Why Does hotmail still reject my emails?
I have a very strange problem with my emails being marked as spam by hotmail. I just have configured Postfix + Dovecot on my server and all works perfectly. I can Send/Receive emails. I only have problems with hotmail accounts, I do not understand the reason, because I also configured: SPF DKIM rDNS My IP is not listed in any backlist, I used: mxtoolbox.com Checking the headers I see that SPF and DKIM pass correctly. I have no problem with GMAIL, YAHOO, and other, but hotmail seems very strict. The only problem I think... could be that my IP had no email traffic yet. I've sent very few emails to hotmail. So, if postfix has no problem, what do I have to do to send emails to hotmail correctly? Because if the only reason is that I had no email traffic yet it means that my first newsletters will be tag as SPAM without no reason. Advice? (An example of email received as SPAM is below) HEADERS: x-store-info:4r51+eLowCe79NzwdU2kRwMf1FfZT+JrxVyutn/pLjoZiDggbl3J7aHGkQoNPd8ZB9iY77nKNhzoKkbFqj2wPQ4Ha91HUDyzG+BsQ2lzn+x/xsXGuDBWhAPIPgrYY3dCiWYILdpiCyM= Authentication-Results: hotmail.com; sender-id=pass (sender IP is 188.8.131.52) firstname.lastname@example.org; dkim=pass header.d=example.net; x-hmca=pass X-SID-PRA: email@example.com X-SID-Result: Pass X-DKIM-Result: Pass X-AUTH-Result: PASS X-Message-Status: n:n X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD00 X-Message-Info: M98loaK0Lo1j8FOgXol8UFVrP26QMSvVTQXke21+QxXu+DJ5ttCh6cM/eFA+HRgTBFdz52wvmszvfgxVXBCfExvqqIFxcJKaFap8dwTFrYmSiOTK6J40vAbrC+QeYPnMG9Hntes6IFH9T95bydckDQ== Received: from mail.example.net ([184.108.40.206]) by SNT0-MC3-F15.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900); Sun, 30 Sep 2012 14:13:33 -0700 Received: from [192.168.1.2] (2-231-150-154.ip207.fastwebnet.it [220.127.116.11]) by mail.example.net (Postfix) with ESMTPA id DD0A3401D9 for
; Sun, 30 Sep 2012 21:13:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.net; s=mail; t=1349039612; bh=qCXqeVFYopgNSxSiqL3ANA5CfkeFw8AlGDFYh/ruUlg=; h=Date:From:To:Subject; b=NIYcYZJ4YitQHGus2ZQV4ErzN+hvFoDWi+M53eJXZSx3o0VamoA8PODMEZlWqvG29 aYQK8DVW140wZ1tmHCvNCIe+KF/FVmRkxtD2aWGVK5OhVNuFv6ldRE7VUDhlPfOvaZ uUqp1QopHJsg8pGDTeifigb58xTa2V4AOac6WY4c= Message-ID: <5068B5FA.firstname.lastname@example.org> Date: Sun, 30 Sep 2012 23:13:30 +0200 From: Aziende Mandanti User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120911 Thunderbird/15.0.1 MIME-Version: 1.0 To: email@example.com Subject: Registrazione avvenuta con successo Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 8bit Return-Path: firstname.lastname@example.org X-OriginalArrivalTime: 30 Sep 2012 21:13:33.0410 (UTC) FILETIME=[72B24C20:01CD9F50] Gentile Damiano, la registrazione è avvenuta correttamente. Saluti example.net The IP you see in the headers is correct, I only obfuscated the email addresses
Checking the headers I see that SPF and DKIM pass correctly. I have no problem with GMAIL, YAHOO, and other, but hotmail seems very strict.
This is correct. Hotmail / outlook.com are insanely strict for .. really no sensible reason at all. You have checked the obvious things:
- reverse DNS
- My IP is not listed in any backlist, I used: mxtoolbox.com
The only thing left to do is manually file a request with Microsoft to get your URL listed in their safe senders. I really wish I was kidding, but even after triple checking all our mail settings (same as your above bulleted list), testing successfully on every other mail provider under the sun, etcetera, we had to file a manual Hotmail inclusion request in 2010 before email from Stack Overflow, Super User, Server Fault et al would arrive to Hotmail / outlook.com users.
As you can see on Microsoft’s Postmaster Troubleshooting page:
IPs not previously used to send email typically don’t have any reputation built up in our systems. As a result, emails from new IPs are more likely to experience deliverability issues. Once the IP has built a reputation for not sending spam, Outlook will typically allow for a better email delivery experience.
The Improving E-mail Deliverability into Windows Live Hotmail (pdf) document describes this troubleshooting for the “Your e-mail is being delivered to the Junk e-mail Folder” scenario:
- Too many recipients reported your previous e-mails as spam
- Too much of your mail is sent to invalid or inactive e-mail addresses
- Your SenderID record is incorrect or missing
None of which applies here to a new mailer anyway, and SenderID / SPF was already checked as valid.
So this begs the question, how exactly do you get positive email reputation when all your emails go into the spam folder on day zero?
The only way we could get it to work is to .. file for a manual inclusion request.
Once I did this I got a deliverability email which looks automated, but that’s good in this case:
This mail is to confirm that the IP(s) listed below are being investigated by our automated system.
Please note that your ticket number is in the subject line of this mail.
Note: Errors are unlikely, however, if an error is indicated, please resubmit the specific IP or IP range.
Hotmail Deliverability Support Service
Additionally, Microsoft recommends that
in addition, to adding your new IPs to existing Sender ID records, don’t forget to update your Junk Email Reporting Program (JMRP) account with the new IPs as well. To update or set up a JMRP account, click here.
I don’t see anything wrong with your headers, or anything obvious that you’re doing wrong, but I would like to point out that, yes, hotmail (as well as
outlook webmail) are very strict, and tend to classify a lot of mass-mailings as spam, even when they shouldn’t be.
A Google search on
hotmail emails marked as spam turns up scores of similar questions with people having problems sending newsletters, registration confirmation emails and so on to Microsoft webmail domains, so it’s probably nothing that you’re doing wrong, but you need to put a lot of work into getting a mass mailing or automated mailing to pass through the spam filters Microsoft has in place for their webmail.
The place I’d start looking for “what to do next” would be the Microsoft webmail postmaster policies, practices and guidelines page.
They have 5 major guidelines you should make sure you’re in compliance with (including American legislation you might not be aware of, and yes, it applies even to
hotmail.it), some free reuptation management tools you might want to look at, as well as a way to contact “Hotmail Deliverability Support” if you’re still having problems after complying with their guidelines.
I suspect the problem here is a new ip has gone from sending low volumes of mail to high in a short space of time
Hotmail and others use return path reputation quite heavily
It’s also worth signing up for SNDS at hotmail (presuming you haven’t already)
Jeff Atwood is correct re: Having to Sender-Score yourself first. I have been there more than once. This should be the default way to go, and is generally faster than getting white-listed by Hotmail’s investigation team. You can sender-score yourself by simply starting to deliver e-mail to other major ISP’s, and your ratings will eventually show up on SenderScore.org (usually takes a couple weeks) at which point you can re-try Hotmail. In my personal experience this happens in 50% of the perfectly configured and authenticated fresh IP/Domain trying to inbox with a naked “Hello world” message. That means that you might get lucky and your fresh setup will Inbox hotmail/outlook like a charm. I would go out on a limb guessing that this “luck” factor could be related to the IP-Block provider/owner’s reputation?
However, the following article may indicate a different approach – Email Delivery Report 2012
[excerpt from the Hotmail-specific part of the article]
• Existing domain reputation will impact delivery, for better or
worse, only when authenticated with Sender ID. • Emails not signed
with Sender ID will be judged on IP reputation and content.
I could be misinterpreting this but I think it means you may have a better luck inboxing Hotmail on Day-1 if you don’t setup Sender-ID authentication, rather than authenticating your domain/IPs prior to building some reputation metrics.
I was experiencing this issue for a while, all the DKIM/SPF/DMARC/etc validators I could find all gave everything a pass. However, by random chance I stumbled upon the solution – make SHA256 keys! So the command to generate the key would be something like
opendkim-genkey -r h rsa256 -d domain.name -s mail. Once the new keys were installed and the updated DNS TXT record had propagated, hotmail was happy to receive mails from my domain.
I would comment, but I don’t have enough rep.
Here’s a link to Hotmail’s current (2016-06-01) Email policies page where you can sign up for Junk Email Reporting Program (JMRP) and Smart Network Data Services (SNDS) accounts:
However, by random chance I stumbled upon the solution – make SHA256
keys! So the command to generate the key would be something like
opendkim-genkey -r h rsa256 -d domain.name -s mail. Once the new keys
were installed and the updated DNS TXT record had propagated, hotmail
was happy to receive mails from my domain.
I am using Plesk Onyx which generates SHA256 keys for DKIM by default, which I checked using http://dkimvalidator.com. Emails we send to Hotmail continue to be placed in the Junk/Spam folder. Checking the headers of those emails, we see that SPF, DKIM, and DMARC are all “pass”. I am told by Microsoft that the culprit is their SmartScreen filter, which is actually very dumb and frustrating. The way out appears to be to start using the IP for live emails, and then notify users to “Add Sender to Safe Senders List” in the Outlook UI. Over time, SmartScreen will start allowing emails into inboxes. Thanks Microsoft for such a dumb system! (And yes, we are already signed up on the SNDS and JMRP.)
After you checked all possibilities and have perfect configuration according to Microsoft policies and Outlook.com Enhanced Deliverability white paper with SPF, DKIM, Reverse DNS and all world e-mail systems trust you already…
…it’s time for you to reach out to internet God – Microsoft – directly under special form. Microsoft will add your domain and IP address to the whitelist. It sounds unbelievable but it’s true.
Screen for all unbelievers to start believe:
P.S. It even works with Chrome, not only IE!
- Database Administration Tutorials
- Programming Tutorials & IT News
- Linux & DevOps World
- Ebook Reviews
- eSport Matches, Skills Tutorials & News
- Entertainment & General News
- Check your public IP Address precisely