Outlook.com is blocking my mail server

Recently, I was trying to respond to an email delivered to me from an outlook.com sender address. Unfortunately, my response immediately bounced back, and I was informed that my mail server’s IP address had been added to outlook.com’s internal blocklist.

The non-delivery report from the inbound mail server on behalf of outlook.com reads as follows:

outlook-com.olc.protection.outlook.com[] said: 550 5.7.1
Unfortunately, messages from [] weren't sent. Please contact
your Internet service provider since part of their network is on our block
list (S3140). 

Microsoft’s non-public email blocklist

In addition to using Spamhaus, Microsoft also maintains its own internal IP blocklist to mitigate spam. I had my first run-in with this internal blocklist five years ago, when I was doing some consulting for a local ISP. At the time, a few customers using the ISP’s mail servers were complaining that their messages never reached the intended recipient’s inbox when delivered to outlook.com.

I did eventually discover, to my great surprise, that outlook.com was silently discarding email messages. I was additionally made aware of the existence of the internal blocklist during talks with Microsoft support. If your interested in that old and in my opinion, batshit crazy story, then you’ll find it right here.

Anyhow, that’s all in the past and I like how Microsoft is now providing us with a non-delivery report (NDR) to pinpoint the issue.

Are your mail servers blocked by outlook.com?

The internal IP blocklist used by Microsoft to mitigate spam for their free email services is non-public. Microsoft does not provide any service to query the blocklist, or to request a de-listing. However, by joining Microsoft’s Smart Network Data Services you’ll be able to claim your mail servers IP addresses.

This enables you to monitor your mail servers’ reputation with outlook.com, and get forwarded copies of email that outlook.com users have marked as junk.

SNDS - IP Status

The SNDS IP report page providing detailed information about my mail server IP.

The information provided for my mail server IP states the following: “Blocked due to user complaints or other evidence of spamming”. Sounds bad admittedly, but I believe Microsoft is overreaching and blocking entire subnets instead of individual IP addresses. When I performed a search on Cisco Talos Intelligence Group for it becomes painfully clear that there are a few bad apples in my neighborhood:

Talos Intelligence IP lookup

Checking email reputation for using talosintelligence.com.

I guess I’m guilty by association. Well then, I should be able to reason with Microsoft and get this unjust block lifted, right? Let’s look at the evidence:

  • I’ve gotten zero reports of spam through Microsoft’s junk mail reporting program.
  • My mail server implements modern standards and policies like DNSSEC+DANE+STARTTLS, DMARC with DKIM+SPF, and MTA-STS+TLS-RPT.
  • My mail server is not listed on any public email blocklists.
  • My mail server is not blocked by Office 365.
  • My mail server is not blocked by any other major email service providers.

Outlook.com deliverability support

Let’s move on and try to get the mail server de-listed from Microsoft’s infamous internal IP blocklist.

If your email complies with our policies and guidelines and you are still experiencing email delivery problems that are not addressed in the FAQ below, click here to contact support.

Source: https://mail.live.com/mail/troubleshooting.aspx

After filling out the support request form, I received the following response within 24 hours:

We have completed reviewing the IP(s) you submitted. 
The following table contains the results of our investigation.

Not qualified for mitigation
Our investigation has determined that the above IP(s) do not qualify for mitigation.

Obviously not the result I was hoping for, but all is not yet lost. I’ll try to get a manual review in the hopes of having that decision overturned.

Either way, I’m rather excited to see if Joe Nobody can get a fair shake with Microsoft without having any leverage whatsoever. I’ll keep you posted.

Update: Outlook.com is no longer blocking my mail server.