😊 For Office365 issues, I will try to assist where I can, but must be … vague in some instances. For Hotmail issues, step #0 is always to fill out the form. Them’s the rules.
Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Open a HotMail Ticket<http://go.microsoft.com/fwlink/?LinkID=614866&clcid>? From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Stefano Bagnara Sent: Thursday, April 27, 2017 12:36 AM To: mailop <mailop@mailop.org> Subject: Re: [mailop] Microsoft spam folder issue (Forefront?) for a specific IP On 26 April 2017 at 22:43, John Stephenson <johnstephenso...@gmail.com<mailto:johnstephenso...@gmail.com>> wrote: I've only recieved templated, non-responsive responses from Microsoft's ticketing system over the past two months. Replying with additional detail and requesting escalation does not appear to be effective. Michael W. kindly helped me off-list, thanks! Turned out I was looking at "the last straw"/"the last drop" while the main "junk-classification" cause is not the IP but a domain shared between the 2 IPs. Stefano On Wed, Apr 26, 2017 at 12:27 PM, Stefano Bagnara <mai...@bago.org<mailto:mai...@bago.org>> wrote: Hi all, I have an issue with email *delivered* but to the *spam folder* to Microsoft (both Hotmail/Outlook.com and Office365/Exchange online platforms). I already used the form (Microsoft ticket is SRX1383552039ID) but I keep receiving human but "standard" responses asking me the SMTP error (even if I start telling them the email is delivered to their spam folder and I also attach full message headers) or telling me to use SNDS and JMRP (that I already use). I send the very same email from 2 completely different IPs, one IP deliver it correctly, the other, instead, ends up in the spam folder. Microsoft replied that the IP is not listed/blocked in any way from them but they didn't provide any hint why one IP is able to deliver it in inbox while the other is not able to do that (they both delivered to inbox in past). The IPs are transactional, have less than 500 messages per day (to microsoft) and are "Green" and with no complaint and no spam traps in the last 90 days in the SNDS report. SNDS in "IP Status" says "All of the specified IPs have normal status." I see the one delivered to inbox have the following headers added by microsoft: SpamDiagnosticOutput: 1:5 SpamDiagnosticMetadata: Default:2 X-Microsoft-Antispam-Mailbox-Delivery: abwl:0;wl:0;pcwl:0;kl:0;iwl:0;ijl:0;dwl:0;dkl:0;rwl:0;ex:0;auth:1;dest:I;WIMS-SenderIP:213.XXX.189.13;WIMS-SPF:app%2eredacted%2eit;WIMS-DKIM:gmail%2ecom;WIMS-822:redacted2%40gmail%2ecom;WIMS-PRA:sender%2bredacted2%2eredacted%2eit%40app%2eredacted%2eit;WIMS-AUTH:PASS;ENG:(5061607094)(102400140); While the one being classified as spam has this header: SpamDiagnosticOutput: 1:22 SpamDiagnosticMetadata: Default X-Microsoft-Antispam-Mailbox-Delivery: abwl:0;wl:0;pcwl:0;kl:0;iwl:0;ijl:0;dwl:0;dkl:0;rwl:0;ex:0;auth:1;dest:J;WIMS-SenderIP:188.XXX.188.64;WIMS-SPF:app%2eredacted%2eit;WIMS-DKIM:gmail%2ecom;WIMS-822:redacted2%40gmail%2ecom;WIMS-PRA:sender%2bredacted2%2eredacted%2eit%40app%2eredacted%2eit;WIMS-AUTH:PASS;ENG:(5061607094)(102400140)(102420017);RF:JunkEmail;OFR:SpamFilterAuthJ; On office365 I see X-Forefront-Antispam-Report: IP:213.XXX.189.13;IPV:NLI;CTRY:IT;EFV:NLI;SFV:NSPM;SFS:(8196002)(31580200002)(3000300001)(1060300004)(438002)(596005)(286005)(189002)(199003)(47976999)(4290100001)(54356999)(43066003)(7636002)(50986999)(2501003)(4001070100004)(356003)(110446001)(85226003)(146002)(19627405001)(966004)(19618635001)(106466001)(1096003)(7846003)(74482002)(84326002)(1250700005)(606005)(7906003)(53416004)(6486002)(118246002)(7596002)(6392003)(733005)(42882006)(6916009)(7066003)(6506006)(34003)(5640700003)(19810500001)(33646002)(9686003)(3450700001)(53346004)(1730700003)(25786009)(8676002)(6306002)(236005)(5000100001)(110136004)(6512007)(2351001)(54896002)(956001)(50919006);DIR:INB;SFP:;SCL:1;SRVR:DB6P193MB0232;H:ms13.redacted.it<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fms13.redacted.it&data=02%7C01%7Cmichael.wise%40microsoft.com%7C04d520c0dc5344ee311d08d48d41b58e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636288760735538336&sdata=AcWt8LMzLaIPpHCkxRxmOttDT%2Fu%2FSpIozPCfAzHKTnI%3D&reserved=0>;FPR:;SPF:Pass;MLV:nov;MX:1;A:1;PTR:ms13.redacted.it<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fms13.redacted.it&data=02%7C01%7Cmichael.wise%40microsoft.com%7C04d520c0dc5344ee311d08d48d41b58e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636288760735538336&sdata=AcWt8LMzLaIPpHCkxRxmOttDT%2Fu%2FSpIozPCfAzHKTnI%3D&reserved=0>;LANG:it; vs X-Forefront-Antispam-Report: CIP:188.XXX.188.64;IPV:NLI;CTRY:IT;EFV:NLI;SFV:SPM;SFS:(8046002)(31580200002)(1060300004)(3000300001)(438002)(286005)(596005)(189002)(199003)(1250700005)(4290100001)(7066003)(43066003)(53346004)(606005)(42882006)(19810500001)(6916009)(956001)(5000100001)(110136004)(6506006)(236005)(6306002)(146002)(733005)(5640700003)(6512007)(54896002)(9686003)(356003)(966004)(8676002)(7596002)(32003)(7906003)(1096003)(1730700003)(6392003)(50986999)(7846003)(54356999)(4001070100004)(7636002)(6486002)(110446001)(74482002)(2501003)(3450700001)(25786009)(84326002)(33646002)(47976999)(53416004)(85226003)(2351001)(106466001)(19627405001)(118246002)(50919006)(69026009);DIR:INB;SFP:;SCL:5;SRVR:AM5P193MB0225;H:mx64.redacted.it;FPR:;SPF:Pass;MLV:nov;MX:1;A:1;PTR:mx64.redacted.it<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmx64.redacted.it&data=02%7C01%7Cmichael.wise%40microsoft.com%7C04d520c0dc5344ee311d08d48d41b58e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636288760735538336&sdata=joPJoXFb5FppdYhVZBI5qhFc83c%2F21nlmD5HLdTIJ4M%3D&reserved=0>;CAT:SPM;LANG:it; Both IP are used since more than an year, with almost constant volume and the first IP was working "fine" until a couple of days ago. From the 2 couple of headers I guess the problem is the IP itself but Microsoft support simply told me something like they "don't see anything 'offhand' that would prefent email from my IP from reaching their customers" or "per their research, my IP is currently not under any active block lists from their end". Both IP are listed in RFC-Clueless because the reverse domain has its own email hosted on GSuite and RFC clueless list all of them (but they are both listed). The only public blocklist where the first IP is listed while the second is not listed is webiron and specifically their CABL list: AFAICT they are currently listing the whole OVH network and my IP is from OVH (even if it is an Assigned PA). I'd appreciate any on-list or off-list contact by Microsoft or simply a feedback/suggestions from other users that already saw something similar. Stefano _______________________________________________ mailop mailing list mailop@mailop.org<mailto:mailop@mailop.org> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop&data=02%7C01%7Cmichael.wise%40microsoft.com%7C04d520c0dc5344ee311d08d48d41b58e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636288760735548348&sdata=%2B%2F2D9qxcRpywzBjRwLdK8x9zTHz7dv4PFP1RZJP9lhw%3D&reserved=0>
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
