Microsoft actively blocking DO IP range

Posted March 27, 2018 6.3k views

Mail sent from my droplet is being returned when the recipient is MSN, Outlook or Hotmail

Mail.log excerpt;

Mar 25 19:40:58 box postfix/qmgr[4566]: 4AFDA2036C: from=clubmanager@————, size=1477, nrcpt=1 (queue active)
Mar 25 19:40:58 box postfix/submission/smtpd[28496]: disconnect from localhost[]
Mar 25 19:40:58 box postfix/smtp[28928]: 4AFDA2036C: to=<—————>,[]:25, delay=0.67, delays=0.09/0/0.43/0.14, dsn=5.7.1, status=bounced (host[] said: 550 5.7.1 Unfortunately, messages from [] weren’t sent. Please contact your Internet service provider since part of their network is on our block list (AS3140). You can also refer your provider to [] (in reply to MAIL FROM command))
Mar 25 19:40:58 box postfix/smtp[28928]: 4AFDA2036C: lost connection with[] while sending RCPT TO
Mar 25 19:40:58 box postfix/bounce[28974]: 4AFDA2036C: sender non-delivery notification: F003928C01
Mar 25 19:40:58 box postfix/qmgr[4566]: 4AFDA2036C: removed

(I redacted the source domain and destination email ———-)

I have contacted DO support and they just say maintaining reputation is hard for them and to try changing regions or using a third party to relay email.

Anyone have practical experience of this issue and how to get around it.

I have a bunch of users that are seriously unhappy at the moment!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
4 answers

Do you use SPF/DMARC/DKIM? And why don’t you use a service like Sendgrid if deliverability is important?

  • Yes, SPF and DKIM records are set.

    I would not say deliver-ability is especially important - this is just a mail server for a small voluntary organisation that deals with members of the public. They are all distributed users. I’m running mail-in-a-box so that they can use webmail.

    Many of their enquiries are from outlook and hotmail users.

    I do use postmark for transactional emails, but this is just general run of the mill email.

Something else I have found with Microsoft is they also look to see if the PTR Records are present for the server. I have run into the issue with most cloud providers including Azure and AWS.

Here is another discussion that touches on this topic…

As DO mentioned, try an external service, you can use Mailgun for it, it works nicely

As far as I know, Mailgun is of no use for general mail services, eg sending SMTP from a mail server (including attachments) - its just for transactional email?