Can't Send emails to hotmail

hromero

Member
Apr 3, 2007
6
0
151
Possible way to the solution

I have the same error but when I send e-mails with a mails client or by www.mail2web.com it is sent.

Maybe we'll can find the solution.

Pardon by my mistakes. My english is basic.
 

koolcards

Well-Known Member
Oct 8, 2003
146
0
166
Tampa, Fl
This is good development. What are your SPF records?

ispdomain.com =?
host.ispdomain.com = ?
customerdomain.com = ?
mail.customerdomain.com = ?
http://www.openspf.org/ has a setup wizard to generate SPF records for you as well as a 'test' to check your record.
 

ruber

Member
Jun 5, 2007
22
0
151
I sent a message from telnet to a Hotmail account and it was received normally, on Inbox. When I send from Webmail or SMTP, it goes to a junkbox. The SPF records that I set on my DNS zones was generated from the OpenSPF.
 

steveedge

Member
Mar 21, 2004
12
0
151
Atlanta
SPF in conf file

I have the same problem, Hotmail messages bouncing back to server...only Hotmail, have checked DNS etc...it's all fine.

The first thing i did was sent the above link to my 3 clients who use Hotmail. However, this does not help with potential customers, etc..who use Hotmail.
My question is;

Can you add the SPF to the server conf DNS file ? I think I read that you could somewhere but do you just add it under DNS1 and 2 ? I saw nothing in this thread about that ??

v=spf1 a mx ptr ip4:xxx.xxx.xxx.xxx -all

In other words do i just put the above SPF on a line below the DNS servers in the conf file?

Also, If i do that does it cover all the domains on the server or just the main domain ? Sorry, it's a bit confusing.
Thanks,
s
 

koolcards

Well-Known Member
Oct 8, 2003
146
0
166
Tampa, Fl
In other words do i just put the above SPF on a line below the DNS servers in the conf file?
Doesn't matter where in the zone file it's located. It just goes in as a text record in the mail server's zone file, the order's not important.

Whatever machine you're sending from is listed in the email's header envelope as the mail server. So if the name of your server is "MyServer.MyDomain.com", then you want to add the SPF record in the "MyDomain.com" DNS zone file.

Useful tips:
http://www.openspf.org/FAQ/Common_mistakes
 

steveedge

Member
Mar 21, 2004
12
0
151
Atlanta
No Go

Doing the above did NOT resolve the issue.
There must be a fix somewhere or there would be more people posting here wouldn't there ?

I would appreciate anyone who is able to send mail to (and from ) Hotmail to please let me (and others know what you did to make it work.

I see a lot of people trying things throughout this thread but no solutions, or did i miss something ?
Thanks,
 

koolcards

Well-Known Member
Oct 8, 2003
146
0
166
Tampa, Fl

rossh_cp

Member
May 31, 2005
13
0
151
My thoughts and experience with Hotmail...


1/ Hotmail tracks the Message ID and that is the primary means of determining real from spam mail... eg. A new mail from xyz to hotmail will almost never deliver. But a new mail sent from hotmail, out to xyz and replied to by xyz, will always deliver to hotmail. All "replied too" mails that were genuine hotmail originals, will deliver into hotmail.

Hence a hotmail user can always expect an answer to his own original mails, but he will never know what mail hotmail has blackholed for him. i.e. Hotmail is a one way mail service.

2/ Hotmail tracks the IP's of MTA's that send mail regular (the ISP), and gives them a better chance of delivering. Mail from very low volume MTA's has an impossible task of getting delivered, and is droped almost always (because it looks like a spam bot).

3/ SPF is ignored - it has no effect on Hotmail.


rossh
 

koolcards

Well-Known Member
Oct 8, 2003
146
0
166
Tampa, Fl
My thoughts and experience with Hotmail...


1/ Hotmail tracks the Message ID and that is the primary means of determining real from spam mail... eg. A new mail from xyz to hotmail will almost never deliver. But a new mail sent from hotmail, out to xyz and replied to by xyz, will always deliver to hotmail. All "replied too" mails that were genuine hotmail originals, will deliver into hotmail.

Hence a hotmail user can always expect an answer to his own original mails, but he will never know what mail hotmail has blackholed for him. i.e. Hotmail is a one way mail service.

2/ Hotmail tracks the IP's of MTA's that send mail regular (the ISP), and gives them a better chance of delivering. Mail from very low volume MTA's has an impossible task of getting delivered, and is droped almost always (because it looks like a spam bot).

3/ SPF is ignored - it has no effect on Hotmail.


rossh


Just doing what they tell us :cool:

http://postmaster.msn.com/Guidelines.aspx
4. Authenticate your outbound e-mail: Publish Sender Policy Framework (SPF) records

Windows Live Hotmail currently uses Sender ID to provide additional input to the SmartScreenTM junk e-mail filter process which helps determine if the e-mail or sender is legitimate. The Sender ID Framework is an authentication technology and the key piece of the framework is checking SPF records.
 

rossh_cp

Member
May 31, 2005
13
0
151

Yes, but it is not the final answer... If they even look at SPF (and I doubt it), then it only makes a tiny portion of the approval. I have all mine set perfectly, all the guidelines complied with perfectly, and still nada.

Some test results

If I send a new mail off the webmail at my cpanel account (liquidweb) - OK
If I send a new mail of my PC to / through my same account on the cpanel - No.
If I send a new mail of my private VPS with its MTA - No.

If I reply to a mail from hotmail through any of those three methods - OK.

Hotmail, when getting new mail from outside, looks at the other received lines in the mail and makes its own decisions about the origins and relay status. Hence when I send mail from my PC, which delivers through my cpanel account - it has an extra received line that hotmail rejects.

i.e. hotmail is a "one way" service. You get what you pay for - nothing.

rossh
 

lloyd_tennison

Well-Known Member
Mar 12, 2004
697
1
168
Have you filled put and applied for the services on th hotmail postmaster page? Once you have their version of feedback loop and the email monitoring you will know better what is happening.

If you have not, why not? One should apply for all of monitoring and whitelisting services (at least the free ones!) AOL and Yahoo for whitelisting and Hotmail/MSN/NETSCAPE/Compuserve for monitoring.
 

rossh_cp

Member
May 31, 2005
13
0
151
Have you filled put and applied for the services on th hotmail postmaster page? Once you have their version of feedback loop and the email monitoring you will know better what is happening.
If you mean the SNDS https://postmaster.live.com/snds/index.aspx

Yes - I have a perfect clean report. My domains are very low volumes. And that appears to be the problem - not enough original mails from them to make a consistent record at Hotmail.

Look at the tests I do above - the only difference between in the mail sent from Webmail and my PC to cpanel account, is the contents of the first received line into Exim. The webmail one says "..from <local account name>", and the my PC one says "..from <my IP>". Its the same Exim and IP connecting to hotmail, but that difference in the first received is enough to fail delivery. i.e. proof positive that hotmail is testing the other received headers and making its own decisions.

Now I'm sure the guidelines work for larger volume senders and hosts, but they are all ignored and meaningless to low volume senders. I am very convinced of that.

rossh
 

lloyd_tennison

Well-Known Member
Mar 12, 2004
697
1
168
You say you have signed up for SNDS, how about Junk E-Mail Reporting Program? Then have you checked to see if all the IP addresses are clean? Maybe your local IP address is not, and the same with the VPS.

What I do know, is that MSN does respond to email request about lost emails if you are signed up for both of those services. However, if they feel you are a spammer they will respond with a a "proprietary technology" statement to get them off the hook. I have, however received direct information from them about why some emails go through and some do not. They are not as helpful as AOL, but they do respond - usually in 48 hours or so.
 

DaveT

Active Member
Aug 20, 2004
29
0
151
Enabling callouts blocks hotmail

Hi,

I've got an interesting variation on this issue...

Using cPanel 10 I'd got callouts enabled so that I could verify the validity of senders. No problems there and sending to / receiving from hotmail worked just fine.

I've upgraded now to cPanel 11 and I'm now getting
550 Your e-mail was rejected for policy reasons on this gateway. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation problems.
whenever my clients try to send email from the server. I addition clients attempting to send to the server from hotmail also get a similar message. When I disable the callout verification checks everything works fine again, but of course it means the server has to process much more spam since it's not being discarded by the callout verification.

The server isn't in any of the blocklists, and also the domains have valid SPF records.

Sending to/from gmail & yahoo work whether callouts are enabled or not but a lot of my clients communicate with contacts who insist on using hotmail.

Has anyone else seen this or got any hints?

Thanks,
Dave.
 
Last edited:

mtindor

Well-Known Member
Sep 14, 2004
1,452
110
193
inside a catfish
cPanel Access Level
Root Administrator
As far as incoming mail being rejected because the server can't do an actual callout to the responsible sender MX, yes you do lose some effectiveness if you have to disable 'Use callouts'. But, you can still keep '** Verify the existence of email senders.' enabled, which will at least verify the existence of a valid MX for the sender domain, which in and of itself does help a lot.

I have found very few places where mail would be rejected when I had 'Use callouts' enabled - funny thing is, one of those was the Cpanel ticket system - because the ticket came from [email protected] and that host 'something.cpanel.net' (i forget what it was) didn't exist or didn't accept callout connections. It was at that point that I decided I would just disable 'Use callouts'.

As for having problems sending to Hotmail / Yahoo / AOL, this has been discussed ad nauseum on these forums. Some of my recommendations are:
1. Make sure all domains sending mail via your server have an appropriate SPF record ( http://spf.pobox.com).

At minimum on a Cpanel machine, I usually enter in the following:

"v=spf1 a mx ?all"

But in my situation, many of our customers have a dedicated IP for their site and their MX and A records point to that IP, and that IP address is NOT the main IP address of the server. And by default, on Cpanel machines, the main IP address of the server is the one which sends out mail. So if the main IP off the server is 10.30.3.10, then I have the following as a minimal record for all domains on that machine:

"v=spf1 a mx ip4:10.30.3.10 ?all"

2. Make sure the IP address that your server sends mail from (which would be the main IP address), has (a) valid reverse DNS and (b) that reverse DNS is reflective of something descriptive within your domain, rather than some generic record that your upstream IP provider has put in place.

For instance, if your IP is 209.x.30.3, and your upstream IP provider has no entry for it in rDNS (or if they have a really generic entry like server01.upstreamprovider.com and your machine hostname isn't server01.upstreamprovider.com), then you want to contact them and have them change the rDNS record so that it reflects the actual main hostname of your server.

In the end, you should be able to do:

'nslookup main.hostname.of.server' and have it return the main IP address of your server

Then you should be able to do:

'nslookup xxx.xxx.xxx.xxx (where xxx.xxx.xxx.xxx is the main IP address of your server) and it should return 'main.hostname.of.server'

3. Make sure your main server IP address is not on any of the popular DNSBLs - plug it in at http://www.openrbl.org.

Even if it is not listed here, it doesn't mean that it wouldn't be blacklisted or negatively scored by AOL or Yahoo or Hotmail or RR.COM because of past traffic from that IP address before your server was using it. But it's a good start to make sure it isn't on any widely used global DNSBLs.

Even if you do all of the above, you and your users may find that their email ends up in the Spam folders of Hotmail, Yahoo, AOL, etc. even with those measures in place. Installing domainkeys _may_ be of additional benefit - but I cannot instruct you on how to do that.

4. Make sure your users aren't forwarding all of their spam from their accounts hosted on your server to an @aol.com or @yahoo.com or @hotmail.com email address. That will surely cause the future emails from your server's IP address to be thought of negatively by those entities.

Stopping your customers from forwarding is difficult. If you/your customers cannot guarantee that the mail system for the domain that mail is forwarded to actually accepts all mail (spam and not spam), then you'll end up finding a lot of incoming emails to your customer account addresses being forwarded to aol / hotmail / yahoo, then rejected by those entities, and then sit back in your mail queue trying to be delivered back to the sender.

If your customers MUST or INSIST on forwarding to AOL / Yahoo / Hotmail, you should consider INSISTING that they (a) activate spamassassin and (b) set up message rules to delete any messages that YOUR server believes are spam before it is forwarded to the other email addresses.

NOTE: This is not possible if all they do is set up a forwarder. In order to filter out the spam before it is forwarded, you have to create a POP3 account for that email address AND a forwarder for that address. the POP3 account then has to have filtering on it to delete any emails that the server thinks are spam (which is why spamassassin must be enabled on that domain). Any mail that doesn't get deleted by spamassassin will be forwarded to the respective aol/hotmail/yahoo address. Of course, the downside of this is that a copy of that same mail will go into the local POP3 account of that user on your system as well.

Anyway, hope my suggestions will be of some assist.

Mike
 

DaveT

Active Member
Aug 20, 2004
29
0
151
Hi Mike,

Thanks very much for taking the time and effort to reply to my post. :)

I think I've covered off items 1 and 3 in my OP - I've got valid spf and I'm not in any of the BL's.

I deliberately add a "transport = <ip address>" to my exim config to ensure that one of the public IP addresses is used to send emails from my servers - those public IP addresses have valid dns/rdns entries.

As I mentioned, sending to Yahoo, Google etc all works fine - it's just hotmail that seems to be a pain in the you-know-what...

I'm shortly going to be migrating my large sever from cP 10 to cP 11 and wanted to try and resolve this issue before the migration if possible.

I'm bemused why my server should be fine with callout verification on sending to everywhere except hotmail, and in that respect I'm still looking for some further guidance if anyone has some...

Dave.