting system where we get notifications from hotmail.com that the emails have been received and the SPF/DKIM/IP's are correct even though the emails have not appeared in.

We have also signed up to Microsoft authentication system(s) DocuSign, SNDS and JMRP

Our PRT/rDNS points to the server name sending out the emails.

And we are not on any IP blacklists and have not ever been on a blacklist

Out EXIM log shows that the email arrives with out any issue. (below)

Code:
2016-03-10 09:29:12 1adwu8-0002Wj-P0 H=(188.166.156.185) [::1]:33972 Warning: Message has been scanned: no virus or other harmful content was found
2016-03-10 09:29:12 1adwu8-0002Wj-P0 <= [email protected] H=(188.166.156.185) [::1]:33972 P=esmtpa A=dovecot_login:[email protected] S=623 [email protected] T="test3" for [email protected]
2016-03-10 09:29:12 1adwu8-0002Wj-P0 SMTP connection outbound 1457602152 1adwu8-0002Wj-P0 example.co.uk [email protected]
2016-03-10 09:29:14 1adwu8-0002Wj-P0 => [email protected] R=dkim_lookuphost T=dkim_remote_smtp H=mx2.hotmail.com [65.55.37.88] X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256 CV=yes C="250  <[email protected]> Queued mail for delivery"
2016-03-10 09:29:14 1adwu8-0002Wj-P0 Completed
So just as an example this is the header from an Email that is accepted because the "from" email is in the hotmail.com accounts Address Book

Code:
x-store-info:qAUQJzZ73IJCLUJ+0n7ZQ5yN3wd9gk1J07UWi4loZZzPI5m/6XJfda1HSznT8WoXB9vhQqhEoSI08tyYvRUjuZpjwYZVz1Gnx0LX8+UpXEIRhXUfr3IBsHSoKCd6oUBUtmEAzVgrqA0BUdnjhlUrCA==
Authentication-Results: hotmail.com; spf=pass (sender IP is 188.166.156.185; identity alignment result is pass and alignment mode is relaxed) [email protected]; dkim=pass (identity alignment result is pass and alignment mode is relaxed) header.d=example.co.uk; x-hmca=pass [email protected]
X-SID-PRA: [email protected]
X-AUTH-Result: PASS
X-SID-Result: PASS
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MztHRD0zO1NDTD03
X-Message-Info: quWoRize8kAhL5pjqLXOA0MaMn/Gi2gILPRd0yrvhXnScUBiLl19zazKYn5DbLq3eBrjV6RxV9aEh4ukWbRG9QSaPXVt8nbVl4yn6BrIazf9g7Cz3tQUQ0lJ9eQE9UDI2mtN8oxfaqcEhhfunZu0mww7l5Pzrown8TfUunv3XxmmsTf7zUH4dizIgNpUu3fRZp/4SnxPngpd7qIq6Fg5Q75YSXMTJ+WBEul0/K+EBuA=
Received: from server5.exampleserver.co.uk ([188.166.156.185]) by COL004-MC2F37.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143);
     Thu, 10 Mar 2016 01:29:15 -0800
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
    d=example.co.uk; s=default; h=Message-ID:Subject:To:From:Date:
    Content-Transfer-Encoding:Content-Type:MIME-Version;
    bh=uwVE0SsUJ8oLg+ZDMZ79idR50aD2JWi9A1Lyg0YWhDg=; b=CzeVVXw0U47UNkw3nLfkah8y39
    ndcV+KqEofTFZeE6/Liy7e0dtk7BzI+Y8om0L7am3r92WXhLQ4x7q43yCqgXaWcMMojFJLfWvLSfE
    DplJhxHugA1QSLl4ZthCIWFZ+kY0JtjUlHJBTGTNEjHXde9qHYnFSZs/7N3TcELvPfxTA2DfW9WwZ
    4y+Ho0jOhw16gf/9e1GYPf3Bwa3wDGqpY+nVfqZG2RbmEfMWKuagZCcq15D9iviyVhxMmkOOWWVSm
    AZscJ+e0vEQaVR8JOaWM1qqa6Al5y3Jw2qL+jb9lOogFK0TD7ayPNRz+Lny/a4M/+YMA4cMNzRdlm
    4hueHTFQ==;
Received: from [::1] (port=33972 helo=188.166.156.185)
    by server5.exampleserver.co.uk with esmtpa (Exim 4.86_1)
    (envelope-from <[email protected]>)
    id 1adwu8-0002Wj-P0
    for [email protected]; Thu, 10 Mar 2016 09:29:12 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
format=flowed
Content-Transfer-Encoding: 7bit
Date: Thu, 10 Mar 2016 09:29:12 +0000
From: [email protected]
To: [email protected]
Subject: test3
Message-ID: <[email protected]>
X-Sender: [email protected]
User-Agent: Roundcube Webmail/1.0.6
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server5.exampleserver.co.uk
X-AntiAbuse: Original Domain - hotmail.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - example.co.uk
X-Get-Message-Sender-Via: server5.exampleserver.co.uk: authenticated_id: [email protected]
X-Authenticated-Sender: server5.exampleserver.co.uk: [email protected]
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Return-Path: [email protected]
X-OriginalArrivalTime: 10 Mar 2016 09:29:15.0734 (UTC) FILETIME=[50686760:01D17AAF]
 
Last edited:

phillbooth

Active Member
Sep 9, 2013
41
4
8
cPanel Access Level
Root Administrator

JoseDieguez

Member
PartnerNOC
Jan 26, 2016
9
6
3
Chile
cPanel Access Level
Root Administrator
This is a normal procedure from Microsoft/Outlook to make more people use their paid services. you do have a form on microsoft website (the form it's extremely well hidden) to fill, and make them stop "blackhole" your mails.
 

phillbooth

Active Member
Sep 9, 2013
41
4
8
cPanel Access Level
Root Administrator
Here is the link https://support.microsoft.com/en-us...fsmsbl3&locale=en-us&ccsid=635806049111602712

Make sure you have these

  • SPF
  • DKIM
  • DMARK
  • rWHOIS (referencing your company or organisation)
  • rDNS / PRT (referencing your domain name)
IN CPANEL/WHM/EXIM OPTIONS
  • SPF
  • DKIM
  • Set SMTP Sender: headers
  • Require HELO before MAIL
  • Require RFC-compliant HELO
  • Allow Sender Verification
  • Scan Outgoing emails for spam and viruses/malware

You might want to sign up to these as well

https://postmaster.google.com
Outlook.com Postmaster