Microsoft IP addresses blacklisted

Hello

I use GoDaddy for my company hosting. Our Office 365 email gets sent out by a Azure cloud (ip addresses are registed in Austria). One set of servers starting with 40.*.*.* are fine and only have a few black listings

The other set of servers 52.101.132.* have a very high proportion of IP black listing.

e.g. 52.101.132.104, 27,78,76,68,13,18,76,42,75,29,33,10,23,30,62,20

This is not a complete list.

The result is that our emails randomly go to spam files - we have suffered late payment of invoices due to this.

I have checked our emails through mail-tester and they get 100% score when they go through the 40.*.*.* servers

I have used glock apps spam tester to identify these ip addresses

A sample report for spam is here 

https://shared-report.******.com/tests/*********/deliverabilty

The same email sent on the same day was also reported like this - not spam:

https://shared-report.******.com/tests/*******/deliverabilty

These are not my servers and the service at https://sender.office.com/ is hard to use for multiple IP addresses and the captur is horrendous

Please can you monitor your IP addresses and ask for the blacklisted ones to be delisted?

thanks

Dave

<--PII and links removed by moderator to protect your privacy-->

 

Question Info


Last updated December 3, 2019 Views 1,385 Applies to:

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Hello David,

Thanks for the detailed information of this issue you shared with us. From your description, I can know that your outbound emails sent from specific IPs are marked as spam and going to recipient spam folder. Please feel free to correct me if there’s any misunderstood.

By checking the information, I found that these IPs that being blacklisted are belong to Microsoft IP range, and from the testing tool results your shared, it seems that these IPs are added into a third party’s black list. I’m very sorry for the issue you are facing, to further checking it, if it be convenient, may I collect the original message headers of one of these messages that being marked as spam for checking? To protect your privacy, you may send it to me via private messages: https://answers.microsoft.com/en-us/privatemessage/inbox.

Best Regards,

Anna

-------------------------------------------------
If you feel a reply works for you, please kindly vote or mark it as it will be beneficial to other community members reading this thread.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Anna

Some points:

The emails are not sent from these specific IP addresses - the emails are routed through those IP addresses presumably by the exchange server.

Yes those IPs are added to multiple blacklists and when they are in more than 2 you start to get high spam scores, when the IP address is in 3 or more many mails get marked as spam.

The original message header in the mails that I sent is blank - I did not receive the emails. However, I have got one header from a customer account - I will send that to the link you gave.

Regards

Dave

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hello Dave,

 

After double-checking, I found the some points and according to these points I came up with my own thought, please feel free to correct me if anything incorrect:

 

1. Thanks for the spam test results you afore shared, we did find that these is the MS IPs that go into third-party blacklists, however, I think the root cause of you issue might be different.

 

2. In message headers you shared with us, it has 15 hops, so the mail flow seems a little complex. According to my understanding the flow of it should be:

 

The email was sent from sender (EOP outbound server) -> went to MailControl (seems like a third party service) ->went to IBM related service (since in message hops there mentioned IBM)->went back to MailControl-> delivered to recipient EOP-> redirected to recipient local host server or another party host their services-> went back to recipient EOP->finally delivered to recipient mailbox.

 

In hop 3 email was submitted to MailControl, the recipient environment (assuming the MailControl and IBM related services are deployed by recipient side). As far as I can find out, this email was not marked when going out of the sender side, so issue can be related with the recipient side.

 

3. This message was submitted multi times by different recipient servers during the flow, and there multi SPF checking occurred either (seems two times), both of them failed due to the sending IPs are not designated submit domain (sender domain). These IPs seems belong to recipient servers. DKIM also failed. I sent you one copy of this reply in private message so that you can check the IP and SPF check details. And I think it may be the root cause of this issue. And then the SCL value is set to 5.

 

4. Due to the complexity of mail flow on recipient side, to make it clear and better help you, if it be convenient, may I re-confirm with you what’s detailed mail flow on both sides (sender and recipient)? How they are deployed?

 

Best Regards,

Anna

-------------------------------------------------
If you feel a reply works for you, please kindly vote or mark it as it will be beneficial to other community members reading this thread.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hello Dave,

 

Haven't heard back from you, if you have any related information, welcome back to share with us.

Best Regards,

Anna

-------------------------------------------------
If you feel a reply works for you, please kindly vote or mark it as it will be beneficial to other community members reading this thread.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Anna

Thank you for your reply.

I do not think I can comment on how mail recipients are dealing with emails coming in.

Please be advised that what I sent you was from one customer who was willing to share this information. 

The problem exists at multiple clients - I cannot fix any (and certainly not all) of their email configurations. To be clear: your examination of multiple hops on the receiving side is unhelpful to me and asking any questions on this is irrelevant as I have no mechanism to answer.

I am looking for a solution that I can influence.

I write an email in outlook, I send it using office365 and the domain is hosted by GoDaddy. - i.e. my sending could not be more straight forward.

I note that you accept the finding of blacklisted MS Ip addresses - please could you advise what is being done to rectify this situation?

thanks

Dave

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Anna

As a further thought - the recipient who's header I sent to you varies in how they mark our mail (i.e. sometimes spam and sometimes ham) - I cannot see that they would change their internal process at random.

This leads me to further consider the findings of the Glock Apps test and the random selection of MS sending server farm.

Dave

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Anna

I have re-run the GLock apps test and the client email address.

The test sent all mails through the 40.107 MS servers

No spam

See report: https://shared-report.*****/tests/*****/deliverabilty

The mail was also received by the client in their inbox.

Regards

Dave

<*** Private Message is removed by Sylvie Liang MSFT for privacy ***> 

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hello Dave,

 

Thanks for your response. Due to this issue complexity, I further consult our senior tech support engineer. We totally understand your feelings for this issue and your concerns with these MS IPs being marked in third-party black list would affect your business.

 

After further consulting, my suggestions is that you may try to add the two IPs I mentioned in Private Message into your domain SPF records, like: v=spf1 ip4:192.168.0.1 ip4:192.168.0.2 include:spf.protection.outlook.com –all  here’s article for your reference: Form your SPF TXT record for Office 365. If you are not familiar with this operation, it is suggested contact your Office 365 Business admin to help you. You may test whether this way can relieve the issue in some degree.

 

As per MS IPs, we totally understand that it is what you mostly are concerning about. However, from the message headers we currently haven’t found any IP is in the range you provided, but it doesn’t mean that it won’t affect your other messages. In fact, there are many factors that have the potential to cause lots of messages being marked as spam from specific sender, and what you are concerning is one of that. Your sharing is helpful, to further check this issue, we will also take consideration to these IPs.

 

According to this situation, we need to collect further information about at least the mail flow on your side, since without knowing the mail flow, it is hard for us to look into the issue and find the root cause. Since your tenant is hosted on GoDaddy, it is a better idea to confirm the mail flow from GoDaddy firstly. And then we can further analyze it. In general for tenant hosted in Microsoft, emails will goes from EOP outbound server to recipient server, no other third-party server or service involved, but from the message header you provided, the mail flow may be more complicated.

 

Sorry again for the issue you encountered, I will spare no effort to help you on this.

 

Best Regards,

Anna

-------------------------------------------------
If you feel a reply works for you, please kindly vote or mark it as it will be beneficial to other community members reading this thread.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Anna

I checked with the client and the reason for the complicated flow is that emails are routed to the parent company first and then back to this subsidiary.

The GoDaddy flow is not the cause of this complication.

I have this value in my DNS Management sheet:

v=spf1 include:spf.protection.outlook.com -all and always have done

Regards

Dave

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Anna

Adding the IP addresses you suggest does not make sense - these belong to a specific client and their associated subsidiaries or third parties.

To be able to send email to another client I would then have to know and then add their relevant IP addresses - in the end I would have to add all email related IP addresses. With the possibility of British understatement - I am not entirely convinced this is how email is supposed to work!

Regards

Dave

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.