Hi folks. I have two updates:

1. Microsoft reported that they delisted a number of our subnets. We've seen a big decrease in the number of new reports of this issue from customers. Customers have also reported to us that their bans have been lifted.
2. We're unfortunately still seeing new reports of this issue from customers, some of them from subnets we hadn't originally sent to Microsoft, which suggests that the underlying issue hasn't been identified or resolved.

I've asked Microsoft for an RCA multiple times. Absent some information on what's causing these bans, new IP addresses/subnets will likely continue to be banned.

If you're having this or other NDR issues, the best way to get our help is to open a ticket.

We are aware and have received multiple reports from users facing this issue and working closely with Microsoft to get this resolved as soon as possible.

As far as we know, this is affecting other non Linode customers as well and Microsoft has acknowledge the problem and looking into it.

You may want to consider looking into a third-party SMTP delivery service, if you want a surefire way to get your mails delivered. A few of them I've listed below such as:

https://www.smtp2go.com/
https://sendgrid.com/
https://www.mailgun.com/

Being able to host a mail server directly from your Linode is certainly more ideal, but if mail is absolutely critical and you want a way that is certain to fix your email deliverability, I personally recommend switching to a service like one of these. If anything you could switch at least temporarily until Microsoft finally figures out why your mail isn't being delivered.

We have also become aware of this issue around 17-19 December 2021 and it is still unresolved.

We tried to delist the IP using https://sender.office.com/ and contacted delist@messaging.microsoft.com and joined SNDS and JMRP and still no progress.

We submitted a support ticket to Linode a few hours ago but no reply yet.

We have hundreds of users on our Linode which is running cPanel and switching to a third party provider is not an easy and quick option.

Hope this gets resolved pretty soon!

we have same problem from 22 Dec.
Microsoft support request submit delisting of IP address to sender.office.com, but system telling that our IP is not blocked.
same time emails is not delivered and it's making problem.
Looks that mostly all Linode customers have same issue for last 15 days.

when we can expect resolving of that problem from Linode side ?

Hi isackey

Hey thanks for the - somewhat brutal - honesty, I really appreciate that. I've been researching this for the duration and this is first concrete thing thats been said.

Like the other comments - this is major for me.

Is your response an official Linode position ?

I have to say OMG - Linode would suggest, use someone else ?

What can we do to bring about a resolution? - microsoft seem to not acknowledge emails about this issue.

Again, appreciate the honesty, but 3rd party and doing nothing don't seem like viable options

I can confirm we've also seen this issue with servers in Sydney and Tokyo. Our IPs had appeared in the MS blocked list. We delisted them but are still seeing the problem. We had our first bounce related to this on 22 Dec 2021.

I can also confirm this issue, started from 22. DEc. 2021. We can't easily change our server to alternatives. I hope Linode will find a solution as soon as possible with Microsoft.

Microsoft didn't response to my e-mail yet..

I have to admit… this is the first time ever in our 10 years with Linode that I submit a support ticket and I still have no response 12 hours later. What happened to the amazing customer service?!

Our operations are severely affected by this issue and we deserve better communication from Linode.

@Linode staff Please share with us what/how you are tackling this situation and manage our expectations in an effective manner so we better handle our business and our clients.

Thank you!

Hi, hey further note to isackey

The use of Mailgun, assume others, is not an option

because they are api services - or at least authenticated, so if you have 2 virtual domains, the 2nd domain will use the same credentials.

It results in quite an ugly - sent on behalf scenarion

john@domain.tld on befalf of john@domain2.tld

Is there an update on this yet?

As @brayworth has indicated, mailgun changes the headers, so if sending from a second domain you get the fugly "on behalf of" in mail clients.

Has anyone found an authenticated mail relay service that doesn't mess with the headers like that?

A bit more information about this:

• This doesn't seem to be down to Defender 365 - we're not using it on our 365 tenancy and we're affected by this

• Adding a connector in Exchange to allow the IP as a partner site doesn't have any effect ( https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-for-secure-mail-flow-with-a-partner )

• Not all Linodes are affected. We have an existing mail relay in London and this can (currently) send mail to 365 users. We're using this to route our Tokyo and Sydney mails through and that seems to work-around the issue for us. Our working relay is in the 212.111.40.0/22 netblock.

Well… We could not wait for Linode and Microsoft to resolve this matter and Linode support team have completely ignored our support ticket submitted over 24 hours ago — for the first time ever in over 10 years working with them.

We have therefore integrated SendGrid this morning and had to verify every single domain on the server using CNAME records to prevent the ugly on behalf of issue.

It has been a tedious task to verify 85 domain names but hopefully it will be less hassle from now on.

I am very disappointed with the way Linode have handled this… It is really not like them!

Good luck to you all.

Hey folks – just an update, we're still trying to get this escalated with Microsoft. We believe this is an error. The Microsoft Deliverability team (with whom we frequently work) has told us IP addresses getting this error don't appear to be blocked; Microsoft's own IP delist portal also reports that these IPs aren't blocked.

We're hoping to hear from Microsoft soon. We'll update this thread when we have more information to share.

Dear @jackley

When Linode will sort out this problem ?
We know very well that Microsoft IP delist portal said to us, but we need solution.

We don’t want get answer once a day that you still communicate with Microsoft. We need result.
Our reputation is going down, because we can’t answer to our partners from our corporate emails.
And looks that we can’t get professional support from Linode.

We also have this issue, I reported it to Microsoft 8:30am (GMT) December 21st and they have not managed to find the IP or the problem. I have a support engineer emailing me updates, who has escalated it, but quite frankly its taking a ridiculous amount of time to solve. Especially considering it's Microsoft!

So in the meantime, as @isackey suggested, you can use 3rd party SMTP servers to send email. I am using smtp.com to relay sending email from Postfix. It's quite simple to setup. You can do it with other mail providers, e.g. SendGrid. Maybe even your own 3rd party server. It was important to ask SMTP.com set the return path to the originating email so the original SPF record still stands (apparently!). Here's how to configure Postfix to relay https://kb.smtp.com/article/944-postfix

Seriously, what's up with blaming Linode? Microsoft has been totally incompetent here, they are unable to find out what is blocking Linode? Seriously? Is there no logs in their systems?

It's MS' servers that cause the bounces, it's not Linode.

I've gotten through to their support system - sort of - but got nothing but a boilerplate "Nope. We're not going to help you. Here is our requirements (SPF records etc, that we already do). Nowhere are they able to tell in which way we are "in breach" of their policy.

It's incompetent. It's rude. And I am pretty damned sure Linode is just as frustrated as you are. Give them some leeway, and go on report this any way you can to Microsoft, too. And if you have people that actually are Microsoft customers that miss mail from you, they might have more luck as paying customers.

+1, from Frankfurt DC

Thanks @jackley for the update;
It certainly helps that Linode is on our team, so any updates are welcome.

I've also found valuable information in these posts - thanks for that !

I'm interested in both @amityweb and @BrianSalvador experience

amityweb - so that was a set once solution, not a per domain solution like BrianSalvador, and in addition - you had to send an email to smtp.com's support to ask SMTP.com set the return path to the originating email

that's it ?
it sounds like a simple solution (albeit the cost of the subscription)

thanks in advance

Glad to see it's not just me … been dealing with Microsoft randomly blocking my server since late November. Linode helps get it unblocked, then it gets re-added with a different error message a short while later. All reputation tools report the IP is fine (rDNS, SPF, DMARC, IPv6, etc are all configured correctly).

Our Tokyo server ip also affected in this issue, we have checked all common DNSBL, all passed not on the list.

@jackley the SNDS service does say the IP is blocked, but the delist service says it's not. Might be something to follow up.
https://sendersupport.olc.protection.outlook.com/snds/ipStatus.aspx

says:
View IP Status

The table below lists any IPs you are authorized to view that have an abnormal status. This data is updated once per day, so it may not reflect the current state of the IPs.

First IP Last IP Blocked Details
172.105.172.47 172.105.172.47 Yes Blocked due to user complaints or other evidence of spamming
172.105.179.64 172.105.179.64 Yes Blocked due to user complaints or other evidence of spamming

The second address is a NEW server set up two hours ago, new IP address already blocked.

Just to throw some more support behind the Linode crew: This type problem isn't new and isn't limited to Microsoft. The ATT/Verizon steaming pile of a mail system is also prone to random blocks of both Linode IPs and IPs from any similar cloud server providers. It has been happening for a few years but has gotten worse in the past two. There really isn't anything Linode can do besides try coaxing Microsoft to help sort out the issue. The good news is that they are probably one of the few groups who have a decent chance of getting a response from Microsoft/AT&T-Verizon. The big carriers really coudldn't care less if your mail gets delivered or not.

If you are running cPanel, be sure to configure the DKIM support and ensure your TLS certs are renewing correctly. If you aren't, learn how to use OpenDKIM and integrate it with your mail system. It does support signing for multiple domains. However, if you host email for multiple domains it's hard to get both SPF and DKIM alignment for DMARC since the reverse DNS for the server's IP will only align with one domain. That doesn't seem to affect deliverability too much as long as your DKIM setup works well and you are using SMTP over TLS. Register an email address to receive DMARC deliverability reports and process those on a regular basis to look for problems. So far, URIports.com is the least expensive DMARC analysis service I have found. Even with all of these fixes, problems like this will pop up.

@pmcneil Unlike your IPs, most users’ IPs here are not listed under snds and can normaly send messages to outlook.com/hotmail. You either got ip from a spammer or your server is compromised.

+2x London Linodes - same issues as everyone else.

Update - Frankfurt and Toronto also affected.

Also experiencing this.

Trying to delist using https://sender.office.com/ but gets the famous message that the IP isn't blacklisted.

It seems like 100 % Microsofts fault, but there are no way to get through there. It seems the only option now, is to utilize a SMTP service away from Linode.

The latest I've had from Microsoft support is:

"From what I can gather from our technicians on our end is that Microsoft is aware of the issue and is currently working to unblock the IPs in question as the complaints come in. If you have already submitted a ticket with them directly, be sure to include the IP ranges affected so Microsoft can unblock them from their end. After that it comes down to when they get to your request as there are a good amount they are currently working through at the moment."

Hi - Also experiencing this, exact same symptoms. SNDS showing no data for the IP and I, get no junk returned from JMRP…

After delisting an IP, 1 domain started accepting our mail again after a few hours, but 2 others didn't (all 3 outlook.com hosted domains). The 1st domain is now blocked again.

I went through the de-listing process a second time, it assured me the IP was not blocked and invited me to open a ticket - the form didn't work several times but I eventually got one in. A few hours later I was told (by WINLV.EDFS.WW.00.EN.MSF.RMD.TS.T01.SPT.00.EM@css.one.microsoft.com):

We have completed reviewing the IP(s) you submitted. The following table contains the results of our investigation.

Not qualified for mitigation
XXX.XXX.XXX.XXX/32
Our investigation has determined that the above IP(s) do not qualify for mitigation.
…

(I've put the whole email into our open ticket with Linode)

And as you might predict, attempting to reply to that email only gets it bounced. I have got to this exact stage while hosting a mail server with another provider before - you can actually get responses from this team, but nothing useful. They won't discuss why you're blocked (it now seems evident they don't actually know). It is because of this I migrated a mail sever back to Linode…. who I'm really hoping have made some progress here?

@vittal_cognidox: Can you please advice where to submit such a ticket?

@Michael_Sahl We have a 365 account and we've submitted a ticket through there. See https://docs.microsoft.com/en-us/microsoft-365/admin/get-help-support?view=o365-worldwide

Is this because of Microsoft's blatant abuse of it's market share to extinguish it's competition using underhanded tactics like we've seen in the past, or is this due to incompetence and neglect? I don't know but either way it's unacceptable. In a way they are messing with peoples livelihoods. My customers aren't going to accept "It's microsofts fault, there's nothing I can do about it" for an answer. Eventually they are going to move on to another provider.

Same problem in EUA datacenters!

Since December 17th we are still blocked from send mails to Microsoft 365 accounts.

My customers are angry with this situation and it's not simple to migrate to another provider now.

We have found a solution, using the OpenSource anti-spam gateway called scrollout ( http://www.scrolloutf1.com/ )

But, the IP address of a server that host it, is new and the reputation is poor yet. We can send mails, but they go to the spam folder, and some mails bounced.

So we are still in trouble

@interactivesun Thanks, but you are incorrect. The IP is Linode's it is a small email server and very closely monitored. It is NOT compromised and is correctly set up (as have all my mail servers since the 1990's.)

I get no junk returned from JMRP but SNDS IP Status is showing the IP status above, despite the .64 address being brand new.

Started getting this yesterday. Spent most of today trying to wade through Micros**t's help pages and finding 95% of the links were stale or required a login at live.com. We don't have a login for any Micros**t services! Just now landed on this topic, so please LiNode, push harder against their turgid underbelly.

We've exhausted all options with Microsoft support and delisting attempts.

We swapped IP addresses with another Linode that has never been used to send e-mail, and this didn't help. The new IP address experienced the same block.

We subscribe to the JMRP and SNDS programs through Microsoft. These IPs are not listed as blocked. SPF, DMARC, and DKIM are all in place.

I opened a ticket with Linode about 14 hours ago but haven't gotten a response yet.

Same here… All MS options have been tried, Linode ticket unanswered for 19 hours.

Totally stuck, full of blocked emails.

We have MS accounts, but it doesn't make any difference.

Just tried telnet to outlook mx and sending email manually. On unaffected server this went through correctly and email got delivered to inbox, on affected server the moment you set recipient it triggers 5.7.511. Please note that I edited personal information/hostnames/ips

telnet somemx.mail.protection.outlook.com 25
Trying 104.47.22.138…
Connected to somemx.mail.protection.outlook.com.
Escape character is '^]'.
220 DB8EUR06FT018.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Wed, 5 Jan 2022 18:25:43 +0000
ehlo my.hostname.tld
250-DB8EUR06FT018.mail.protection.outlook.com Hello [xxx.xxx.xxx.xxx]
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8
mail from: me@linode.server
250 2.1.0 Sender OK
rcpt to: somebody@o365.server
550 5.7.511 Access denied, banned sender[xxx.xxx.xxx.xxx]. To request removal from this list please forward this message to delist@messaging.microsoft.com. For more information please go to http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410) [DB8EUR06FT018.eop-eur06.prod.protection.outlook.com]

@dan

It is because of this I migrated a mail sever back to Linode…. who I'm really hoping have made some progress here?

Me too. OVH were having their whole IP range blacklisted in exactly the same way. I got no replies from OVH about the issue.

So a year ago I moved to Linode. Sadly, after 24 hours I've had no reply from Linode either.

@isackey Can we have an update please?

Can I suggest you run your IP through http://www.uceprotect.net/en/rblcheck.php

They are currently giving Linode's ASN an "Extreme" spam score, which may be why MS is blocking most of the range. They provide a list of the individual IPs causing the issues, I wish Linode would act to remove them for the sake of the rest of their customers.

@swiftoid I just compared ucprotect listings of affected ip and unaffected ip. In both cases level 1 was green and level 3 (network) was red. There was a difference on level 2 where affected had yellow and unaffected had green. While I doubt Microsoft uses ucprotect, they probabbly have their own implementation of ucprotect level 3, that they have no clue of its existance.

I've registered a free @outlook.hu email address for testing.
It seems now email is delivered to this address from my server (which is Frankfurt), however it landed in SPAM folder.

Is this issue come out also for @outlook.hu or @outlook.com addresses?

Yes we have the same problem. I opened a ticket with Microsoft and after two days of exchanging emails their latest answer was:

Detail checks from our end shows that the IP address xxx.xxx.xxx.xxx is not listed as also confirmed by the delisting team, therefore there is little or no help we can render. However, I will advise that you open a support request with Linode so as to help you look into the issue.

This is ridiculous answer because it's clearly Microsoft's problem.

We currently have two blocked server IPs, one in Frankfurt and one in London DC.

Hi all

I just did a test from my Linode (IP in London, previously blocked and reporting the same error as above) running cPanel and it was successful -

Received: from redacted.eurprd05.prod.outlook.com (2603:10a6:20b:4d8::2000)
by redacted.eurprd05.prod.outlook.com with HTTPS; Thu, 6 Jan 2022
04:44:27 +0000
Received: from redacted.NORP000009.PROD.OUTLOOK.COM (2603:10a6:f10:11::14)
by redacted.eurprd05.prod.outlook.com (2603:10a6:20b:4d8::2000) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1111.14; Thu, 6 Jan
2022 04:44:26 +0000
Received: from redacted.eop-EUR02.prod.protection.outlook.com
(2603:10a6:f10:11:cafe::2000) by redacted.outlook.office365.com
(2603:10a6:f10:11::2000) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1111.9 via Frontend
Transport; Thu, 6 Jan 2022 04:44:26 +0000
Authentication-Results: spf=pass (sender IP is [redacted])
smtp.mailfrom=[redacted]; dkim=pass (signature was verified)
header.d=[redacted];dmarc=bestguesspass action=none
header.from=[redacted];compauth=pass reason=109
Received-SPF: Pass (protection.outlook.com: domain of [redacted]
designates [redacted] as permitted sender)
receiver=protection.outlook.com; client-ip=[redacted];
helo=[redacted].com;
Received: from redacted.com (redacted) by
[redacted].mail.protection.outlook.com (redacted) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.1111.9 via Frontend Transport; Thu, 6 Jan 2022 04:44:25 +0000

So something has happened. I did a couple of tests, one landed in the O365 Junk folder, but I'll take that for now rather than being blocked. Anyone else having success? I'm going to be monitoring the mail flow throughout the day, but here's hoping the issue is getting resolved. (PS. I redacted and changed the actual details for privacy.)

@swiftoid That's very concerning. Did a check on my IP, came out as green. Did a check on my network block and it was in danger of being listed as it had a few offenders. And the entire linode network is as you say in the red.

So by the looks of it, this isn't coming out of the blue and there is a reason for Microsoft blocking Linode as a whole. Welp. Maybe time to look for another provider and migrate.

Talking to Microsoft support about this issue, is like asking the local gardener to fix global warming.

We have now implemented AWS SMTP-services and is running again through them.

Same problem here in all 3 datacenters we use.

We also implemented SMTP via AWS SES for now, but don't see the point of having to use two competing cloud providers…

I went with the suggestion, set up DNS with mailgun through all my domains, set up a separate relay transport rule in postfix. So at least my customers can communicate with microsoft users again. It's a temporary fix until this gets sorted out. Hopefully soon.

Please could someone talk me through setting up AWS SMTP-services or setting up mailgun as a separate relay transport in postfix? many thanks

@igennus we use Cpanel and used this guide:
https://support.cpanel.net/hc/en-us/articles/360056322734-How-to-use-Amazon-SES-as-a-Smarthost

Microsoft has asked us to perform some troubleshooting that we could use your help with. If you have a server with mail traffic being bounced with "Banned Sender" replies and an Outlook account with which you receive mail (or a client who is also willing to help), please perform the following steps and open a Support ticket to let us know the result.

Our Support team has been advised as to how to collect the information from this troubleshooting via ticket.

Here are the steps that Microsoft provided:

Please send an email to yourself on an Outlook.com account.

If the issue prevails then check by adding the email addresses of the recipients in the safe senders list. 

In order to add emails to safe senders list please follow the steps mentioned below:

1. Sign in to http://outlook.live.com
2. Go to Settings > View all Outlook Settings
3. Go to Mail > Junk Email
4. Select “Safe Senders”
5. Enter domain or email address from which you are not receiving emails.
6. Click (+) icon
7. Hit SAVE.

After that, please try sending an email again. We're interested to know if the mail is delivered successfully or the bounce message received if it isn't. We intend on collecting multiple data points to ensure consistency in the resolution of this problem.

Thank you to everybody for your patience and willingness to help. We're aware that this is an ongoing issue and are working to resolve this as soon as possible.

I know others are going to read those MS instructions and just shake their head…
I did it anyways. Or at least in one case - because in most my cases the sender and recipient are both in my own domain and are already in the safe senders list.

It's the same error everyone else sees: 550 5.7.511 which happens during an smtp session right after you give the 'rcpt to:'.

In every case I've been able to find another Linode, same datacenter, that isn't impacted and relayed through it (after adding it to my spf and doing all the good mail server hygiene things).
I even found a few systems that have never sent mail (and the IPs have been mine for many years) and are also included in the MS block.

I'll submit the tickets so you can add it to the 'me-too' list.

Shaking my head, while performing this tests. I suggest opening many many more support tickets at Microsoft and reminding them that this issue is limited to Office 365 email servers only.

intteractivesun wrote, "this issue is limited to Office 365 email servers only"

Bingo. We can send to outlook.com and hotmail.com addresses fine.

We have a mail server being blocked with the 550 5.7.511 and we also have access to an Office 365 Exchange admin center. I can tell you that attempting a message trace from the Exchange admin side does not even show these messages. They're being deferred prior to being able to be traced.

We have tried setting a domain in the "Manage allowed domains" in our 365 account and testing. These failed. Again, these are being blocked prior to anything that can be controlled in the 365 admin center.

I'm also shaking my head. It is painfully obvious that this problem is nowhere near being solved, because those who have the power to do so are not understanding or listening to what the problem actually is. Something isn't being communicated clearly.

We've all gone through these steps ourselves already with Microsoft's "deliverability team". Linode, this needs to be escalated with Microsoft beyond their entry level support.

We can't send to outlook.com nor office365.com. On the other hand hotmail.com is just fine!!

Well, this is painful. Since the issue is so straight forward to reproduce (with telnet, see above), could we perhaps have Linode explore whether all of their net blocks are affected or just some.

If there is a range of IPs that works, maybe some temporary Linodes could be made available in those networks to paying customers as a temporary measure until the root cause has been resolved.

@_Brian,
If it helps, here is what we attempted in the Office 365 tenant's antispam portal located at https://security.microsoft.com/antispam portal. The messages are deferred before reaching these filters, so I don't think this was time well spent, but if MS needs you to go through the processes, then you may use this example.

We were asked to do this when I attempted opening a Microsoft support ticket from the Office 365 user side. After this was complete, we were told that a ticket needed to be opened by the sender. Obviously we used an IP and domain experiencing the issue, not "example.com".

Connection filter policy (Default)

Connection filtering

IP Allow list

• xxx..xxx.xxx.xxx

### IP Block list

Safe list

On

Allowed and blocked senders and domains

Allowed

Senders (0)

Always deliver messages from these senders

Manage 0 sender(s)

Domains (1)

Always deliver messages from these domains

Allow domains

Manage allowed domains

Add senders and domains to this list to ensure messages are always delivered to them.

List loaded

Add domains

• 1 item

example.com

Hi Guys,

I hate to be whipping a dead horse here (and I know you guys are working through it), but I have been stuck on the "utilize the portal found at https://sender.office.com/ to complete the process of IP removal" merry-go-round for the last couple weeks, I cant even respond to their tickets as they are being blocked, I run a small email hosting business and this is starting to have serious effects on me and my clients as I cant just explain to my customers to just go and use some 3rd party smtp outbound service and my excuses are starting to wear thin, its becoming a real worry - any suggestions that doesnt involve me telling my customers to go use another mail service would be awesome,

Stu

@stuangel open free trial o365 account. Open support ticket at Microsoft to increase awareness and that they get serious at fixing this.

You may also bag Linode for IP that is not yet affected, though there are no guarantees.

You may also try to use smarthost like sendgrid to relay mails (free 1 trial for a total of 40.000 mails), but with many domains, authentiaction might be painful. And if here is a better way I would love to know myself.

@interactivesun thanks for the response, couple of quick Qs from a non-sys admin perspective

1/ "open free trial o365 account" - will try that once I hit "post your reply"

2/ "bag Linode for IP that is not yet affected" - without digging through hundreds of documents, is there any way they could do this via routing (even at a cost), as I cant fathom what this would effect off the top of my head as I have a pool of 5 servers (not all email servers that rely on IPs etc)

3/ "try to use smarthost" - I am not fluent in relaying email, will doing something like this effect DKIM signatures etc?

best regards

Stu

@stuangel as for #3, it won't affect your existing DKIM signature. But you would have to set up a new signature that identifies with the outgoing relay you are going to use. Just leave your old DNS entries in place. At least that's what I have done, in case this gets resolved and I can stop using a relay host.

Hi @_Brian, thankyou for your advice

Hey Linode could supply Microsoft with a VM and let them see the problem first hand, it's accoss several datacenters

@interactivesun has supplied a very simple test

1. Setup a Nanode - I tried Sydney/Nanode 1GB/CentOS Stream 8
2. Log in
3. dnf install telnet

below here - sub in some real values (this is @interactivesun test)

1. telnet somemx.mail.protection.outlook.com 25
2. ehlo my.hostname.tld
3. mail from: me@linode.server
4. rcpt to: somebody@o365.server

it reliably produced the result

550 5.7.511 Access denied, banned sender[172.105.168.78]. To request removal from this list please forward this message to delist@messaging.microsoft.com. For more information please go to http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410) [SY4AUS01FT004.eop-AUS01.prod.protection.outlook.com]

I've deleted the VM now, but that ip failed straight up

again - for clarity the issue is with sending emails to office365 accounts

thanks to those putting in positive efforts for resolution here

http://www.uceprotect.net/en/rblcheck.php
…says the linode network is level 3 spam listed.

They also say:

As you should know now: It is not you, it is your complete provider which got UCEPROTECT-Level 3 listed.
Your IP xxx.xx.xxx.xx was NOT part of abusive action, but you are the one that has freely chosen your provider.
By tolerating or ignoring that your provider doesn't care about abusers you are indirectly also supporting the global spam with your money.
Seen from this point of view, you really shouldn't wonder about the consequences.

I really like Linode. But uceprotect have a point.

@stuangel relay of email via another Linode server or some 3rd party smarthost is essentially the same thing. Though if you go with Linode even if you do get a working IP it might get blocked the next day, so let's concentrate on 3rd party smarthost.

In support ticket Linode suggested using:
https://groups.io/
https://www.smtp2go.com/
https://sendgrid.com/
https://www.mailgun.com/
Some users in this thread suggested also using Amazon SES

Whichever you choose, you will need to:

• setup an account at one of the smarthosts.
• authenticate each sending domain with additional dkim record and adding smarthost include to spf record.
• configure your mail server to route non local addresses through remote host. All this providers have their own tutorials for integration with various mail servers. This ones are exim specific:
  https://support.cpanel.net/hc/en-us/articles/360036537354-How-to-use-SendGrid-as-a-Smarthost
  https://www.smtp2go.com/setupguide/exim/
  https://support.cpanel.net/hc/en-us/articles/360036537314-How-to-use-MailGun-as-a-Smarthost
  https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-exim.html

This is a great solution if you have few domains and send few monthly emails, but with many domains or many emails per month, this becomes unpractical or too expensive and I'd love to know a more practical solution.

We are also experiencing this from an email server running in London

It is difficult to assume that once the problem has been identified, it is taking days and days to solve it.

I imagine that the explanation we will receive at the end will be very, very, very rich in technical details.

Same here. Since 22/12/21. Over *** 2 weeks ago ***.

"To request removal from this list please forward this message to delist@messaging.microsoft.com."
Been sending these daily since Monday and not had a single response from MS.

Can't even reply to the auto-acknowledgements because "Banned Sender".
MS Delist portal won't even send to my linode-hosted addresses and when I use a gmail address claims the host IP address isn't banned.

I appreciate that Linode staff are working on it but "use a third-party smtp" is not a valid resolution and it's been 2 WEEKS.
Some detail (any detail???) would be perhaps be reassuring.

Update as I finally received a reply from MS:

We have completed reviewing the IP(s) you submitted. The following
table contains the results of our investigation.

More information needed
IP ADDRESS REDACTED
We were unable to identify anything on our side that would prevent your
mail from reaching Outlook.com customers.

If you are still experiencing deliverability issues, please reply to
this email with a detailed description of the problem you are having,
including specific error messages, and an agent will contact you.

Which is BS because they bounced my reply.

Hi there.

Exactly the same problem here. My Linode is on Texas DC [50.116.XXX.XXX].

My IP address is not listed on https://sender.office.com/ neither on https://sendersupport.olc.protection.outlook.com/snds/

My customers can't send emails to office365 destinations, which is used a lot by medium-large corporates.

Any news about it? It's really urgent.

Thanks a lot.

It looks like the whole linode network is spam listed, not individual IP's. For email servers that takes network level spam risk into account, this may affect you even if your individual IP is not listed since the Linode network is listed. This has happened because too many Linodes are spammers, and Linode has not taken proper action against these spammers according to the spam listings.

We are punished by this because we have selected and is giving our money to a provider (Linode) that does not take enough or proper action against spamming on their networks, unfortunately. This policy is defended by saying that since we use and support and give money to a provider that enables spamming and does not take proper action against spamming, we are contributing to the spam problem, and deserve the consequences.

I think Linode needs to take spamming on their network even more seriously and temp block smtp for those who are found to spam for this to be resolved and not happen again.

Have a look here, insert your Linode IP:

http://www.uceprotect.net/en/rblcheck.php
…says the linode network is level 3 spam listed.

They also say:

As you should know now: It is not you, it is your complete provider which got UCEPROTECT-Level 3 listed.
Your IP xxx.xx.xxx.xx was NOT part of abusive action, but you are the one that has freely chosen your provider.
By tolerating or ignoring that your provider doesn't care about abusers you are indirectly also supporting the global spam with your money.
Seen from this point of view, you really shouldn't wonder about the consequences.

I'm affected as well. Linode Fresno CA. Noticed this issue Jan 1st as people were returning to work. I have 350 unhappy clients.

Just like everyone else the IPs are not blocked in MS, maintain a 95+ senderscore, and are not on any blocklists.. except UCEPROTECT.

UCEPROTECT is such a scumbag service. Just read through their website, oof. They don't seem legit at all… and googling them brings up a ton of complaints about them.

I sincerely hope a company like Microsoft isn't using them for anything.

@epstudios

after seeing your reply I had a squiz and found this on Twitter from back in July 2021

https://twitter.com/ErzaEscarlet00/status/1415006860512567299

"sorry to reply to an old twit, but we cant just "ignore it" because for some reason Microsoft is using it in their spam lists. if you are in UCPROTECT LVL3 you cant send mail to office365, and a big % of the companies are already hosting their mail there."

looks like this might be it? unless MS has stopped using their service since then

has anyone shelled out for UCEPROTECTs extortion racket whitelisted.org and had any luck?

Stu

Hey folks. We've spent a bunch of time this week trying to work with Microsoft on this.

I do have a small update: Microsoft has requested some troubleshooting information, so we've been working with some customers to get that information back to Microsoft. We're also working on ways to escalate this even further.

We hear you. We're just as frustrated. This is not our normal experience with Microsoft and delisting requests. We routinely work with them to resolve deliverability issues for customers without such difficulties. This banned sender issue is new (our first tickets about this came in on 21 December).

It looks like the whole linode network is spam listed, not individual IP's. For email servers that takes network level spam risk into account, this may affect you even if your individual IP is not listed since the Linode network is listed. This has happened because too many Linodes are spammers, and Linode has not taken proper action against these spammers according to the spam listings.

We are punished by this because we have selected and is giving our money to a provider (Linode) that does not take enough or proper action against spamming on their networks, unfortunately. This policy is defended by saying that since we use and support and give money to a provider that enables spamming and does not take proper action against spamming, we are contributing to the spam problem, and deserve the consequences.

I think Linode needs to take spamming on their network even more seriously and temp block smtp for those who are found to spam for this to be resolved and not happen again.

I understand why you might think this, but we don't think this is correct. We have layers of automation to find and squash spammers.

I think Linode needs to take spamming on their network even more seriously and temp block smtp for those who are found to spam for this to be resolved and not happen again.

We do this. Additionally, every new customer since November 2019 has been restricted from sending email without first opening a ticket with us.

Microsoft maintains their own blocklists and we have no reason to suspect this has anything to do with UCEProtect (and I'm not aware of any bounced emails that specifically mention UCEProtect). MXToolBox has written specifically about spikes in UCEProtect listings. The level at which we're listed on UCEProtect has fluctuated throughout the year.

I think it's worth reviewing Microsoft's own guidelines and documentation for non-delivery reports (which is linked to from the error message). The specific error we're talking about here is this:

5.7.511    Access denied, banned sender    The account you are attempting to send from has been banned.

Microsoft has other errors specific to banned IPs and banned ranges.

We hope to have another update next week.

I have a one Linode (London) that hosts a small nbr of domains. I sent an email to my dentist and received the following response a few mins later:

Info@somedomain.co.uk: host
somedomain-co-uk.mail.protection.outlook.com[104.47.21.36] said: 550
5.7.511 Access denied, banned sender[178.79.xxx.xx]. To request removal
from this list please forward this message to
delist@messaging.microsoft.com. For more information please go to
http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410)
[LO2GBR01FT025.eop-gbr01.prod.protection.outlook.com] (in reply to RCPT TO
command)

1. I sent the above to delist@@messaging.microsoft.com and got a reply with a ticket number saying they would get back to me in 24hrs. Didn't hear anything back for 3 days.

2. I checked on https://sender.office.com/delist and the IP was showing as not blocked.

3. I replied to the email that I had received in 1 and got another bounce back but with a mention of Frontbridge. After a bit of messing about - I realised if you send anything to delist@@messaging.microsoft.com other than the bounce back email (550 5.7.511) you'll get the Frontbridge response. Try to send anything like a real world email to delist@@messaging.microsoft.com and it will bounce back with a 550 5.7.511 with mentions of Frontbridge.

4. I joined SNDS & JMRP over a year ago - the IP address is "Normal Status", has been since day 1, is in zero blacklists except in UCE Level 3 (and we all know what that means). I have received zero emails from JMRP.

5. To anyone (Linode staff really) - the blocks have nothing to do with emails being undelivered to Hotmail.com, Live.com or Outlook.com email account recipients.

6. The issue is with emails being undelivered to email accounts on Microsoft's Hosted Exchange platform, i.e. Office 365. PLEASE FOR THE LOVE OF GOD, TRY TO UNDERSTAND THIS.

Linode staff - Asking folk to send emails to Outlook.com accounts is a complete waste of time. If someone at MS is asking you to do this, they haven't got a clue of what the issue is and are fobbing you off.

I must have gotten lucky, because I just received a mail from Microsoft that they are implementing a mitigation for my mail server's IP address and that I should be able to send mail to Microsoft's servers again after the changes has been replicated through their systems.

So for anyone struggling with this, I would suggest opening a support ticked with them directly.

1. I did get a response from MS to another ticket I opened using - https://support.microsoft.com/supportrequestform/8ad563e3-288e-2a61-8122-3ba03d6b8d75 - in fact I opened several.

In the field that says "Contact e-mail address (this email must be valid to receive the investigation report): *" - put in a Hotmail/GMail/Outlook/etc email address that you have, otherwise you won't be able to reply to it.

When you get an automated response, sit tight - there will be 2nd one within 1hr. This one will say -

We have completed reviewing the IP(s) you submitted. The following table contains the results of our investigation.

Not qualified for mitigation
178.79.xxx.xx
Our investigation has determined that the above IP(s) do not qualify for mitigation."

2. My reply to this was:

Hello,

I have been using SNDS and JMRP for over 12 months and no issues have been reported with this IP (178.79.xxx.xx) - The IP has been shown as having normal status at all times and currently shows as having normal status.

This IP is on zero blacklists. rDNS, SPF, DKIM and DMARC are all setup correctly and have been from the start, so I do not understand why it has been blocked and why it does not qualify for mitigation.

Kind Regards

3. I subsequently got a reply:

Hello,

My name is Punith Kumar and I work with the Outlook.com Sender Support
Team.

I do not see anything offhand with IP: (178.79.xxx.xx) that would be
preventing your mail from reaching our customers.

i.e. getting fobbed off because the L1 person doesn't understand.

4. persevere - I replied to this with the following email:

Hi Punith Kumar,

Thank you for your email.

I am unable to reply to your email or any email from

winlv.edfs.ww.00.en.cvg.bgl.ts.t03.esc.00.em@css.one.microsoft.com

from the IP - _178.79.xxx.xx _without receiving a message such as:

OLSRV.FOPE.WW.00.EN.WIP.BOM.TS.T01.DLS.ST.EM@css.one.microsoft.com: host
css-one-microsoft-com.mail.protection.outlook.com[104.47.53.36] said: 550
5.7.511 Access denied, banned sender[178.79.xxx.xx]. To request removal
from this list please forward this message to
delist@messaging.microsoft.com. For more information please go to http://go.microsoft.com/fwlink/?LinkId=526653 [1]. AS(1410) [BL2NAM06FT013.Eop-nam06.prod.protection.outlook.com] (in reply to
RCPT TO command)

this clearly shows that a block is in place.

Regards

5. I got another reply:

Hello,

My name is Leema and I work with the Outlook.com Sender Support Team.

We will be looking into this issue along with the Escalations Team
regarding IP: [178.79.xxx.xx]. We understand the urgency of this issue
and will provide an update as soon as this is available. Rest assured
that this ticket is being tracked and we will get back to you as soon as
we have more information to offer.

Thank you for your patience.

Sincerely,

Leema
Outlook.com Deliverability Support

6. My reply to this escalation email is\was

Hello,

Thank you for your email.

Our mail server's IP address appears to been blocked by any domain hosted by Office 365.

Hotmail.com and Live.com appear fine.

When I request that the IP address is removed from the block list, the automated email response is:

We have completed reviewing the IP(s) you submitted. The following table contains the results of our investigation.
Not qualified for mitigation

178.79.xxx.xx

Our investigation has determined that the above IP(s) do not qualify for mitigation.

The IP address applies to a Linux server which is shared by a small number of domains, all of which are affected by this block.

The IP address does not appear to be being blocked by Office 365 (or so the Delist portal states). Yet sending an email to an Office 365 hosted domain results in the following type of error:

Info@somedomain.co.uk: host somedomain-co-uk.mail.protection.outlook.com[104.47.21.36] said: 550
5.7.511 Access denied, banned sender[178.79.xxx.xx]. To request >removal from this list please forward this message to delist@messaging.microsoft.com. For more information please go >to
http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410)
[LO2GBR01FT025.eop-gbr01.prod.protection.outlook.com] (in reply >to RCPT TO command)

When I check the IP address in SNDS it shows that it has a "Normal status" and has done for at least 12 months. When I managed to speak to someone at Microsoft via the telephone, they were able to confirm that the mail flow was clear and they couldn't see the IP address on a block list at all.

I have also received no notifications of junk mail reporting via the JMRP system for this IP.

What I need to know is:

Why is the IP address on this list which neither myself or the representative at MS were able to view/access?
Is it just this single IP address that's affected, or a whole range?
How can our mail server's IP address be removed?

Please let me know if you need me to send any specific email header information to help diagnose and resolve the problem.

It appears to suggest that the IP's presence on the block list is irreversible. Is this the case?
We are not in a position to change the IP address for the mail server, so we need to have it removed from the block list.

Kind Regards

No response to my last email yet, it's been almost 12hrs.

I'll post up what the response is from MS.

Sadly it's like having an issue and repeatedly getting the "Log off & back on again, and if that doesn't help reboot your PC." - you know the type I'm on about. Even when you know more than L1 & L2 you have to play the game to get to L3 and they usually know exactly what the issue\fix is.

In my earlier message:

1. I did get a response from MS to another ticket I opened using - https://support.microsoft.com/supportrequestform/8ad563e3-288e-2a61-8122-3ba03d6b8d75 - in fact I opened several.

I'd suggest you open at least 2 - increases your chances of at least one of the tickets being read by someone who knows what SMTP actually stands for.

If both tickets get fobbed off with "we can't help you" - open another 2. Throw enough tickets - odds are you'll hit a real person as opposed to an idiot.

I work for an email host in Norway and we have experienced the exact same bouncing issues and futile attempts at getting Microsoft to act on this.

When it comes to Microsoft being slow as molasses at investigating and fixing this problem, I do understand that companies as large as Microsoft need to have pretty strict barriers as to which tickets that gets to be escalated to higher level technicians and which (probably the vast majority) that perfectly fine can be answered with a pre-written template.
But seeing how many have been affected and subsequently have been in touch with Microsoft, I have much less of an understanding that this now can drag out in time.

Since we got the first reports on the 21st of December we have contacted Microsoft several times, every day. At first we naturally thought that one of our own clients might have caused the IP to be blocked, but we quickly understood that this was highly unlikely as a thorough internal investigation of our logs found absolutely no evidence of spamming or any other suspicious behaviour.

At this point we are leaning towards not only seeing this as a technical issue, but also as a legal one. Tort liability can and will occur when your actions, or lack of them, cause another entity to lose money. This might in some cases even occur before you are aware of the risk of damage, but after you have been made aware of the risk and you still do not amend your behaviour to not cause damage you will most certainly be liable. This is basic tort law, and most legislations all over the world will have implemented this in some way or another.

Another legal aspect here is that this issue seems to affect a lot of servers located in the EU, and also servers (that is Linodes) owned by companies located within the EU or EEC. This means that the issue is subject to EU law, where strict rules apply to combat misuse of majority market share and lack of free flow of services, capital and information.

Most of the small businesses affected by this issue will not have the resources to pursue legal action towards Microsoft, but perhaps Linode have a legal department that could look into this.
Another possible option would be to consider doing it class action, and a third could be that reps from a EU business affected contacts their MEP.
Banging our heads against friendly, but nonetheless helpless, staff at lvl 1 over at Microsoft will not help. The last two weeks have pretty much made that crystal clear. The prospect of a massive EU fine might at least rise an eyebrow at some higher ups at Microsoft, hopefully.

On a sidenote, even though UCEPROTECT seems like a somewhat scammy scheme akin to the likes of SORBS etc., we did shell out for their "unlisting fee". This was about 24 hours ago, and it did not in any way help with the bouncing of emails sent from our server to accounts using Microsoft Office 365. So I think it is rather safe to say that those 25 Swiss Francs were a waste.

@pascual I am also situated in Norway and run a fairly small business. Problem with a lawsuit is that, while Microsoft might be slower than molasses, pursuing this through legal channels will take years (unless you can file a temporary injunction/midlertidig forføyning but I doubt this is applicable in this case).

I have now had a dialogue with Microsoft and a technician there that have incredibly enough not served me with pre written templates. And they say they have implemented a mitigation for my linode running my email server. That response was sent yesterday at midnight and my mail still gets blocked (though the technician said that it will take up to 48h for the change to replicate through all of their systems. So we will have to see).

I am all for a class action lawsuit in any case. If not to pursue an immediate resolution (which a lawsuit will not bring), then to pursue damages and just for the sheer principle of it. Microsoft has a very bad history with antitrust and even if this is not a willful anti competition measure from their part, the precedent set in previous cases where Microsoft where involved puts Microsoft at a disadvantage as a defendant. Especially given their market position/share within email hosting.

@helgur

Would you mind sharing a summary of how that contact was done? There are so many different ways of opening tickets with Microsoft, so there is a chance you have found a more efficient one.

I also completely agree with you on the other points. Whether deliberate or not, the effect that Microsoft causes here by lack of action is effectively pushing their competition out of business.
I have had several customers asking me the laste week if moving to Office 365 would fix the problem for them, and I can't lie to them - of course that would fix it.

@pascual sure. As you say there are so many ways of opening tickets, and I recon I've explored most of them too, so I would have to backtrack a little bit. I know I filled out a form somewhere, because I've also tried to send a mail to them directly (trough the contact info in the refusal/bounce email), and reviewing my last sent items in my mail, none of those where related to the reply I got from Microsoft. I'll have to shift through my browser history.

edit: There's a specific contact form on Microsoft's webpage for requesting support when you're IP's are blocked. But the URL in question for opening a ticket has a hash appended to it, so I'm a bit reluctant to share it publicly as that is in no doubt tied to me personally. It's not this one there's actually another page I randomly stumbled upon and I can't remember where it was, I am frantically shifting through my browser history at the moment /o\

BTW, if you haven't already done so I would first of all signup to Microsoft's Junk Email Reporting program (JMRP), by filling out this form

The search continues. I'll let you know if I find it

@dibsh

Microsoft support is completely incompetent. We are stuck on Level1 and they can't even understand the issue. I asked them to escalate the ticket but nothing. After two calls and having exchanged a lot of messages their last response was:

On the call i informed you that the domain info@xxxxxxxxxx.xx is not associated on this tenant and to any tenant, and I advised that you raise a support request where the domain is associated with for troubleshooting purpose. You confirmed that the domain is from an external sender.

He is talking about the sender domain which is associated with one of the blocked IPs. Totally unacceptable and i am not sure they have even read what i wrote them so far.
We are a small dev/hosting company having many affected clients.
The funny thing is that we also have ~200 users on Office365.

The issue is with emails being undelivered to email accounts on Microsoft's Hosted Exchange platform, i.e. Office 365. PLEASE FOR THE LOVE OF GOD, TRY TO UNDERSTAND THIS.
Linode staff - Asking folk to send emails to Outlook.com accounts is a complete waste of time. If someone at MS is asking you to do this, they haven't got a clue of what the issue is and are fobbing you off.

Exactly!

@kpapamanos

I feel your pain. Dealing with Level1 is rarely pleasant.

For what (little) it may be worth, I would suggest you open a ticket (or few) via

https://support.microsoft.com/supportrequestform/8ad563e3-288e-2a61-8122-3ba03d6b8d75

(even if that's the mechanism you already used) and feel free to use my replies to them as a template.

It's just a numbers game - throw enough tickets at them & at some point, there's a chance someone at MS with more than a few brain cells will pick up the ticket.

What I would additionally suggest is this - in the above form (for at least 1 ticket), put in your email address (related to the IP that's blocked).

When you get replies to it - reply back which will be blocked, forward the thread to your hotmail\gmail\etc account and reply from there (doing a CC to your blocked IP email account).

You may need to do this reply from your blocked IP every time, then forward to your hotmail\gmail\etc and reply from there with a CC every time. Annoying extra step\s but it will keep the bounce back headers in the email thread.

That way when they try to fob you off, ask why your replies from your email account (at the blocked IP) are getting blocked with a bounce back.

That did get me from Level1 to Level2 - although not sure what Level2 is going to do.

@dibsh @pascual

https://support.microsoft.com/supportrequestform/8ad563e3-288e-2a61-8122-3ba03d6b8d75

That's the form I used. Seems the hash is just an identifier for that form and not me.

Just thought to send an email to a friend whose email is on the MS Hosted Exchange platform, i.e. Office365 and got:

user@somedomain.com: host somedomain-com.mail.eo.outlook.com[104.47.1.36] said: 550
5.7.511 Access denied, banned sender[178.79.xxx.xx]. To request removal
from this list please forward this message to
delist@messaging.microsoft.com. For more information please go to
http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410)
[VE1EUR01FT021.eop-EUR01.prod.protection.outlook.com] (in reply to RCPT TO
command)

I've sent & received emails to\from this user numerous times over the last few years and had zero issues, so the IP block is still in place.

To any Linode staff reading this - the bit in bold in the 1st line, is where the issue is - nothing to do with outlook.com recipients.

I have just spoken to a reporter at Politico.EU who has previously done reporting antitrust and Microsoft.
They might be interested in doing a story on this if they are provided with evidence that it is indeed affecting a lot of different businesses.

I was just reading round on Google about what it would take to use an external SMTP service and came across the following article on Linode - https://www.linode.com/docs/guides/postfix-smtp-debian7/

The date of it looks rather suspicious - almost like a warning of things to come, i.e. Linode know the issue, won't or are unable to do things and folk with Linode mail servers will be forced to use 3rd party SMTP relays.

@dibsh
Users can submit Linode docs too. Santiago Ti found a solution, and published a guide. I would do it too

After trying a few times via delist@messaging.microsoft.com to escalate my IP (linode Sydney DC) blocked, Microsoft did eventually reply on Friday beyond the generic canned response, stating the "Anti-Spam Team would investigate the IP address's traffic history and current activity". I also have a ticket going as a Microsoft hosted 365 customer.

Perhaps Microsoft actually did something, as I can email my hosted 365 domain again today. HORAY! Fingers Crossed it stays that way.

Ongoing problem however, emailing an outlook.com address still bounces with "Unfortunately, messages from [172.105.xxx.xx] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140).

@RedisK

Fair enough. I suppose with the not so great response from Linode support - one starts seeing things that perhaps aren't there. :)

Being a weekend I'm rather surprised to get an update:

Hello,

My name is Yaqub and I work with the Outlook.com Deliverability Support Team.
We continue to look into this issue along with the Escalations Team. We understand the urgency of this issue and will provide an update as soon as this is available.
Thank you for your patience.

Sincerely,
Yaqub
Outlook.com Deliverability Support

Whilst not a fix, at least I haven't had a "computer says no" one (yet).

Good luck to all of you waiting for resolution!!

I'll gladly share our full story here in short:

Blocked on Dec 20th. After daily conversation with Microsoft (via support ticket through our O365 account - admin.micorosoft.com) we finally got unblocked on late Dec 23rd. It did not work on the first try, but they managed to get it unblocked on the 2nd try.
This stayed until Jan 4th when we got blocked AGAIN and it's still blocked.

Throughout the conversion for our first unblock and after a lot of severe complains from my side and a request for an explanation WHY we got blocked (root cause), I got a response from "Himansukh, Microsoft Office 365 Technical Lead":
It contains a lot of text about IP reputation in general and "how to be a good mail hoster" and so on, but also contains this very text at the very end:

Please note that this is NOT the RCA [root cause analysis] for this specific issue so if customer asks our IP’s reputation was already good, our tenant was not compromised, we did not exceed the sending limits etc we can’t and won’t be able to answer why specifically it was blocked. At least one of the above-mentioned reasons could be the cause or maybe something in addition to those.

Mind the part "we can’t and won’t be able to answer why specifically it was blocked".
So the Technical Lead officially tells us they have no clue at all why their system blocks something.

My takeaway from all this => Their anti spam AI simply got out of hands and got wild. Now they are not able to tell anymore why something was blocked. It is just blocked because the AI decided to.
(I might be wrong about this, but this is the only explanation for me, which is consistent to what the tech lead says)

I am fully with you that it is about time to drag all higher managers of M$ out of their beds and in front of the judge. Furthermore, take away their full year's salary, they don't deserve it. How can one of the richest IT companies in the world run a service, where they don't know WHY something happens in their system?

I got a response from "Himansukh, Microsoft Office 365 Technical Lead"

One thing you have to understand about M$ is that it's not a tech company…it's a marketing company specializing in fear, uncertainty and doubt. M$ could care less about it's customers. This is the true legacy of Bill Gates & Steve Ballmer!

Employee titles at M$ are on the same level of banks (where a promotion from "teller" makes you a "Senior Vice President") and WWF championship match award belts ("InterGalactic Federation of Planets InterSpecies Champion"). Ergo, Mr Himansukh is the support 'droid (probably his actual organization title) who drew the short straw…

Office 365 is a hosted service… Most of the management of the O365 platform was shuffled off to low-wage/-skill entities long ago. Redmond is only in charge of the marketing hype. You get what you pay for…

It could be worse…at least Mr Himansukh has acknowledged the problem is theirs. Be prepared for the "Senior VP of Hosted-Platform Development" (second-level support 'droid) to disavow Mr Himansukh's statement completely if the problem gets escalated to him.

M$s usual tactic would be to blame you…for using a non-M$ provider in the first place. You can bet that no Exchange server anywhere in the world is blacklisted…no matter how much spam it spews out every microsecond of every day…

There are a lot of smart people that work at M$. NONE (zero, goose egg, nada, bupkis…) work in General Customer Support. Working in General Customer Support either by design or demotion is a serious CLM (career-limiting move). Working on customer-specific support teams (e.g., Nike or Intel here in the Pacific Northwest) is a different story.

-- sw

so I got the standard response with the likes of

My name is Xxxxxx and I work with the Outlook.com Sender Support Team.

I do not see anything offhand that would be preventing your mail from reaching our customers. For the following IP (xxx.xxx.xxx.xxx)

then all the standard copy/paste blocks of text, but for some reason it all felt like an advert leading to

Return Path's IP Certification (https://www.validity.com/products/returnpath/certification/) is the only service to which we subscribe

I have replied asking he escalate my issue rather than the standard script responses, I am wondering if anyone is part of this "Return Path IP Certification" and if you still have the same problem?

Stu

quick update:

My name is Raju and I work with the Outlook.com Deliverability Support Team.


We will be looking into this issue along with the Escalations Team regarding this IP: (xxx.xxx.xxx.xxx). We understand the urgency of this issue and will provide an update as soon as this is available. Rest assured that this ticket is being tracked and we will get back to you as soon as we have more information to offer.


Thank you for your patience.

I am not going to be holding my breath (btw ~ I did have to request escalation to an actual tech at least twice)

Stu

I wonder if there are any reps from companies here that have any good news? Have you been able to get this issue sorted for your email servers? If so, would you be so kind to share any information that you can as it might give valuable hints to the rest of us?

Well, there has been three days since Microsoft said they would implement a mitigation for my mail server, and still no bueno.

We have implemented mitigation for your IP: [...*] and this process may take 24 - 48 hours to replicate completely throughout our system.

:/

I couldn't help but chuckle at the little green button at the top of this page offering "Free Cloud Migration" - does that include out as well as in?!

We need more updates from Linode Staff. Seriously.

Hey everyone, just a small update: our case with Microsoft is being escalated and we're expecting a response within 24 hours.

@jackley Good luck with that, I've been waiting a week for a response from the escalations team.
Today I received the first response to a support request sent on January 2nd.
I am currently balancing outgoing email from 5 linodes between 2 different providers while we wait for news from linode or microsoft.

The most recent email received from Microsoft: (2 days ago)

Hello,

My name is Sai and I work with the Outlook.com Deliverability Support Team.

We continue to look into this issue along with the Escalations Team. We understand the urgency of this issue and will provide an update as soon as this is available. Rest assured that this ticket is being tracked and we will get back to you as soon as we have more information to offer.

Thank you for your [blablablah]

@jackley please keep update the latest status, our mail server located in 139.162.64.0/19 affected by the issue since late December. we tried every way to report and deal with M$, none progressing. really high stress because of this issue.

@jackley Yeah, I sincerely hope that you will receive good news soon, but from what I have understood that last couple of weeks is that Microsoft low level technicians have a very peculiar interpretation of the term "escalation".

One of our recent lines of communication with Microsoft seemed somewhat promising as we finally were able to get hold of a real person that was not just purely droning out templated answers. This has been going on of 6 days. However, the following was the answer I got after providing vast amount of technical documentation and all the proof found in this thread and others that something actually happened on the 21st of December.

Hello Pascual.

Thank you for your response.

I do understand your concern regarding this issue; however, I support Microsoft 365 Online Professional Support and our support scope does not include the provision of root cause analysis as we are a break and fix team.

Regarding this issue, I will highlight your concerns with the internal team, but we are only able to troubleshoot and work on this issue within the bounds of the affected tenant, in this case, it is the […] tenant.

Hence why we require the report mentioned as requested by the internal team.

Looking forward to your feedback.

Warm Regards,
[…]

Let me translate that from BS to English:

What I am basically telling you is that I am willing to ignore a plethora of information regarding what might be a serious malfunction for Microsoft in Europe for purely formalistic reasons.
Please do let me know if I can waste more of your time on this lovely journey towards your complete exhaustion regarding this issue.
Love and happy thoughts,

Your caring Microsoft Drone

… does not include the provision of root cause analysis

I got the same text. I answered them that we are a paying customer and it's their obligation to prove that we are doing wrong, if they block our incoming connector's server. Until they prove things, it is simply a violation of the contract.
The next answer came from the "Technical Lead", see above.

… as we are a break and fix team

Dear M$:
Yes you "break" things, that's for sure.
But how you "fix" things without knowing the cause (hello RCA), is the real magic.

This has been a problem for me as well with server IP 50.116.31.253. Microsoft support has been useless.

I am warning my customers about this:
https://www.htmlvalidator.com/CSS-HTML-Forum/viewtopic.php?p=12739#p12739

And recommending they contact me with a properly working email address like a gmail account.

All efforts to get any helpful/useful response, solution, or results from Microsoft have failed thus far.

What exactly is it that you people expect Linode to do? Nothing is broken on their end. They have nothing to fix. All they can do is beg Microsoft to pull their heads out and how well has that ever worked for anyone?

Following. Having the same issue with all our servers. Coincided with moving a load of clients from one server to another one, so assumed it was down to the IP we were moved over to - but seems its much more widespread than that!

What do we expect Linode to do, @Computerlink (and all the others who seem to think we're being unfair to Linode)?

1. Spend more time dealing with abuse (especially spam) on the linode network. http://www.uceprotect.net/en/rblcheck.php (search for the ASN 63949). You can see many level 2 listings within the network, and the network as a whole is listed on level 3. Granted, no one should be using level 3, but its indicative of reputation on the network as a whole.
2. Use their relative clout (in comparison to us, their individual customers) as a provider with a reported 560,000+ IPs to pressure Microsoft in to doing something about it. Individually, we get a canned response from Microsoft or at best one of us gets the problem solved. Linode have a much better opportunity to actually get the problem fixed for everyone.
3. Provide an SMTP relay (outside of the Linode network) for those still affected, in order to mitigate the problem until it is fixed.

Same problem here, about to setup SMTP relay with duocircle for some of my domains.

I hope this is rectified soon :(

now the linode network is no longer L3 listed on uceprotect, so it should work fine now…nice!

@eriknuds, sadly it's not that simple. As far as I can tell, Linode servers are still blocked by Microsoft

I just got another response from Microsoft on my latest ticket, with a new "twist":

Yes, unblocking using sender.office.com is expected to not work as the IP is not blocked in Office 365's end in the first place.

I replied the question who else is blocking it then…
Let's see where this road ends.

We have one MX hosted at Linode which is (was at the time) listed in UCEPROTECT L3 only and one MX at DigitalOcean which is listed in UCEPROTECT L2, L3 and scientificspam list too. Whereas MX at Linode is blocked the other one at DO can deliver emails to 365 users without any issue (although listed in L2+L3). So I assume it has really something to do with internal Microsoft's reputation algorithm.

BTW both servers are registered in MS SNDS list since last Friday but it doesn't have any impact.

From my experience in these days, IP-s of USA based linodes are able to deliver to MS 365 domains, but get rejected from hotmail.com and outlook.com(possibly other aliases). Europe based linodes, are able to deliver to outlook.com/hotmail.com, but get rejected for MS 365 domains. Quite a Messcrosoft.

Can confirm that this is still an issue for Linode's IPs in Canada as well.
My IP is in a good standing in SDNS, yet I'm a "banned sender".

Also, please stop mentioning UCEPROTECT, nobody in their right mind uses this ransom-demanding "service". I was able to send to Outlook even when Linode was in this list, so MS definitely does not use it.

anybody could get a resoulution to this issue? we're still having the same problem although contacted microsoft & linode multiple times.

I started getting some replies to the tickets, after 5 days, but the IP's are still blocked. Let's hope is the beginning of the end of this nightmare.

Seems like Microsoft is intentionally dragging this, there is no way that could be so incompetent. And that they are able to produce only one useless offtopic response per day. They also deleted discussion at https://docs.microsoft.com/en-us/answers/questions/674558/550-57511-access-denied-banned-sender.html

Those that keep mentioning outlook.com/hotmail deliverability please note that you have additional issue that is not related to 5.7.511. Sign up for jmrp and delist your ips.

What we should do with 5.7.511:

• involve press
• open o365 trials and open alot of tickets
• record phone calls with Microsoft support, will be usefull for press and lawsuit
• action class lawsuit

I was just checking "sendersupport.olc.protection.outlook.com" to see if there were any updates and I found this interesting,

it seems some bloke named Jose is requesting access from 172.105.160.0 to 172.105.191.255

Jose Glz | office2017@kembio.com.mx | 172.105.160.0 | 172.105.191.255 | Pending initial verification

I know its still in "Pending initial verification" but should I be worried in any way? or does Linode have a sideline business making cleaning products in Mexico?

Stu

@interactivesun writes:

Seems like Microsoft is intentionally dragging this, there is no way that could be so incompetent. And that they are able to produce only one useless offtopic response per day. They also deleted discussion at https://docs.microsoft.com/en-us/answers/questions/674558/550-57511-access-denied-banned-sender.html

Grasshopper…you have much to learn… The House of Gates never admits error. To admit error invites unwanted scrutiny.

-- sw

Linode support directed us back to this thread.

Linode IP's in Sydney are also affected.

Microsoft are definitely dragging the chain here. Best solution seems to be to keep submitting tickets to MS and then asking their useless L1 support to escalate the problem.

I can confirm the block at 6:30UCT Jan 12 of a Linode server (in Jose Glz's pool ;-) ) that is no longer listed in the extortionist UCEPROTECT L3, is ok with SNDS and that is reported not to be blocked by sender.outlook.com Sigh.

@lymac where do you report this to M$? I've tried emailing sop many times to delist@messaging.microsoft.com , but no reply on any. Is there a portal we can put a complaint in at on M$'s end?

I don't know if it's related but we've started getting emails from companies that use Microsoft email services saying that Microsoft consider the emails are not trustworthy. The senders are not small companies. We receive emails where the original web links have been stripped and a link inserted at the bottom directing us to https: // account.activedirectory.windowsazure.com/?tenantid=[a long hex id]&login_hint=[our sales email], followed by a Microsoft disclaimer; which is triggering our people to flag it as possible phishing, especially as https: // account.activedirectory.windowsazure.com takes you straight to microsoftonline.com! All this domain obfuscation can't be helping.

Don't know what this means apart from a) they're "reading" emails, and b) maybe something's been released in to the wild before it was properly tested, surely not! and now they are coping with a system running out of control; which may explain the silence and try this / try that approach.

@youradds …

start here … https://sender.office.com/

First the automated tool tells you that the IP is not blocked, but gives you a link that you can use to create a support request.

Click the link, fill in the form. A Level 0 MS tech will then reply with a standard form and tell you there's "apparently" no problem

You then tell MS they are full of shit and it obviously IS their problem. They would know this if they had actually read the returned error message from their server that you already pasted to them. Tell them to "Please escalate this case".

MS will then ignore you for a while, before eventually sending another form email saying that the case has been escalated. They may also tell you to sign up for anti spam services that will do you absolutely no good at all. Ignore them. Keep spamming MS with more complaints. MS will then begrudgingly admit that they're looking into the problem but have no clue whats wrong.

Rinse. Repeat.

@stuangel This Jose Glz with email office2017@kembio.com.mx is also pending verification for 139.162.160.0 through 139.162.191.255. This certainly is no Linode staff member and will not help with 5.7.511 issue. Worst case is that he might be phishing for emails from complaint feed which would reveal email addresses and potentially additional personal information for identity theft. This is a big no no. In case this ever gets validated, go to Access Control and request reauthorisation.

@interactivesun - I also noticed a user called Trust and Safety with the email linodetrust@gmail.com on SNDS, same IP range as Jose Glz, which also seems quite fishy, so I've required a reauthorization, as I don't expect Linode staff to use a gmail account.

On SNDS, I've got

Trust & Safety - linodetrust@gmail.com with Normal access status for 139.162.192.0 - 139.162.223.255.

Jose Glz - office2017@kembio.com.mx with Pending initial verification for 139.162.192.0 - 139.162.223.255, and Reauthorization required, grace period in effect for 178.79.128.0 - 178.79.191.255.

The linodetrust@gmail has been there for quite some time. I'm going to hit Request Reauth, if it's legit, I'm hping Linode staff will pipe up.

Looking at JMRP, I can see

• I have View access Type
• Trust and Safety linodetrust@gmail.com has View
• Jose Glz office2017@kembio.com.mx has Manage

How on earth do I remove Trust and Safety and Jose Glz?

That gmail address was a stopgap we used to address an entirely different problem from Microsoft. You can stop requesting reauthorization for it, it's actually us.

Hey Everybody,

We’re still working with Microsoft regarding the “550 5.7.511 Access denied, banned sender” error and are treating this problem with the most urgent priority. While we cannot control how long it takes for Microsoft to address the issues on their end, we do have potential solutions that we can offer in order to help customers avoid the current “Banned Sender” bounces:

• Our team can swap your current IPv4 address with a new one unaffected by these blocks. If you choose to swap IP addresses and need to update DNS records to use the new address, let us know and we can temporarily add the new address while your records propagate to avoid downtime.
• We can offer you an additional IPv4 address unaffected by these blocks. Additional IPv4 addresses incur a $1/month fee.
• We can route an IPv6 /64 range to your Linode for you to configure for sending email
  • This is recommended for customers that wish to use IPv6 whose recipients may be impacted by RBLs that list the /64 subnet containing Linode default SLAAC addresses.
• You can use IPv6 for sending email from your Linode’s SLAAC address.

If you're interested in any of these solutions, please open a Support ticket and someone from our team will be happy to assist you. We still intend on finding a resolution to the original issue, but we'd like to get as many of you up back and running as we can, as soon as possible.

Thanks for this. I've requested a second IPv4. Unfortunately a lot of O365 customers don't have AAAA records setup so it's IPv4 only.

Hello Linode and @_Brian,

How about an unblocked open relay on your network that I (and others) could use to send email until this problem is resolved? Would this work?

Hey @htmlvalidator – that's not something we're considering at the moment.

Still suffering from this issue unfortunately.

The Level 3 UCEPROTECT blacklist has expired (or otherwise went away), but the sending issues do continue. This leads me to think that the UCEPROPTECT listing isn't used directly by Microsoft, which is comforting.

I wonder if, however, they're using a similar 'nuclear' method of assessing which IPs can/cannot send to O365 by blocking entire subnets.

I'm really shocked that this is taking so long. It's been 3 weeks, and the clients on my Linode servers are rightly upset and confused about the situation. It's pretty frustrating.

Anyways I know this is a Linode thread - by has anyone noticed this issue on any of their non-Linode servers?

I wonder if, however, they're using a similar 'nuclear' method of assessing which IPs can/cannot send to O365 by blocking entire subnets.

Most likely they have their own, home-grown reputation-scoring system. The details of which would be an M$ state secret.

-- sw

Before, I nearly constantly saw that my IP was on the Level 3 UCEPROTECT blacklist. MXTOOLBOX monitored me, my reputation decreased by 1 point only. I didn’t had any delivery issues. I also asked linode about it, they told me the reason: your IP is listed because somebody in your IP range did something ( sent spam or similar).
This listing usually resolves itself and than comes back.

For me it seems that the current MS issue is not related to this blacklisting. Neither before neither now. Before I was listed and delivery was perfect, now I’m not and delivery to MS is still critical.

Now I’m using Sendgrid for delivery, changed around ~100 domain’s DNS… Do you know what happened? Their IP also got blacklisted! I’m able to send emails to MS but now my other clients opened a ticket regarding email delivery.

What I’ll do: ask for a +1 clean IP from Linode, set my Postfix to use that for delivering only and keep Sendgrid as a backup.

Hi @_Brian

How do you distinguish between "clean" IPs that you are offering as a replacement, and banned IPs? Is there a test I can apply to my own IPs?

Please note: the IPv6 workaround won't work. IPv6 support for outlook tenants is opt-in; until it is enabled, the MX won't accept email and the AAAA record will not be published in the DNS. Most companies - anecdotally, 100% of recipients we need to deliver to - do not opt in. Since there's no SMTP service to which the traffic could be routed over ipv6, and no (simple, for the purpose of e.g. postfix transport maps) way to distinguish between outlook tenants and everyone else, I don't see how IPv6 could be useful to solve this problem.

@Arklogic, we've configured Postfix to use an SMTP relay to a local hosting provider here in the UK, all's working well at them moment with no more bounces.

We are in and out of Level 3 UCEPROTECT on a fairly regular basis. We had been on their Level 3 warning for some considerable time before I spent a bit of time polishing up our reputation. Now, every time a Shopify marketing campaign is sent we dip in to Level 3 warning and a couple of days later we come back out. Even when we were permanently marked as Level 3 we never had any issues sending emails. In UCEPROTECT own words Level 3 warning is as low as, well as low as telling Microsoft "you're a very naughty boy" whenever it's found guilty in court. We never knew just how much companies had become reliant on Micros**t services until this issue hit. Bit like the Irish potato famine, or all eggs in one basket; all's great until you stumble!

Today i asked again for ticket escalation from Microsoft and i finally got this answer:

Kindly note that the issue have been escalated to the engineering team and they are actively working to resolving it.

Then after a couple of hours i got this:

The engineering team have informed me that issue has been resolved.
Kindly confirm that you able to send emails to Office 365 from the IP: xxx.xxx.xxx.xxx (<-- London datacenter IP)

I tested and they finally solved it!! I am not sure if they fixed the block for my IP only or the entire range.
Please note that i also have another IP in London that is still blocked and i just asked them to fix that too.

PS: Please guys, stop taking Level 3 of UCEPROTECT seriously. Microsoft is definitely not using this.

@kpapamanos how did you ask for ticket escalation, any forms or sth?

Still not working on our IP :(

R=dnslookup T=remote_smtp H=starteng-co-uk01c.mail.protection.outlook.com [104.47.21.36] X=TLS1.2:ECDHE_SECP384R1__RSA_SHA256__AES_256_GCM:256 CV=yes: SMTP error from remote mail server after RCPT TO:<sales@start-eng.co.uk>: 550 5.7.511 Access denied, banned sender[178.79.183.93]. To request removal from this list please forward this message to delist@messaging.microsoft.com. For more information please go to http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410) [LO2GBR01FT022.eop-gbr01.prod.protection.outlook.com]

@gruppal

No, i just asked multiple times for escalation. I had a ticket with Office365 Level1 support since 3/Jan. We exchanged a lot of emails since then but the responses was not very helpful and my initial escalation requests were ignored.
Yesterday - after two days of silence - i received this:

Kindly provide status update as regards to the issue of IP address xxx.xxx.xxx.xxx not able to send emails to Office 365.
Your kind feedback will be highly appreciated.

So i asked escalation one more time:

No, the network is still blocked and i am still unable to send messages to my Office365 or any Office365 account.
What actions did you take so far to resolve this issue?
Please escalate the ticket to Level2. 25 days have passed already.

Meanwhile, in the microsoft bubble…

Hello,

Thank you for your response.

We continue to investigate the issue with our escalation team, we will update you once we have more information.

Thank you,
Outlook.com Deliverability Support

Still not working from 172.105.109.xxx (Canada/Toronto)

Issue seems to be resolved for our part.

172.104.241.*** Europe

I couldn't tell if any actions from our side have had any impact, but we have been pestering Microsoft reps to fix this ever since the 22nd of December.

Still not working:
Linode-Frankfurt/DE
139.162.0.0/16

XXXXXXX.mail.protection.outlook.com[X.X.X.X] said: 550 5.7.511
Access denied, banned sender[139.162.X.X]. To request removal from this
list please forward this message to delist@messaging.microsoft.com.
…bla bla…

Also unable to FWD to delist@messaging.microsoft.com.
That results in:
Your message to delist@messaging.microsoft.com couldn't be delivered.
A custom mail flow rule created by an admin at frontbridge.com has blocked your message.
…bla bla…

custom rule --- see --- custom --- ha-ha-ha---what-a-joke

frontbridge.com should be scrapped and replaced by a real anti-spam solution --- it currently blocks legit emails!

@pascual

Issue seems to be resolved for our part.

172.104.241.*** Europe

I couldn't tell if any actions from our side have had any impact, but we have been pestering Microsoft reps to fix this ever since the 22nd of December.

Any wisdom for the rest of us?
Any contact emails where we can cry our pain and IP's?

Not only are there no changes here, our third IP (from Dallas DC that still worked normally this morning) just got blocked too…

It's far from over it seems.

seems 139.162.x.x has been resolved.

@gruppal I'm on the same net, but still blocked :-/

@feIxXfYSlP

I am really sorry, but no. We haven't done anything except for things suggested by others in this thread.
As many things Microsoft, it seems somewhat arbitrary what they react to or not.

@gruppal, @jacrasmussen
Same net, 139.162.x.x still blocked

My 2nd ticket got a response, like a week after I opened it,

Hello,

Thank you for contacting Microsoft Online Services Technical Support. This email is in reference to ticket number 1533775xxx, which was opened in regard to your delisting request for IP 178.79.xxx.xx

Please ensure that you have resolved any issues generating malicious or abusive traffic from the IP in question and utilize the portal found at https://sender.office.com/ to complete the process of IP removal.

Then please wait for 1-2-hour delay before this change propagates through our entire system. After waiting of 1-2 hour try to send email again.

If you continue to receive Non-Delivery Receipts (NDRs), or "bounce messages," that indicate that the IP address is still blocked by our spam filtering system, please forward one of the most recent and complete error message to us and we will investigate further.

Thank you again for contacting Microsoft Online Services technical support and giving us the opportunity to serve you.

Sincerely,
Joy Ojo

Microsoft Online Services Technical Support

Replied back with sender.office.com says not blocked but if I try to email them back from that IP I get the "sender banned" reply, so it is blocked\banned.

Firewalls\etc aren't that complex - you'd think I\we were asking them to diagnose & fix a neurological condition (over the phone) or something.

If you're interested in any of these solutions, please open a Support ticket and someone from our team will be happy to assist you. We still intend on finding a resolution to the original issue, but we'd like to get as many of you up back and running as we can, as soon as possible.

I saw this and opened Ticket 16779254 almost 2 days ago requesting a new IP for one of my two VMs (and a link to this thread) and I got a response quite soon after asking to make sure I had valid matching rdns and SPF records. Which I already had.

But no further response 40 hours since I last responded in the portal. This is the first time I have been disappointed in the support response time.

I ended up routing SMTP via my home Internet connection in the short term as I can't wait forever for this to be sorted. Certainly wasn't back up and running "as soon as possible".

A few more regular updates from Linode Support on here to the problem and where it is at would also go a long way to help.

@dibsh writes:

Firewalls\etc aren't that complex - you'd think I\we were asking them to diagnose & fix a neurological condition (over the phone) or something.

What M$ has is not a firewall in the iptables sense… What they have is some morbidly obese, "AI"-based, reputation-scoring scheme for external (to O365) senders.

M$ reorganizes frequently. My guess is that this system (whatever it's called) has had hundreds of "owners" over the years and that each owning team has added it's own bells and whistles to justify their own existence (whether or not the bells and whistles made any sense or contributed to the efficacy of the system as a whole). It's the nature of the support business…and it has undoubtedly led to the current Mr Creosote-level of bloat.

There's probably not a single person alive today that understands it all…or can even chart it's history. Consequently, the layers of cruft in these systems are approaching the thickness of the earth's crust. Plus, it's Windows…

M$ writes:

If you continue to receive Non-Delivery Receipts (NDRs), or "bounce messages," that indicate that the IP address is still blocked by our spam filtering system, please forward one of the most recent and complete error message to us and we will investigate further.

Translation: We'll open a new ticket; put you at the end of the queue; and assign it to some off-shore intern who is 8 timezones away. Be seeing you…

Who controls the past controls the future: who controls the present controls the past. -- George Orwell, 1984

-- sw

Hello friends,

The company where I work is one of the lucky ones where our IP for our mail server suddenly a day ago was no longer affected by this Microsoft mess.

I answered @feIxXfYSlPv that I could not remember that we had done anything else that what has already been discussed here, but this morning I did remember one action we took that has not been mentioned yet. Whether or not it had any effect at all I can not say, but at this point I would leave no stone unturned.

As many others here have also done we opened a paid business account at Microsoft Office 365 to get access to a real person for customer service.
What we did different there was that we requested that the first contact be done by phone and not by email. This was an attempt to avoid those silly template answers that only serves to delay a real resolution.
The person who called was very friendly and eager to help, but unfortunately and not surprisingly not anywhere near the level of technical knowhow to resolve to root cause of the issue.
After providing him with mountains of evidence that this was not a singular problem with our account, but in fact a massive issue with serious consequences internationally he stopped answering.

That is where we did something that I have not read about here yet. In the very bottom of his email signature the name of his two supervisors were named and had their emails listed.
What we did was to direct a complaint to the supervisors in very clear language detailing the problem, lack of competence, lack of basic decency towards fellow human beings trying to survive in a difficult economic and also the ridiculous possibility that we might end in court to solve an issue that could easily be solved by someone competent logging in to a server.

After this the supervisor got in touch with us, and then her employee apologised. He tried calling me several times, but I emailed him and told him that I do not wish to waste any more time with futile activities based on generic scripts.
He then assured me that he would (probably for reals this time) escalate the ticket and make sure to check on the status internally until it was solved.
And 2 days after this this problem magically disappeared.

So in summary:

1. Create business account at Office 365.
2. Open ticket.
3. Raise hell at highest possible level.
4. Do not accept generic answers.
5. Rinse and repeat from 3, or 2 if you need to.

@pascual

Thanks for the update. This reminds me that we did basically the same back in December. Ticket on paid O365 + contact by phone + further mails in CC to all listed addresses in the footer.

It indeed got resolved back then within 4 days (which sounded incredibly long back then, but seems ultra-fast compared to the situation now).
Unfortunately, the block came back on Jan 4th and couldn't be resolved again yet.

(Footer in mails of my current ticket do not mention the supervisor's mail addresses)

Still blacklisted 172.104.245.*

50.116.31.253 is still blocked too (Dallas) after numerous forwards to delist@messaging.microsoft.com .

<(customer email address)>: host btconnect-com.mail.eo.outlook.com[104.47.6.36]
    said: 550 5.7.511 Access denied, banned sender[50.116.31.253]. To request
    removal from this list please forward this message to
    delist@messaging.microsoft.com. For more information please go to
    http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410)
    [VE1EUR02FT023.eop-EUR02.prod.protection.outlook.com] (in reply to RCPT TO
    command)

Finally got something back from M$:

Hello,

My name is Deepthi and I work with the Outlook.com Deliverability > > Support Team.

We have implemented mitigation for your IP (178.79.183.xx) and this > process may take 24 - 48 hours to replicate completely throughout our > system.

Sincerely,

Deepthi
Outlook.com Deliverability Support.

It'll be interesting to see if that helps. They must be getting a bit pissed off with all these emails from people by now!

What they're doing is whitelisting your IPs. And if the posts above are any predictor, their whitelists sunset and expire.

Thats what I was thinking. Hopefully they fix it properly, rather than just putting a plaster over it!

@tfw_whargharbl

So you are suggesting that the only real solution will be for Microsoft to unblock Linode's IP range? No individual solutions are enough?

In that case, a more serious technical explanation from Linode staff would be a must. @jackley , @_Brian , whoever…

Still having issue with ours at 172.104.x.x and 50.116.x.x, we are temporarily re-routing the email through another newly setup postfix relay.

We already have a backup smtp relay in a different location to prepare for this kind of situation, unfortunately the backup smtp relay is also with Linode and looks like all Linode IP got blocked. So we have to setup another with a different provider. We tested a few providers to ensure the new IP isn't blocked.

So far the new relay is working ok, the only problem is some spam filtering system may reject the new IP with reason - shoe spamming suspicious

Hope Linode resolve this asap

It seems my case, that I registered january 3rd, through the following URL, was finally solved:

https://support.microsoft.com/supportrequestform/8ad563e3-288e-2a61-8122-3ba03d6b8d75

Please bear in mind that you will likely first get:

                                                                                                                                    Dear Vegard Engen                                                                                                         


    We have completed reviewing the IP(s) you submitted. The                                                                  

following table contains the results of our investigation.

    Not qualified for mitigation                                                                                              
    X.X.X.X                                                                                                           
    Our investigation has determined that the above IP(s) do not                                                              

qualify for mitigation.

You need to reply to this, and not from the email that bounces - I forwarded it to gmail and replied there.

I was pretty persistent in my first reply, stating I had done everything their guides said to do - SPF, DKIM and what not. Because I had, before reporting the case. I also added links to this and a few threads, to give a "+1" to "their blacklist causes problems". It didn't help particularly, I still got into their support-system, having to reply to mails from their support teams every other day.

But the above gave me a reply from an actual person (after a couple of days), so there's that.

When you get the reply, you just have to be persistent, and deal with them like any other support system. It will be annoying, but for me, it eventually paid off.

Yesterday, I got:

Hello,

My name is Mohan and I work with the Outlook.com Deliverability Support Team.

We have implemented mitigation for your IP (139.162.184.189) and this process may take 24 - 48 hours to replicate completely throughout our system.

Sincerely,

Mohan

Outlook.com Deliverability Support.

And today, I could send mail to my SOs work-email without it bouncing, which is what I've been doing to test this.

Do everyone of us need to do this? I hope not, but please: Do so. Unless this becomes an annoyance and too much work for them, they're not going to implement a proper solution. If we are lucky, someone will notice the pattern and that the blocking in itself causes hours spent on support causes, and fix the underlying problem.