On 20211116, at 09:14, Marco Kälin marco@kaelin.email wrote:
Hi @ all
Actually we have massive problems sending to private microsoft customers (hotmail.com, live.com, etc.) We offer some small smtp mailservices for our customers (smtp smarthost and also a mail encryption and sign service).
The standard configuration of our outbound smtp servers is from my point of view set correctly: • Fix IP • Correct SMTP Banner, HELO, RDNS
You mean EHLO right? :)
• A Records matches RDNS
Thus the FCrDNS check works?
As it is 2021... you do have an AAAA record and are capable of sending over IPv6 I hope?
• SPF Records pass
What is the policy, maybe ~all at the end? Maybe "ip4:0.0.0.0/24 -all"?
• Tested DKIM signed
Don't forget about DMARC, otherwise SPF and DKIM are pretty meaningless
And if you are forwarding messages, ensure to rewrite the From appropriately otherwise you break all kinds of things.
Not on any Blacklist (checked with mxtoolbox.com)
But is your network neighborhood clean. As you didn't provide any IPs, cannot verify that is the case.
If you host for instance at OVH or other such institutions except the /20 that your IP is in to be considered a bad neighborhood; and thus while your host is 'nice' the rest is not...
We registred our IPs on the Microsoft Smart Network Data Service (SNDS). This only reports "All of your IPs have normal status".
For low volume senders SNDS does nothing as you just don't send enough mail to get into their stats (see for instance https://jeroen.massar.ch/presentations/files/FloCon2010-TopK.pdf).
These facilities are setup for big spammers so that they can send 100.000 mails and can have 1% spam amongst them (still a 1000 mails of spam, see why those end up in your mailboxes...)
The more and more that services on the Internet get centralized the more this will happen unfortunately.
As you are a Microsoft customer for kaelin.email according to the MX, use that contract to call them and tell that you cannot send mail from your IP.
Without actual full headers, little else people on a public list can say but: contact them through a paid contract.
Though they will likely point you to https://sendersupport.olc.protection.outlook.com/pm/policies.aspx or https://sendersupport.olc.protection.outlook.com/pm/services.aspx.
Don't forget to signup for the "Junk Email Reporting Program" @ https://postmaster.live.com/snds/JMRP.aspx though, as noted, you can be sqeaky clean, if others in a similar related subnet are not....
Or your volume can just be way too low.
Greets, Jeroen