Trusted mail servers
Microsoft is once again blocking emails from Linode.
550 5.7.1 Unfortunately, messages from [x.x.x.x] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3150).
We do everything by the book: SPF, DKIM, DMARC, Reverse PTR set, double opt-in, unsubscribe links in each email, List-Unsubscribe headers for automatic processing, slow ramp ups of batches, rate throttling, joined on several feedback loops (FBL), etc.
But often enough, we get caught up in these blocks because who knows what our IP neighbors are doing and so Microsoft just blocks a whole range.
My question or request is: Is there a Linode IP space that is set aside for mailers that has stricter requirements (such as all the things we are already doing). Anyone in this IP block maybe goes through some extra verification and monitoring - if you are sending spam you get kicked out/can't use this separate IP block anymore. But therefore your IP neighbors won't get you blocked by whatever they are doing.
What are your thoughts? Does this exist? Can it exist, even if it has to be in a single designated data center?
See these past threads:
https://www.linode.com/community/questions/22287/550-57511-access-denied-banned-sender-office-365
https://www.linode.com/community/questions/22847/how-do-i-remove-linode-assigned-ip-from-hotmails-block-list
2 Replies
jhartman
Linode Staff
These IP blocklists tend to be pretty frustrating for us as well since Microsoft doesn't seem to follow any predictable rhyme or reason when they block addresses. Situations like this are doubly frustrating when you take extreme care to setup your mail as legitimately as possible (as described above), but other peoples' mailing seems to catch you instead.
One thing to point out is that Microsoft has two primary blocklist bounce errors; the 5.7.1 for individual addresses (the error you provided) and a less common 5.7.511 for full /24 subnets. We are able to reach out to Microsoft to mitigate either error if you open a ticket and provide the following information:
- The full 550 Error Bounce error message as received from the blocking domain (definitely a good idea to redact that on our forum)
- Confirmation of your mailing domain name
- Confirmation that your rDNS/PTR and SPF Records have fully propagated
That stricter block of hyper-regulated IPs doesn't currently exist, but I'd be interested to see how that would work long-term in reducing the frequency of blocklist mitigation for diligent mailers. While I cannot guarantee this would be something we could implement, I've submitted your feedback for feature tracking.
To some extent, the closest way for you to have this curated IP-space would be for you to request us to add an additional IPv6 address to your Linode. Since IPv6 addresses/address blocks are functionally in a nearly limitless supply, we can grant your Linode its own /64 pool. This will give you and no one else the ability to make use of 18,446,744,073,709,551,616 IPv6 addresses that wouldn't get blocked as long as none of your emails get flagged as spam.
Thanks for your response and for submitting the idea.
I know better than to blame Linode for this since we've been sending mail from this IP for a good 10+ years now. These issues come and go. It's just interesting how Microsoft decides to block sometimes since looking at their SNDS site, all looks good: https://i.imgur.com/6whO9z2.png
Also, good idea to grab an IPv6 address space! Google Postmaster Tools likes our IPv4 address ("Good reputation"), but they don't like it when it comes from the IPv6 space ("Bad reputation"). They look at our IPv4 individually though, and with IPv6 they look at the entire block 2600:3c00:0:0:0:0:0:0.
Thanks again for your thoughts, and any other ideas you may have going forward.