locked
mail.protection.outlook.com is blocking many emails RRS feed

  • Question

  • Hello Microsoft Community,

    I'm developing an app that requires users to validate their email address in order to create an account. Unfortunately, a large portion of emails sent to accounts using Office 365 never reaches the intended recipient. I see that the emails are screened by some sort of "email protection" as my logs indicate that the messages are received by mail.protection.outlook.com (I'm using Mailgun). I can see that the messages are accepted and delivered, but I am certain that roughly half of the recipients never receive the email. Something else I have observed is that it seems if a second email is sent to them then it goes through.

    I read that I can use the "delist" tool in order to remove my email address from a spam blacklist (https://sender.office.com) but upon submitting my

    address and IP address to the form provided, I never receive the email that the tool tells me is coming, so that's been a dead-end for me.

    Any help would really be appreciated!

    Saturday, September 21, 2019 3:41 AM

Answers

  • Hi MiniatureBeast,

    Are you sending those emails authenticated (with proper credentials and using using port 587) or non-authenticated (using port 25 with SMTP relay or anything)? Have you checked users' Junk Folders? Also having the details of message trace logs for one of those blocked/non-received emails would be really useful in this case.

    However, you can try adding the sender address to the allow lists in the spam policies in EAC. You can also add the IP address (that you're sending from) to your SPF record in your domain registrar's DNS settings as follows:

    v=spf1 ip4:<Static IP Address> include:spf.protection.outlook.com ~all

    Regards,
    Burak V.

    • Marked as answer by MiniatureBeast Saturday, September 21, 2019 2:11 PM
    Saturday, September 21, 2019 8:08 AM
  • Our customers are colleges (and so the emails are going out to students for the most part), so I imagine I would have to speak to each institution's respective IT department to have our address put on a safe list.

    and looking at your code above, a couple of suggestions:

    Make the FROM and RETURN-PATH (Envelope sender match.

    Ensure your sending domain has a valid SPF record and use DKIM if you can (And setup a DMARC record.

    If you arent using a static business IP, you are going to have a real tough time getting these through Office 365 - even if the customer whitelists the sending domain.

    • Marked as answer by MiniatureBeast Saturday, September 21, 2019 2:11 PM
    Saturday, September 21, 2019 1:31 PM

All replies

  • Hi MiniatureBeast,

    Are you sending those emails authenticated (with proper credentials and using using port 587) or non-authenticated (using port 25 with SMTP relay or anything)? Have you checked users' Junk Folders? Also having the details of message trace logs for one of those blocked/non-received emails would be really useful in this case.

    However, you can try adding the sender address to the allow lists in the spam policies in EAC. You can also add the IP address (that you're sending from) to your SPF record in your domain registrar's DNS settings as follows:

    v=spf1 ip4:<Static IP Address> include:spf.protection.outlook.com ~all

    Regards,
    Burak V.

    • Marked as answer by MiniatureBeast Saturday, September 21, 2019 2:11 PM
    Saturday, September 21, 2019 8:08 AM
  • Hello Microsoft Community,

    I'm developing an app that requires users to validate their email address in order to create an account. Unfortunately, a large portion of emails sent to accounts using Office 365 never reaches the intended recipient. I see that the emails are screened by some sort of "email protection" as my logs indicate that the messages are received by mail.protection.outlook.com (I'm using Mailgun). I can see that the messages are accepted and delivered, but I am certain that roughly half of the recipients never receive the email. Something else I have observed is that it seems if a second email is sent to them then it goes through.

    I read that I can use the "delist" tool in order to remove my email address from a spam blacklist (https://sender.office.com) but upon submitting my

    address and IP address to the form provided, I never receive the email that the tool tells me is coming, so that's been a dead-end for me.

    Any help would really be appreciated!

    If you were on a blocklist, the messages would probably not be delivered at all.

    I suspect there is something spammy about the way you are sending these or the content. Are the recipients customers? Employees? The easiest thing may to have them simply add your sending address to their client safe sender list

    • Marked as answer by MiniatureBeast Saturday, September 21, 2019 2:10 PM
    • Unmarked as answer by MiniatureBeast Saturday, September 21, 2019 2:10 PM
    Saturday, September 21, 2019 12:38 PM
  • Hi Burak,

    Thanks for the speedy reply. 

    Are you sending those emails authenticated (with proper credentials and using using port 587) or non-authenticated (using port 25 with SMTP relay or anything)?

    I believe I am sending them "authenticated." I'm using Mailgun and I had to input a bunch of DNS records that it gave me, I'm not using SMTP to my knowledge.

    Have you checked users' Junk Folders?

    Unfortunately yes, we've checked that and the messages don't even appear there.

    Also having the details of message trace logs for one of those blocked/non-received emails would be really useful in this case.

    Sure thing, so each delivery has a json log. Here is a one of them, they all pretty much look exactly like this, both the ones that delivered and the ones that did not...

    {
    	"tags": [],
    	"timestamp": 1569026089.004964,
    	"storage": {
    		"url": "https://sw.api.mailgun.net/v3/domains/mailgun.[REDACTED].com/messages/[REDACTED]==",
    		"key": "[REDACTED]=="
    	},
    	"log-level": "info",
    	"id": "a6lQmgalRxSxIDAHJveOtQ",
    	"campaigns": [],
    	"user-variables": {},
    	"flags": {
    		"is-routed": false,
    		"is-authenticated": true,
    		"is-system-test": false,
    		"is-test-mode": false
    	},
    	"recipient-domain": "[REDACTED].edu",
    	"envelope": {
    		"transport": "smtp",
    		"sender": "postmaster@mailgun.[REDACTED].com",
    		"sending-ip": "[REDACTED]",
    		"targets": "[REDACTED]@[REDACTED].edu"
    	},
    	"message": {
    		"headers": {
    			"to": "[REDACTED]@[REDACTED].edu",
    			"message-id": "20190921003443.1.F20387C553DD066B@mailgun.[REDACTED].com",
    			"from": "[REDACTED] <do_not_reply@[REDACTED].com>",
    			"subject": "Welcome to [REDACTED]!"
    		},
    		"attachments": [],
    		"size": 1181
    	},
    	"recipient": "[REDACTED]@[REDACTED].edu",
    	"event": "delivered",
    	"delivery-status": {
    		"tls": true,
    		"mx-host": "[REDACTED]-edu.mail.protection.outlook.com",
    		"attempt-no": 1,
    		"description": "",
    		"session-seconds": 3.5747690200805664,
    		"utf8": true,
    		"code": 250,
    		"message": "OK",
    		"certificate-verified": true
    	}
    }

    However, you can try adding the sender address to the allow lists in the spam policies in EAC.

    Is that something the administrator of the entity that I'm sending emails to would have to do? What is EAC?

    You can also add the IP address (that you're sending from) to your SPF record in your domain registrar's DNS settings as follows

    Thanks I'll try this. Only problem is I don't have a static IP, mailgun can change them on the fly unless I upgrade my account, maybe that's part of the problem.


    Saturday, September 21, 2019 1:17 PM
  • Our customers are colleges (and so the emails are going out to students for the most part), so I imagine I would have to speak to each institution's respective IT department to have our address put on a safe list.
    • Edited by MiniatureBeast Saturday, September 21, 2019 1:19 PM clarification
    Saturday, September 21, 2019 1:19 PM
  • Our customers are colleges (and so the emails are going out to students for the most part), so I imagine I would have to speak to each institution's respective IT department to have our address put on a safe list.

    and looking at your code above, a couple of suggestions:

    Make the FROM and RETURN-PATH (Envelope sender match.

    Ensure your sending domain has a valid SPF record and use DKIM if you can (And setup a DMARC record.

    If you arent using a static business IP, you are going to have a real tough time getting these through Office 365 - even if the customer whitelists the sending domain.

    • Marked as answer by MiniatureBeast Saturday, September 21, 2019 2:11 PM
    Saturday, September 21, 2019 1:31 PM
  • >  If you aren't using a static business IP, you are going to have a real tough time getting these through Office 365 - even if the customer whitelists the sending domain.

    Do you think if I got a static business IP, that alone would help me emails deliver more consistently or will I still likely need to contact the institutions IT Departments to get on a safe list.

    Saturday, September 21, 2019 2:16 PM
  • >  If you aren't using a static business IP, you are going to have a real tough time getting these through Office 365 - even if the customer whitelists the sending domain.

    Do you think if I got a static business IP, that alone would help me emails deliver more consistently or will I still likely need to contact the institutions IT Departments to get on a safe list.

    It would help, yes. And remember, recipients can always mark your email as not-junk if it makes it to their junk mail folder or quarantine. So you wouldnt need to contact the recipient org directly yourself.
    Saturday, September 21, 2019 2:56 PM
  • Hi,

    Thanks for all your sharing:)

    People who might have a similar question would be able to benefit from this thread.

    Regards,

    Aidan Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, September 23, 2019 3:23 AM