This has plagued us for years. We send quite a lot of transactional email (about 150k emails per day), and there have been several times where Microsoft blocked our server. Usually it is because Microsoft has banned an entire netblock, that our server just happens to be sitting in. I have seen them do this to IPs fro Hetzner, Linode, Amazon AWS (SES), etc. And yeah we've signed up for their junk mail reporting service, and we have all our DNS records dialed in perfectly.
I even went as far as signing up for Azure, in the hopes that if I sent from a Microsoft IP it might not get blocked. But I didn't make it very far, every step of the way was like watching paint dry while the interface loaded or did something. Once I finally got the thing set up in order to send mail, the API was so molasses slow that it couldn't handle our mail throughput. Meaning it would take about 30 seconds to send each transactional email because of how slow their API is. Well that's only 2880 emails per day, that is not a reasonable send rate at all.
I have even lost customers over this mess, it's really hard to explain to them that they can't receive our email because of their provider and not us. Especially when Microsoft has the audacity to return: 250 OK Email Queued (but then not deliver it anyway!)
If anyone has any solutions to this mess I am all ears!
There's like a middle scale where you're not big enough that Microsoft will go out of their way to whitelist you, but you're big enough that your "send to junk" rate is just high in terms of absolute numbers.
It's certainly not a ratio, it must be based on absolute numbers because I've seen it too many times across too many companies, and the only ones that get away with it are extremely low volume.
Once you have 1,000,000 mails, even a 0.1% mark as spam rate is 1,000 emails. - and some people treat mark as spam as their delete button, certainly more than 0.1% of people. Don't ask me why.
EDIT: on inspection; it's worth noting the mechanism is even more insidious than "people mark you as spam". Microsoft also weighs delete-without-opening as a negative signal. So if you're sending transactional mail (receipts, shipping notifications, invoices) and your users get exactly what they wanted, feel satisfied, and bin it without opening. You've just taken a reputation hit for doing your job correctly. The senders most at risk aren't the ones sending rubbish.
EDIT2; theres a reply to me that I can’t reply to because its [dead]; though the point is valid so I vouched. To them I say: I agree. But you probably want your receipt, and thats the example I gave (for a reason).
Once when this happened to me a couple of years ago, it was the opposite.
My e-mails were put by default by Microsoft as spam into the junk folder, without the customer knowing anything about this.
After I succeeded to notify him about this, he searched there the e-mails and marked them as "not spam", and then he received my following e-mails.
So initially the customer did nothing and was not aware that some of the e-mails sent to him are classified as spam, and he had to do active efforts to override this default action by Microsoft.
There was absolutely nothing suspicious about the e-mail messages classified as spam in their content, their only fault was not coming from one of the few major e-mail providers.
It is my experience, that Outlook is not a reliable e-mail service. Sometimes e-mails are not delivered, or only delivered hours later. When they are delivered, even as a paying customer, they are downloaded so slowly, that I had to wait 10 minutes to get all my e-mails, while my 1 EUR per month Posteo provider delivers in seconds.
My impression is, that the only reason one would want to have MS as a mail provider is, that they are entrenched in the e-mail provider reputation and delivery game. Other than that, it seems to be an all around bad service. Not even talking about the mail client itself.
The big reason is enterprises buy into O365 and running their email through Outlook instead of on-prem or at another provider is part of that. For the same reason they use Teams over Zoom or Slack or other alternatives.
My clients have been experiencing this forever; the logs SAY "temporarily rate limited due to IP reputation." but really the emails are never going to get delivered. I have to get MailChimp or Mailgun to rotate the IPs.
It looks like all it takes is one person to mark your email as spam, even by accident. Note that these are mailing lists which they signed up for in MailChimp case OR transactional emails in the Mailgun case.
It's only hotmail/outlook that we constantly have this issue with, Google etc. are all fine.
Agreed. I was an early outlook.com user (was working at MS when it launched, I think internal users got slightly early access allowing me to claim a nicer name than my Gmail) but despite having well over a decade of accounts tied to it got so angry at certain messages never appearing that a couple of years ago I reversed the flow of forwarding and swapped to another account as my primary.
I always thought of outlook.com as a rebranding of Hotmail (which itself had been continually evolving, was probably actually “Live” at that point), I would expect it is the same (ever evolving) infrastructure.
In which case, people like me with an @hotmail.com address from the 90’s were much earlier users of the outlook.com email boxes than when the domain was “launched” by Microsoft.
Often these "spam" reports by end users are just accidental clicks as well. Many of the abuse reports we get are like an email from someone's Mum and visibly legitimate. At other times there are users who use the Report Spam function as a kind of inbox management tool - a way of moving mail away so they don't have to see it because Trash or Delete or whatever is just further away from their pointer.
I tell my friends and family to never click unsubscribe links, unless they had proactively subscribed. Buying something from a company that requires an email does not count. unsolicited marketing emails are spam and should be treated as such. Double so if that company sends marketing emails disguised behind support@company.com.
No, sending marketing from support emails is almost certainly trying to game spam filters. Marketing@company.com would work for the allow replies purpose.
"Report spam" is quicker and easier than "unsubscribe".
Gmail added a popup asking the user if they want to unsubscribe when flagging a newsletter with the appropriate unsubscribe headers, so it must be common enough to warrant Gmail developer attention.
Yes, at least in the US, being a litigious freak gets results.
Weird trick to get unblocked: follow the standard three-email procedure to sender support, then send a fourth email ccing buscond@microsoft.com telling them to unblock or next step is attorney general.
The thing about a lot of attorney generals is they LOVE to smack down a big corporation like Microsoft for the little guy.
We experienced this exact error this week. Only affected outlook.com users, and not 365 users. Had to supply MS support with proof of ownership of the IP. The whole process took about a week to resolve.
It feels like there's quite a lot of spin on this. There's no hint as to how many users were actually affected. It only really seems to mention Estonia, and probably only a region of it.
The ISP there claims they haven't received any reports of SPAM. But that sounds wrong. No reports probably means your reporting system is broken.
So putting that together, it seems like a small ISP screwed up and let spammers go wild, and Outlook blocked them for it. I can't really fault Outlook for that.
One IP address (exclusively ours) among our email IPs at my place of employment was affected. We have used that IP for nine years. Emails are strictly transactional (receipts, password resets, et cetera).
The "rate limiting" started two weeks ago, giving us a code that Microsoft's documentation doesn't even list. It remains unresolved. Never had critical issues like this on our transactional IPs prior to this, and this particular IP address is still delivering just fine to other consumer and corporate email systems.
My org (USA) was affected. I wasn't the primary person dealing with it, but from what I gather one user marked one of our emails as junk, and then suddenly all of our emails to Outlook users started getting blocked.
Your intuition is way off, like dangerously off. But your comment is a great example to show a smug lawyer at Microsoft when they try to say there is no basis for the claim that these blocks against legitimate senders are defamatory.
This has been affecting reputable senders who take spam reporting seriously, including MXRoute and Discourse.
> No reports probably means your reporting system is broken.
"No reports" can mean a lot of things. There is no "probably".
The "you" in "your" is Microsoft because under a certain volume of email, they don't even send reports. I regularly test the abuse contact address for my server because of this exact unfair assumption - that it must be my fault. I have never once gotten an abuse report notification from Microsoft, but I have gotten a bounce message saying that I'm blocked because I apparently send spam! Btw, this was in reply to an email from a Microsoft user.
Worse, I figured I'd just disallow any email from a Microsoft property - if an outlook (or hotmail or live or anyone else) sends an email, I can just bounce it and tell them to use a different service to reach me since I can't reply. Nope! Microsoft won't surface the bounce message to the user.
So, I am barred from replying to Microsoft emails. I am also barred from informing the sender that their email won't reach me.
It's defamation - the sender is always going to assume that it is my fault if I didn't reply even if the reason I "didn't reply" is outside of my control.
> So putting that together, it seems like a small ISP screwed up and let spammers go wild, and Outlook blocked them for it. I can't really fault Outlook for that.
Yes, in your imagined scenario, you can't really fault outlook. In the real world, however, outlook is very much to blame.
Someone recently leveraged some kind of automated spam attack against my domain using Zendesk's email servers. For some reason, Zendesk doesn't enforce SPF and DKIM checks when opening new tickets, so I got flooded with "your new account has been registered" and "thank you for filing a ticket" emails.
I blocked off Zendesk entirely because they didn't fix their shitty email system. The other newsletter mail services (mailgun/sendgrid/etc.) are just as bad for this.
There are plenty of reasons why large email senders could (and should) be on reputation blacklists. None of these email delivery companies seem to care very much about the spam they send until shit hits the fan, and now that it did it seems everyone blames the people maintaining the blacklists.
This was widespread, I was also affected. I think you can create spoof tickets / accounts over Https with no verification and zendesk don't want to do anything which adds friction.
This is an extremely widespread issue. I send close to a million emails per month across dozens of different providers (all newsletters.) These are all from high reputation domains and email accounts. We are completely unable to make anything happen with Microslop. It is infuriating.
Having to explain to customers that they didn't receive an email because Outlook has a multi-stage set of email servers and the inside ones reject due to the edge (antispam) servers is always interesting.
I was using outlook for communicating with businesses as it is often what they use. Some of them just could not send a response back to me, so I am not using outlook anymore.
Just normal Microslop stuff
Keep a few throwaway Hotmail/Outlook addresses in your password manager, in case you need to use a Windows PC that demands a Microslop account. That's about the end of their usefulness.
Just like Internet Explorer used to be the program you used once -- and only once -- to download a proper browser.
Just had a friend reach out yesterday about this issue. His outlook account for 10+ years started having issues receiving emails from his dad and a company he works with.
All I could find was that his dad’s email was missing SPF/DMARC but the other email address that was having problems looked like it was configured correctly.
I only was able to get a screenshot of the email voice his dad received and it mentioned being on a block list (like in the article).
A question related to the outlook.com false spam mail problem... Why are incoming emails to outlook.com so large? 15KB minimum for a text email with just a title. Equivalent Gmail to/from Apple Mail is just a couple of KB.
I wonder if Microsoft actually likes running their free email service still. They wiped a ton of old Hotmail and Live.com emails some years ago (and then allowed new people to register those deleted names). I imagine they don't get much out of it anymore.
"Summary of changes to the Microsoft Services Agreement – June 15, 2021 [...] In the Outlook and Office Services sections, we’ve removed the Outlook.com section to clarify that an email address or username is not recycled into our system or assigned to another user."
It's wild to me they ever started doing this in the first place. And in 2013 no less, it isn't like the hijacking risk was some far off concept at that point.
It's certainly not free to run and maybe it doesn't really make sense for Microsoft to run Outlook.com anymore, except that it's an easy way to motivate people to having a Microsoft account.
Outlook.com certainly has to show up as an expense, one that Microsoft would like to reduce. When you look at what other providers charge for a single email account, it's hard to see Microsoft making money of Outlook.com. There's obviously something to be said for scale, but still, it must cost them something.
>It's certainly not free to run and maybe it doesn't really make sense for Microsoft to run Outlook.com anymore, except that it's an easy way to motivate people to having a Microsoft account.
it also funnels people into using exchange for work. more like a "marketing expense".
They wiped all the emails from my 25 year old Hotmail account. Pretty weak. I refuse to use Microsoft products except if forced, and do my best to evangelize this position.
I created my first Outlook account when I was young. Now, 30 years later and its still my primary account. I can't imagine how I would migrate to another email address if Microslop would begin ruining Outlook by forced subscription or something. My digital life is in M$ hands at the moment.
Yep this. I migrated from Gmail to my own domain years ago. It was painful. Weirdly enough, I think the longest holdouts were my parents, who were still sending email to my Gmail account a decade after I stopped using the address.
I moved my email to Fastmail, and I’ve been very happy ever since. But now that I own the domain, moving to a different provider - if I ever need to - would be trivial.
I moved to Fastmail, set it up with Gmail so I received forwarded emails. Years later there’s still a long tail of senders using my Gmail, but I get the emails forwarded, and only actually log in to Gmail every six months or so.
Now I only use Windows for legacy software that my customers force on me.
Fedora has not just been liberating, but jaw dropping. I actually felt offended that I had wasted so much time on debian-family/ubuntu/mint and windows.
The concept, way back when, was great. I tried to use it, by a previous name, for replicating / distributing data backups and it always worked great... for a few days, maybe weeks. And then something unrecoverable went wrong, and I had to re-set it up essentially from scratch and it worked great... for a few days, maybe weeks. And then something unrecoverable went wrong.
In the intervening 15+ years, OneDrive has never made my experience of computing better. It has only ever nagged, slowed, and failed. And that was before Microslop went down the x% AI coding path.
I personally like when you open any office doc, do nothing to it before closing and you get the scary warning asking if you want to save your document (to onedrive) implying all is lost if you select no. I am sure millions of tech unsavvy people have been conned into sending their data to Bill Gates.
A few years ago, in my university we have a big problem at the beginning of the semester to contact ~10K students, in particular when they register to our Moodle platform and the server sends them a message.
Gmail was usually ok.
Yahoo had some max messages per day.
But Hotmail/Live/Outlook/whatever just made the messages disappear, no spam folder, no bounce, just disappear. We had some success telling the students to send us a message from their Hotmail/Live/Outlook/whatever address half an hour before registration. This adds our address to some special secret list for that account, and our later messages (usually) reach them. (It may fail. It may fail. IWOMM. YMMV.)
outlook.com and Office 365 are very different beasts. with the latter problems are more often something (mis)configured by the customer/administrator of the 365 account rather than microsoft themselves, and there are steps the customer can take to work around the issue. With outlook.com there is nothing the recipient can do.
Very happy I decided to ditch outlook (and did it) this year after 10+ years. Every other year some part of the system would break, deliverability, authentication or 2FA. More ads, less value.
Eh. Another product driven into ground by Microslop
I've had this exact problem for years. My IP addresses have been used for 15+ years for sending e-mail, they are spam-free, but Microsoft keeps blocking them. Every two months or so I have to ask them to unblock the IP again, then I can send mails to Outlook again, until they just random decide to block me again. It's an absolute clown show.
This is the price every small sender pays. The unblock request process is essentially designed to make you give up or move to a large ESP. There's no appeals process, no SLA, no acknowledgment that your reputation data might just be wrong. You're at the mercy of a system that treats false positives as acceptable damage.
As long term Outlook.com user all I can say it's their service is extremely unreliable, my emails are either not delivered at all or end up in junk mail, some emails I don't receive at all or my partners are rate limited sometimes receiving their emails with hours long delays.
I assume also their junk filters block some emails and there is no way to avoid it, you repeatedly add senders to safe senders list, even to safe subscriptions and their email still end up marked as junk even after years long communication from same addresses.
As backup when something important I write email to recipient from gmail whether they received my email from outlook only to find out my email was never received.
This is one of those articles that demonstrates why email should be distributed. Letting Google and Microsoft run email for the planet is just asking for problems. There are some technical demands to running email services, but they are still in reach of the technically inclined individual or organization. If for no other reason, it would help keep the big mail service providers honest.
I've stopped diagnosing outlook/hotmail/live delivery issues about 12 years go, they simply do not give a single fuck about their customers. It used to be different, about 18 years ago orso, they had ways to contact them and resolve such issue.
To be fair, Outlook.com has always been a bit shitty, if you're trying to deliver email to them. Last time it was reasonably good the service was still called Hotmail.
The problem is that we've allowed email to be centralized around a few massive providers, who do not care about customer service. If you're large enough, you probably have a contact at Microsoft for Outlook. Everyone else has to yell into the void and sometimes that works.
> If you're large enough, you probably have a contact at Microsoft for Outlook.
For certain very large values of "large". I work for a company which has several thousand Office365 accounts with MS, many of which are the expensive one. It's nigh impossible to get support from them, you're always supposed to go through some partner, who has no idea what they're talking about. And when you do get someone through MS, it's actually still some kind of useless 3rd party who'll ask you to turn your VM off and on again when you complain that it won't turn off (this is actually a true story we had happen on azure).
In the end, after about an hour on the phone, the dude gave up and called for help higher up. It took something like a week to have a freaking VM unstuck and destroyed on Azure.
Contrast this with AWS, where we were spending much less at the time, only had the basic free support, and I was with someone on the phone in under five minutes who helped us have our direct connect issue solved in 15 minutes.