none
Hotmail Sender-ID and Dkim temperror

    Question

  • Dear Sir/Madam,

    I'm hoping you can help us with a hair-pulling situation.

    Whenever sending e-mail from our network to Hotmail, Outlook or Live addreses the message ends up in the spam folder of the receipient. We have try'd everything; redid SPF, redid DKIM, redid DNS, install new mailserver, swapped IP ranges and such. Nothing with any result.

    Hotmail is not consistent with the error's since i sent two messages about 5 seconds apart from each other:

    x-store-info:sbevkl2QZR7OXo7WID5ZcdV2tiiWGqTn+TqXcEmOv5rig0/A/8VNO+Qio85x1A3SxRa0Pmx4k027TQfgucQC8bDQ7KpZI+PfH8TtcoFj/NRCkwNWzoNGVM+5Gh02aGvRDN3q4tMLQIU=
    Authentication-Results: hotmail.com;  sender-id=pass  (sender IP is xx.xx.xx.3) header.from=xx@xx.nl;  dkim=temperror  header.d=xx.nl;  x-hmca=pass
    X-SID-PRA: xx@xx.nl
    X-SID-Result: Pass
    X-DKIM-Result: TempError
    X-AUTH-Result: PASS

    5 seconds later we get an error:

    x-store-info:sbevkl2QZR7OXo7WID5ZcdV2tiiWGqTn+TqXcEmOv5o+gqfvx9e7as+GQqcWHoNCV5omBgeO9w1GOa6grvwR/V+swWQKeqofMGScvtSwlOmuGQxst7lorrtdgA3KgkqCSZuWCdFTIOo=
    Authentication-Results: hotmail.com;  sender-id=temperror  (sender IP is xx.xx.xx.3) header.from=xx@xx.nl;  dkim=pass  header.d=xx.nl;  x-hmca=pass
    X-SID-PRA: xx@xx.nl
    X-DKIM-Result: Pass
    X-SID-Result: TempError
    X-AUTH-Result: PASS

    Can anybody help out? i did all the SPF checks and found nothing, also 'unlocktheinbox.com' and auth25 return pass on everything.

    Thursday, September 20, 2012 6:27 AM

All replies

  • Same problem with our mail serverr:

    x-store-info:4r51+eLowCe79NzwdU2kRyU+pBy2R9QCy8qHgmJLLDxrSyeieH0HodWrc9mthhf52KtDLa7m/6waBcN+xDig4UlNCEMH53LTEuI6k/HdMRGacT1IOZb7Kum2Ej8LDlAk3rRNNdqI+0Q=
    Authentication-Results: hotmail.com; sender-id=temperror (sender IP is 85.17.37.4) header.from=aitor.garcia@iddover.net; dkim=temperror header.d=iddover.net; x-hmca=none
    X-SID-PRA: aitor.garcia@iddover.net
    X-SID-Result: TempError
    X-DKIM-Result: TempError
    X-AUTH-Result: NONE
    X-Message-Status: n:n
    X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
    X-Message-Info: 7FmAUICozusKIYYG508tgGPXOBhapPBXOe1uYhRkdmDZKXN+s9f5+9SowaVzyndm8fTdmqtYapJqgEI9NFwtG9BEWS7MhxXQhkOu4lPQijDScKR4fVgtcACFFEws6164SuZ1CCCqNziWKp1e++awrQ==
    Received: from d1950te1.iddover.net ([85.17.37.4]) by COL0-MC4-F23.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
    	 Wed, 19 Sep 2012 23:30:35 -0700
    Received: from [172.16.1.215] (LM1.tempel.es [80.33.152.6])
    	(authenticated bits=0)
    	by d1950te1.iddover.net (8.13.8/8.13.8) with ESMTP id q8K6UKwq023688
    	for <a1t4r@hotmail.com>; Thu, 20 Sep 2012 08:30:32 +0200
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iddover.net; s=MX1;
    	t=1348122634; bh=fWKJ+eI/Lwx1Atk3iUKyeZR2ff6yEbnGyHfdMorW3/s=;
    	h=Date:From:To:Subject;
    	b=U4nZEYvfcUTJgGeXHa07peo50rMBfwbanU/ycJJ/9UZQAnnn2T2tvGOfBBtPjDr7s
    	 VWmqp8ShQHFb6YkwsGUUhCiCrlD36EgMPaoICTfglRZvnqjOHo+/nBZCp6OevdL+sN
    	 /k2qMvmj+58j+lhbT2RZoyUY5ghRdWGpz6Mqjd+A=
    Message-ID: <505AB800.4090002@iddover.net>
    Date: Thu, 20 Sep 2012 08:30:24 +0200
    From: Aitor Garcia <aitor.garcia@iddover.net>
    User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:15.0) Gecko/20120907 Thunderbird/15.0.1
    MIME-Version: 1.0
    To: a1t4r@hotmail.com
    Subject: test from aitor.garcia@iddover.net
    Content-Type: multipart/alternative;
     boundary="------------030304020306060909090908"
    Return-Path: aitor.garcia@iddover.net
    X-OriginalArrivalTime: 20 Sep 2012 06:30:36.0115 (UTC) FILETIME=[71A31A30:01CD96F9]

    Thursday, September 20, 2012 7:21 AM
  • So there is nobody here with a solition for this problem?

    Thursday, September 20, 2012 4:32 PM
  • On Thu, 20 Sep 2012 16:32:18 +0000, W. Bontekoe wrote:
     
    >So there is nobody here with a solition for this problem?
     
    This forum has nothing to do with hotmail.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Thursday, September 20, 2012 6:54 PM
  • On Thu, 20 Sep 2012 16:32:18 +0000, W. Bontekoe wrote:
    >So there is nobody here with a solition for this problem?
    This forum has nothing to do with hotmail.
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP

    --- Rich Matheisen MCSE+I, Exchange MVP

    Dear Rich,

    Since the e-mail is orginiated from Microsoft Exchange server i thought this forum would be the only correct one. Not just that; there is no other way to contact hotmail/live/microsoft about these situations.

    I would really like to find a solution.

    Friday, September 21, 2012 8:11 AM
  • On Thu, 20 Sep 2012 07:21:01 +0000, Aitor Garcia wrote:
     
    >
    >
    >Same problem with our mail serverr:
    >
    >x-store-info:4r51+eLowCe79NzwdU2kRyU+pBy2R9QCy8qHgmJLLDxrSyeieH0HodWrc9mthhf52KtDLa7m/6waBcN+xDig4UlNCEMH53LTEuI6k/HdMRGacT1IOZb7Kum2Ej8LDlAk3rRNNdqI+0Q=
    >Authentication-Results: hotmail.com; sender-id=temperror (sender IP is 85.17.37.4) header.from=aitor.garcia@iddover.net; dkim=temperror header.d=iddover.net; x-hmca=none
    >X-SID-PRA: aitor.garcia@iddover.net
    >X-SID-Result: TempError
    >X-DKIM-Result: TempError
     
    Well, your problem is just that -- your problem!
     
    Here's your SPF record:
    v=spf1 a mx ip4:85.17.37.5 ip4:85.17.37.5 ~all
     
    That e-mail came from IP address 85.17.37.4. Your domain's "A" record
    uses 85.17.37.5 and your MX uses 85.17.37.9.
     
    Your SPF lists two IP4 values, but they're both the same. Should one
    of them be 85.17.37.4?
     
    How is that a hotmail problem?
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Friday, September 21, 2012 1:10 PM
  • On Fri, 21 Sep 2012 08:11:15 +0000, W. Bontekoe wrote:
     
    >On Thu, 20 Sep 2012 16:32:18 +0000, W. Bontekoe wrote: >So there is nobody here with a solition for this problem? This forum has nothing to do with hotmail. --- Rich Matheisen MCSE+I, Exchange MVP
    >--- Rich Matheisen MCSE+I, Exchange MVP
    >
    >Dear Rich,
    >
    >Since the e-mail is orginiated from Microsoft Exchange server i thought this forum would be the only correct one. Not just that; there is no other way to contact hotmail/live/microsoft about these situations.
    >
    >I would really like to find a solution.
     
    You'll have to provide more details if you want any information.
     
    You disclose neither the IP address or any sender or message headers.
    The problem isn't APF, it's SenderID and without knowing anything more
    than what you've posted there's nothing more that can be said.
     
    Authentication-Results: hotmail.com; sender-id=temperror (sender IP
    is xx.xx.xx.3) header.from=xx@xx.nl; dkim=pass header.d=xx.nl;
    x-hmca=pass
    X-SID-PRA: xx@xx.nl
     
    Who is "xx.nl" and what's xx.xx.xx.3?
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Friday, September 21, 2012 1:14 PM
  • I understand. Here you go;

    My SMTP server: 5.10.192.3 (smtp1.wipabv.net)
    My address: xx@wipabv.nl

    My SPF record taken from mxtoolbox.com:
    http://www.mxtoolbox.com/SuperTool.aspx?action=spf%3awipabv.nl

    My SPF taken from Google DNS:

    > set type=SPF
    > wipabv.nl
    Server:         8.8.4.4
    Address:        8.8.4.4#53

    Non-authoritative answer:
    wipabv.nl       rdata_99 = "v=spf1 mx a ip4:171.25.179.0/24 a:smtp1.wipabv.net a:smtp2.wipabv.net include:_spf.moneybird.nl ~all"

    I've also done checks with the Microsoft SPF wizard as well as this one:
    http://www.kitterman.com/spf/validate.html

    All seem to be OK.

    Headers from an email sent this morning:

    Authentication-Results: hotmail.com; sender-id=temperror (sender IP is 5.10.192.3) header.from=xx@wipabv.nl; dkim=temperror header.d=wipabv.nl; x-hmca=none
    X-SID-PRA: xx@wipabv.nl
    X-SID-Result: TempError
    X-DKIM-Result: TempError
    X-AUTH-Result: NONE

    We have recently set up DKIM in order to work around the sender-id issue but with little or no luck. You can see in the header that it also does not accept the DKIM records on our DNS but there setup correctly;

    Results of a test with unlocktheinbox.com: 
    Signature Found: Yes
    Signature Verified: Passed
    DKIM Identifier Alignment: Strict


    • Edited by W. Bontekoe Saturday, September 22, 2012 6:49 AM
    Saturday, September 22, 2012 6:48 AM
  • As an addition;

    With both Unlocktheinbox.com and Auth25.com we have a PASS on SPF,Sender-ID,DKIM and DMARC results. Works perfect when sending e-mail to Gmail, Yahoo etc. Only hotmail seems to be a problem.

    Saturday, September 22, 2012 6:51 AM
  • On Sat, 22 Sep 2012 06:48:43 +0000, W. Bontekoe wrote:
     
    >I understand. Here you go;
    >
    >My SMTP server: 5.10.192.3 (smtp1.wipabv.net) My address: xx@wipabv.nl
    >My SPF record taken from mxtoolbox.com: http://www.mxtoolbox.com/SuperTool.aspx?action=spf%3awipabv.nl
    >
    >My SPF taken from Google DNS:
    >
    >> set type=SPF > wipabv.nl Server: 8.8.4.4 Address: 8.8.4.4#53
    >Non-authoritative answer: wipabv.nl rdata_99 = "v=spf1 mx a ip4:171.25.179.0/24 a:smtp1.wipabv.net a:smtp2.wipabv.net include:_spf.moneybird.nl ~all"
     
    That's not the TXT record I see:
     
    .. v=spf1 mx ptr mx:gw2.wipa.nl mx:mail.wipa.nl ip4:171.25.179.179
    -all
     
    Also, what you failed to state is that you also publish a SPF TXT
    record for the name of your server "smtp1.wipabv.net":
     
    .. v=spf1 -all
     
    If you put "smtp1.wipabv.net" into the form at
    http://www.kitterman.com/spf/validate.html as the "HELO/EHLO address"
    you get this result:
     
    .. Input accepted, querying now...
    ..
    ..
    .. Mail sent from this IP address: 5.10.192.3
    .. Mail from (Sender): xx@wipabv.net
    .. Mail checked using this SPF policy: v=spf1 mx ptr mx:gw2.wipa.nl .
    .. mx:mail.wipa.nl ip4:171.25.179.179 -all
    .. Results - PASS sender SPF authorized
    ..
    ..
    .. Mail sent from: 5.10.192.3
    .. Mail Server HELO/EHLO identity: smtp1.wipabv.net
    ..
    .. HELO/EHLO Results - FAIL Message may be rejected <=== NOTE THIS!
     
     
    >I've also done checks with the Microsoft SPF wizard as well as this one: http://www.kitterman.com/spf/validate.html
    >
    >All seem to be OK.
     
    Then you failed to provide all the necessary information about your
    published SPF TXT records (note that you have more than one).
     
    >Headers from an email sent this morning:
    >
    >Authentication-Results: hotmail.com; sender-id=temperror (sender IP is 5.10.192.3) header.from=xx@wipabv.nl; dkim=temperror header.d=wipabv.nl; x-hmca=none X-SID-PRA: xx@wipabv.nl X-SID-Result: TempError X-DKIM-Result: TempError X-AUTH-Result: NONE
    >
    >We have recently set up DKIM in order to work around the sender-id issue but with little or no luck. You can see in the header that it also does not accept the DKIM records on our DNS but there setup correctly;
    >
    >Results of a test with unlocktheinbox.com: Signature Found: Yes Signature Verified: Passed DKIM Identifier Alignment: Strict
     
    I guess it all depends on what you're testing (or not testing). ;-)
     
    So, it's still not an Exchange problem.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Saturday, September 22, 2012 4:20 PM
  • On Sat, 22 Sep 2012 06:51:42 +0000, W. Bontekoe wrote:
     
    >As an addition;
    >
    >With both Unlocktheinbox.com and Auth25.com we have a PASS on SPF,Sender-ID,DKIM and DMARC results. Works perfect when sending e-mail to Gmail, Yahoo etc. Only hotmail seems to be a problem.
     
    You mean "it only fails when the receiving domain pays attention to
    ALL of your domain's SPF TXT records", right? ;-)
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Saturday, September 22, 2012 4:21 PM
  • Dear Rich,

    I cannot reproduce the TXT record that you see here. Mine all state the exact same:

    The TXT records found for your domain are:
    v=spf1 mx a ip4:171.25.179.0/24 a:smtp1.wipabv.net a:smtp2.wipabv.net include:_spf.moneybird.nl ~all

    Type SPF records found for the domain are:
    v=spf1 mx a ip4:171.25.179.0/24 a:smtp1.wipabv.net a:smtp2.wipabv.net include:_spf.moneybird.nl ~all

    Tuesday, September 25, 2012 4:47 AM
  • On Tue, 25 Sep 2012 04:47:48 +0000, W. Bontekoe wrote:
     
    >I cannot reproduce the TXT record that you see here. Mine all state the exact same: The TXT records found for your domain are: v=spf1 mx a ip4:171.25.179.0/24 a:smtp1.wipabv.net a:smtp2.wipabv.net include:_spf.moneybird.nl ~all
    >
    >Type SPF records found for the domain are: v=spf1 mx a ip4:171.25.179.0/24 a:smtp1.wipabv.net a:smtp2.wipabv.net include:_spf.moneybird.nl ~all
     
    Is it possible that you changed the TXT record and the TTL hadn't yet
    expired? I'm seeing this TXT record for wipabv.nl now:
     
    "v=spf1 mx a ip4:171.25.179.0/24 a:smtp1.wipabv.net a:smtp2.wipabv.net
    include:_spf.moneybid.nl ~all"
     
    I no longer find a TXT record for "smtp1.wipabv.net", either.
     
    The SPF tests should no longer fail without that TXT record present --
    but take into account the TTL values when making changes in DNS. It's
    usually a good idea to shorten them to, say, five minutes, a couple of
    days before making other changes (assuming you don't have very long
    TTL values). I notice that your TXT records are set to just one minute
    now, but I think they were longer the last time I looked. :-)
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Tuesday, September 25, 2012 1:17 PM
  • Good to see that we have the same SPF results now, but hotmail still doesn't bother to accept our email:

    Authentication-Results: hotmail.com; sender-id=temperror (sender IP is 5.10.192.3) header.from=w.bontekoe@wipabv.nl; dkim=temperror header.d=wipabv.nl; x-hmca=none
    X-SID-PRA: w.bontekoe@wipabv.nl
    X-SID-Result: TempError
    X-DKIM-Result: TempError
    X-AUTH-Result: NONE

    I checked the TTL last time and set it to 600 in order to test, didn't have any effect so far.. it's been 2 days now that i wait (just to see if it was that).

    So, where can i get support from hotmail about this issue :-(

    Tuesday, September 25, 2012 2:35 PM
  • On Tue, 25 Sep 2012 14:35:32 +0000, W. Bontekoe wrote:
     
    >
    >
    >Good to see that we have the same SPF results now, but hotmail still doesn't bother to accept our email:
    >
    >Authentication-Results: hotmail.com; sender-id=temperror (sender IP is 5.10.192.3) header.from=w.bontekoe@wipabv.nl; dkim=temperror header.d=wipabv.nl; x-hmca=none X-SID-PRA: w.bontekoe@wipabv.nl X-SID-Result: TempError X-DKIM-Result: TempError X-AUTH-Result: NONE
    >
    >I checked the TTL last time and set it to 600 in order to test, didn't have any effect so far.. it's been 2 days now that i wait (just to see if it was that).
     
    If you still have the same problem (sometimes the mail is accepted and
    sometimes it's not) then the problem may be a DNS problem in hotmail.
    If you have the IP address of the servers that consistently *do*
    accept your mail you might try creating a send connector just for
    hotmail.com and use the IP addresses as smart hosts until things sort
    themselves out.
     
    >So, where can i get support from hotmail about this issue :-(
     
    For that I can't help you. Sorry. You can try this, though:
    https://support.msn.com/eform.aspx?productKey=edfsmsbl2&ct=eformts&scrx=1
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Tuesday, September 25, 2012 3:49 PM