Hi,
We're sitting with exactly the same problem at the moment, we thought we
were the only ones.
Started noticing it last week Monday as user complaints began rolling
in.We're a rather small hosting company and it took us quite a while to
narrow down the problem as we only sent mail out from servers in a
single domain.
We came to the same conclusions as you, essentially it boils down to
mails sent out from a server with the triggering domain are flagged as
SCL:9 and the exact same mail from the same host/IP with a different
domain comes back with SCL:1.
It's definitely not IP reputation based and any lookup of the domain on
domain reputation lists comes back as clean. Reaching out to Microsoft
has yielded nothing but automated/canned responses and being told that
there's no problem's relating to our IP/domain reputation.
We're working under the assumption that it's not reputation based but
rather some kind of content analysis (something like bayesian analysis)
that is being tripped up, but this is little more than a guess without
some kind of feedback from Microsoft.
Something I might be able to add is that we're seeing the exact same
thing with mail to a domain using Cisco Talos, started exactly the same
time, so there definitely seems to be a connection there. Reporting to
Cisco I got the same response as from Microsoft, that our IP/Domain
reputation was fine and so the ticket was closed.
Please do let me know if you make any progress on your side and I'll do
the same.
Best Regards,
Grant Gordon
On 2023/12/01 05:47, Angelo Giuffrida via mailop wrote:
Hi all,
Apologies for the duplicate post (a colleague of mine attempted to
send it but I think it's been held for moderation as he's a new user).
Wondering if anybody on the list is from Microsoft or can assist in
raising somebody at Microsoft to help with a strange delivery issue we
are facing sending email to Outlook users.
We are a web hosting company that has 10s of thousands of domains,
spread across a few hundred servers emailing out through an outgoing
email cluster. The cluster has multiple nodes and IPs.
The servers sitting behind the outgoing email cluster (the 800 servers
or so) all have hostnames ending in either domain1.com
<http://domain1.com> or domain2.com <http://domain2.com> (not the
actual domains). When a customer sends emails however, they use their
own domain (user.com <http://user.com>), so the only reference to the
server is in the email header, however SPF/DKIM etc are all based on
the customers domain (user.com <http://user.com>).
We noticed after many complaints that all emails being sent from
servers ending in domain2.com <http://domain2.com> are getting scored
by Outlook as SCL:9, regardless of email content, and has been for
over a week now. We believe it's the server hostname that is appearing
in the headers, as we migrated a customer's account (user.com
<http://user.com>) from a domain2.com <http://domain2.com> server to a
domain1.com <http://domain1.com> server and then sent the EXACT same
email and it gets a SCL:1 score - it's also worth noting that it used
the identical outgoing email MTA and the same sending IP from the mail
that was being scored SCL:9.
We have reproduced this many times across multiple examples and can
confirm that all domains and emails being sent from a domain2.com
<http://domain2.com> server are getting SCL:9, but the same email sent
from the same sender email address (but using filtering nodes that
have the domain1.com <http://domain1.com> domain) are not getting
flagged and getting scored SCL:1.
We are quite positive that these nodes are not sending spam, and have
done extensive investigations, SNDS is also showing no issues with our
IPs.
Further, since the MTA connecting to Outlook is the same for both
groups of servers, we are relatively sure that it is not based on
those IPs - but something to do with the server hostname itself.
We have tried repeatedly to get in contact with Microsoft, but they
come back with ..... less than useful responses. This has happened to
us in the past many years ago, and the only fix was for Microsoft to
remove the punishment on the domain that was there for some reason.
If anybody can assist that would be greatly appreciated.
Cheers,
Angelo Giuffrida
+61 421 221 585
Director, Nexigen Digital
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
