Really love the modern support experience of no-response, trial-and-error, until suddenly, if you're lucky, the void on other end magically solves the problem. Confidence-inspiring stuff
It occurs to me that I make fun of sovereign citizen types, but in tech we have our own set of rituals for getting large organizations to do what we want. While those people are still boneheads, maybe I should be more empathetic about their motivations and why they think that this time it might work.
I run a small transactional email provider (https://mailpace.com), our IPs are very rarely added to blocklists- but we are very strict on what we allow through our service, and surprisingly we’ve had no long term delivery issues with any of the big providers.
So thanks to the federated/decentralized design of email, is totally possible to be part of the network without any special privileges.
We are sending millions of emails every day though, which is quite different to sending a couple hundred personal emails a week. If you’re running this on a cloud host, expect to be blocked by default. However if you can find a small vps provider you’ll have better luck on sending yourself.
Right. When I changed my vps to another hoster, I totally forgot how much trouble it was to get a good reputation in the beginning.
But it was really not that much work again. Just unfortunate, because one big Mail provider just discarded instead of rejecting my mails. After this was settled, everything works quite nice again. Important to me is keeping spf, dkim, dmarc and now also mts up to date. See mail-checker.com e.g.
I still wonder though, why some big mail providers do not do dkim/dmarc? I happen to realize this when I started to fight spam and gave incoming mails without dkim/dmarc a high spam score.
We host in a datacenter and sending from their IPv4 or our own /24 IPv4 block has no issue. We also have the volume to keep things going as well to build up the reputation.
(Unrelated to the OP - but I've been so frustrated by this for so long that it's worth the [flagged])
A product like this is exactly what I've been looking for with pretty great pricing.
The one thing that this (and most providers) are missing is making email easy to test. I'm about to launch a product where email is critical, and there's no way to send an example email (with a non-test email address) to your service and see that you receive it, without it being sent to the To address.
Better yet, the few providers that do support it charge as if it were a real email, when none of the delivery costs exist on their end (there are infrastructure costs, sure, but there is none of the reputation risk nor need for clean IPs, the reason people use transactional services like these in the first place).
Outlook/Hotmail blocks DigitalOcean. After half a dozens attempts over the years to delist my IP, and following all the best practices (dedicated fixed IP, SPF, DKIM, DMARC, FCrDNS, zero spam, TLS, etc.) I gave up.
Eventually, most people realize that their Outlook/Hotmail email service is defective because they're not receiving emails, and they migrate to another email service.
> Eventually, most people realize that their Outlook/Hotmail email service is defective because they're not receiving emails, and the move to something else.
Or people realise that DO's current anti-abuse is very insufficient and will move to something else.
Outlook/Hotmail is the only service that's blocking my emails.
I've been with DigitalOcean for 10 years. Beforehand it was just a matter of filling a form and waiting 24 hours to get the IP whitelisted. A few years ago, Microsoft started refusing whitelisting IPs.
DigitalOcean on the other hand started blocking SMTP by default for new customers since June/2022 [1], and thus significantly reduced the amount of spam coming out of their network. That said, they're still not doing enough to stop spam from their network, and they're still a source of spam [2].
I can cryptographically prove the identity of the server (and thus its reputation), and there's no justified reason to block mails based only on the network's IP address, while ignoring all the other factors.
I have a personal mail server and I too had no choice but to blacklist DO.
They generate a lot of phishing emails (rather than conventional spam). I used to diligently report it to their abuse contact, but they don't seem to care or do anything about it in the slightest.
> most people realize that their Outlook/Hotmail email service is defective
This is exactly what I've begun telling people and warning friends and family members about. I run my own email... well I run my own ISP at this point and we have our own dedicated block of IPv6 addresses but still rely on IPv4 addresses from our cloud providers and I've started to grow frustrated by the lack of movement by the incumbent email providers that I've started just straight up telling people don't expect any email delivery from me if you're using any provider that still lacks proper IPv6 on their SMTP servers.
It's no longer my problem and I will happily tell people that their email provider is defective and that they need to find a new host. If that is too much for them, to bad so sad not my problem. I did everything I could do. At some point you have to stop trying to work around "Big Cloud" and their nonsense.
Microsoft blocking a mail server and DO being blocked aren't necessarily the same thing.
I service a number of MS accounts (hosted domain and O/H/live.com) and they block mail from small servers I manage - and from (non-major) online services I work with. There are forums frequent that send verification mails to MS addys that never arrive.
Past that: My last time blocking mail server attacks from DO IPs is today. It's always today and has been years and years. Not just DO. OVH, Psychz and a at least doz more attack with that consistency.
[edit: Post below mentions DO SMTP changes in 2022. DO is still attacky but less attacky is possible. Not sure.]
And not that far behind, Amazon. Amazon is a lot harder because unlike the above, I regularly get legit traffic from them.
I've had decent deliverability to some of my Outlook addresses from my Digital Ocean droplets for about a decade. Low volume (a dozen or so a week?), only to a few dozen addresses. I had poor deliverability until I updated the Reverse DNS to match my sending hostname. Since then, I have not had a single email get filtered.
Or folks will check where their spam comes from. At least 2-3 years ago digital ocean was a ridiculously major source of spam. I've no interest in investigating why, but there is a near zero chance they were following anything like "all the best practices".
This is from DO's own site based on a quick search:
"I am being BOMBARDED, and I mean BOMBARDED with spam from Digital Ocean over 5 spams a day all from the same bunch of domains, all hosted on DigitalOcean and coming from your IPs.
In the last 2 weeks I’ve emailed your abuse mailbox 20+ times and filled in the contact abuse form 10+ times.
NOTHING is being done about it. My next plan of action is to keep posting here until Digital Ocean takes action.
Do you even have an abuse team? are they doing any work at all? I can provide 30 more samples if needed."
Absolutely pathetic - all major providers should blackhole email from DO.
Note that this contrasts to AWS. I was on AWS from flat network days (where folks were running scans internally etc. AWS respond with a ticket usually to abuse reports and then usually a bit later a note that things have been taken care of.
How does AWS which is FAR larger in IP address space than DO have so much LESS spam coming from their IP address space? Perhaps because they pay a tiny bit of attention to the issue.
This probably isn’t directly helpful or relevant advice, but I don’t see a good reason to spend double on DigitalOcean droplets compared to what you get with Hetzner Cloud.
I had this problem for years. I would get the block lifted and it would return in short order. I surmise it’s because my mail server runs on a VPS and other users on my subnet are not well behaved (actually I know this for a fact).
I solved the problem by paying for a next hop SMTPS server as an upstream smarthost for non-local mails. That means my mails come from a subnet that fronts TONS of other servers/domains. That makes it a bigger headache for MS to block.
Sad but there you go. I do not use the external service for inbound. Inbound mails come direct to my server per the MX.
Wow, Outlook actually tells you they blocked you? My email (custom gmail domain btw) just ends up in the Spam folder of outlook clients with no notification at all.
That's a different issue. You're usually not notified of spam designations, but bounces (where the mail server completely refuses to accept your email) do usually receive a notification. If you're designated as both (for example if you keep sending email that bounces) you'll get blackholed and wont receive any bounce notification either.
When I used to self-host my emails, GMail would "accept" mails then drop them. Microsoft was kind enough to tell me they dropped them but getting out of the blacklists was a pain.
An advantage of landing in spam is that the user still has a choice and is in control. Rejecting outright is a "lalalala I can't hear youu!!" type of stupid situation that only big providers can get away with, without the users realizing their bigcorp is the one with delivery issues
Another useful tool is https://www.learndmarc.com/ -- I found the presentation very helpful when I was finally getting on the DMARC train a while back.
I self host. Over the years, I've had both situations with outlook. I've tried many things.
As it happens, I noticed my mails have gone through just fine in the last months, at least to companies using Microsoft services without me doing anything specific, after I threw the towel with Outlook. I did switch VPS providers almost a year ago, though to a provider that I expect to be more filtered (ovh).
I guess my question is can you please fix your braindead blacklisting?
Several times per year—I can practically guarantee it’ll happen sometime in December, and indeed had to deal with this just five days ago—I end up with a bunch of users whose email notifications stop working because Microsoft have started blocking the entire netrange where my server lives. I don’t have control over other Linode customers, guys! I even wrote extra code to stop sending mail to addresses that start bouncing specifically to avoid blacklisting, so after MS finally processes a blacklist mitigation request, someone also has to go in and re-enable those accounts.
SPF, DKIM, DMARC are all configured; I’ve sent from the same IP address for about a decade; I’ve not once received an email abuse report; mail volume is low (most days, volume does not reach the minimum threshold for SNDS to report data[0]). I’ve never had any other mail provider blacklist my server. SNDS always says everything is OK as I am S3150s. What is even the purpose of SNDS at this point when it lies about what is going on?
[0] P.S. The janky SNDS calendar widget resets the month to the current month every time you click on a date, even if the date being viewed is in a previous month. I don’t have any hope that anyone will ever touch SNDS code again since it was clearly designed in the early 2000s and the copyright on the site is now ten years old, but this is a pretty silly bug.
My guess is that the effectiveness issue isn’t actually due to SNDS and is probably related to sender reputation having famously high false positive rates. I read a paper a while back which introduced a different algorithm with tighter bounds on regret, I didn’t really understand it tbh, but I can implement it behind a flight and run a data study to see if it works better. The problem is that most graph based stuff doesn’t scale super well because of something-something complexity classes. I think the lady who architected it 5 years ago didn’t do a great job and there’s a bunch of arbitrary config stuff which was put as a placeholder and then became enshrined in stone… but the guy maintaining it rn is really smart so I’ll have him review my half-assed PR when he’s back next week (and idk how long it’ll take to finish the other half of it, shit never ships around here).
About the calendar widget thing… man am I glad I our team doesn’t own that. No one ever touches legacy stuff cause they’re afraid it’ll break or no one will update but the trick is to file it as an accessibility bug since that gets someone to actually prioritize it since it shows up in reports that the execs read. But dude good luck getting that off the backlog, the one engineer we have who is good at UX stuff (i.e, can code with both quality and velocity instead of just one) has her hands full as is.
Here is the issue that most ESPs are facing.. Every 5-6 months something is being enabled or not from Outlook's side which affects either IPs or the domain name of the sender and messages land in Junk folder or in quarantine zone.
Now, I do know that the IPs might be affected by complaints or spamtraps, or maybe the client sent something suspicious, but trust me most ESPs don't allow those messages to be sent. Also, when the IPs appear GREEN in SNDS, and SPF/ DKIM and DMARC are a part of DNS authentication and headers appear like this: CAT:HSPM;SFS:(13230031)(4636009)(451199024)(7596003)(356005)(7636003)(86362001)(450100002)(8676002)(1096003)(14286002)(34206002)(5660300002)(336012)(26005)(42186006)(9686003)(33656002)(83380400001)(7846003)(33964004)(564344004);DIR:INB;
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
You are expecting that quarantine zone is the last place to find a legit message.
For obvious reasons I won't share more details, but I bet that from time to time someone is messing with spam filters that can easily result in false positive and angry senders.
In any case, especially when we raised tickets to Outlook, at least please inform your team not to reply like robots. If they will share with us the exact reason why a message landed in junk folder that would really help us. If it is the content, we will change it. If it is related with the sender, we will block the sender. If those are complaints, we will block senders and check their subscription sources, but at least we need something especially when SNDS shows Green IP, 0 spamtraps, 0 complaints.
Thank you for reading this.
Yo I’m not even gonna apologize about this, it would be so wack if we didn’t do that:
a) if a mail sever looks like it’s gonna send spam, then you gotta block it. I personally have philosophical hang ups about this, like it’d be wrong to sentence someone to prison for crimes they didn’t commit just because a system added up some points and made a prediction with high confidence, but in real life, you absolutely need to be proactive.
b) there is literally no way to do this that wont immediately get abused. Trust me we’ve tried. We make it nearly impossible to get unlocked on purpose because if it was easy, then it’d be like 1 innocent person using it and 99 attackers due to the adversarial incentive structures.
Now ofc there’s more nuance here, we really do want to get it wrong less often, and you do pay us so it’s not fair to blame it all on the bad guys, so I’m grateful for the feedback but I think you should give me even more detailed feedback since there’s not much I can do except give a vague high level explanation unless you help me by being specific.
Similar question as my sibling comments. I have rented a server with a static IP address for over ten years now. Nobody else has used this IP during this time. Yet, every few months I have to beg Microsoft to unblock the IP. In the beginning I could do this on my own, but something changed a few years ago and now I have to beg my ISP (netcup) instead to contact Microsoft on behalf of me to temporarily whitelist the domain. Then wait another 2-3 months and do the same dance again.
Why? Why can Microsoft not learn that an IP has been healthy and spam-free for 10+ years and only bother me when there is actual spam is being sent?
Aww man, not joking this actually breaks my heart, something about the way you wrote it makes it sink in how much we’ve failed you. I’m angry at how much of your time we’ve wasted and this experience is completely unacceptable.
…I think this is just a systemic issue beyond my ability to comprehend, let alone solve, and— I hope I’m wrong about this but honestly when I look ahead it seems the future is only going to get worse for people like you. Which I wish I could phrase in a way that was more kind and respectful, it’s not what anyone wants, these unthinking scars inflicted on email as a medium.
But what I can do is make sure that it’s not worse for you, specifically. If I was perfect I’d attack this rot at its core, but I’m not, so I’ll just solve the problem in front of me even though I know it doesn’t scale and hope God forgives me. Get in touch with me directly and I’ll figure out how to make sure you don’t have to jump through those hurdles again.
Why doesn't whitelisting an address ensure one receives messages from it, the address has never sent spam, sends at most a couple of emails a day. But I couldn't receive emails from it, there was no notification or information despite the address being on my whitelist?
Huh? This shouldn’t be possible in principle? Don’t quote me on that though, I wish I’d paid more attention to my notes but they’re a mess and haven’t kept up with newer changes, if they were accurate at all in the first place. I’d submit an escalation so support can look into it.
Eg. Known bad domains, known bad IP addresses, incorrectly setup DKIM / SPF, no reverse DNS, non-matching reverse DNS, and that's before even looking at content to determine whether spam.
For privacy and compliance reasons (read: “oh boy wouldn’t wanna get sued, eh?” reasons) we actually don’t snoop into the message body much. Hooray, good job on not doing the maximally big brother thing for once, MS!
My hot take is that this prolly won’t last because every org descends to doing a creepy level of data collection eventually so I have a textbook on privacy preserving ML downloaded for when we join the “surveillance but we found a way to make it technically legal” squad. We haven’t done that yet though.
What's the best way to quickly get MS to trust a server/domain?
Does MS ignore IP reputation in cases where the domain has a good reputation?
How would you go about getting a new domain and an IP address from a public cloud provider working consistently?
I've had issues with outlook when it comes to new domains and IPs, but after some time it works. I do however usually have more email than a personal server so what's the best way - if such a thing exists - for a personal server that has much lower volume of mail to be trusted?
Hmm, oh wow, occasionally I’m reminded that if I flipped sides to run phishing campaigns I’d be totally unstoppable.
There isn’t a quick way, by design. You need to wait a minimum period and meet some predicates, and the organized scammers already know what the period is via empirical testing but I’m not comfortable disclosing details of those predicates for disorganized scammers to use. More so because I’d definitely get into trouble for it than due to any belief in security via obscurity. Cushy job makes you risk averse.
Since I can’t share any of the tricks, some general advice— the main thing that matters is a long track record of good behavior. You can end up in a vicious cycle where you fight the system when it punishes you and then it doubles down on the beatings— this is bizarre and kafkaesque and happens all the time. What you want is for there to be two-way communication, if it’s unbalanced with traffic being broadcast but no one engaging with it, that’s going to be cracked down on sooner than if recipients reply.
I don’t. I have slept in the daytime ever since covid and actually got a move to the east coast approved as a health accommodation after I started routinely missing important afternoon meetings due to my incurable insomnia (mornings are easy when you stay up all night). I still struggle with it, especially since it’s not a consistent offset to my circadian rhythm. There’s data I’ve collected but it’s hard to fit a simple function to it— it’s not like I’m on a 26 hour schedule either. This isn’t due to trauma or addiction, my brain is just an outlier in many dimensions and this is one of them.
My penis enlargement pill newsletter isn't showing up in my customers' inboxes. I could have been a penis-enlargement millionare if it wasn't for your stupid spam filter. What to do?
After many years of regularly getting blocked by Hotmail and outlook.com, I just decided to reject every incoming email from Hotmail and Outlook with an error message explaining the situation. If they don't allow me to respond to emails sent by their customers, why would I allow them to send me emails in the first place?
Readit News
1. Visit https://olcsupport.office.com/ and submit the complaint.
2. Wait for the auto-reply, followed by the "Nothing was detected" email.
3. Reply to the latter with "Escalate" in the body.
Within a day, they hammer shit in place and the block is removed.
We have implemented mitigation for your IP (51.15.2.26) and this process may take 24 - 48 hours to replicate completely throughout our system.
So thanks to the federated/decentralized design of email, is totally possible to be part of the network without any special privileges.
We are sending millions of emails every day though, which is quite different to sending a couple hundred personal emails a week. If you’re running this on a cloud host, expect to be blocked by default. However if you can find a small vps provider you’ll have better luck on sending yourself.
But it was really not that much work again. Just unfortunate, because one big Mail provider just discarded instead of rejecting my mails. After this was settled, everything works quite nice again. Important to me is keeping spf, dkim, dmarc and now also mts up to date. See mail-checker.com e.g.
I still wonder though, why some big mail providers do not do dkim/dmarc? I happen to realize this when I started to fight spam and gave incoming mails without dkim/dmarc a high spam score.
A product like this is exactly what I've been looking for with pretty great pricing.
The one thing that this (and most providers) are missing is making email easy to test. I'm about to launch a product where email is critical, and there's no way to send an example email (with a non-test email address) to your service and see that you receive it, without it being sent to the To address.
Better yet, the few providers that do support it charge as if it were a real email, when none of the delivery costs exist on their end (there are infrastructure costs, sure, but there is none of the reputation risk nor need for clean IPs, the reason people use transactional services like these in the first place).
Eventually, most people realize that their Outlook/Hotmail email service is defective because they're not receiving emails, and they migrate to another email service.
Or people realise that DO's current anti-abuse is very insufficient and will move to something else.
DigitalOcean on the other hand started blocking SMTP by default for new customers since June/2022 [1], and thus significantly reduced the amount of spam coming out of their network. That said, they're still not doing enough to stop spam from their network, and they're still a source of spam [2].
I can cryptographically prove the identity of the server (and thus its reputation), and there's no justified reason to block mails based only on the network's IP address, while ignoring all the other factors.
1. https://www.digitalocean.com/blog/smtp-restricted-by-default
2. https://www.uceprotect.net/en/l3charts.php
They generate a lot of phishing emails (rather than conventional spam). I used to diligently report it to their abuse contact, but they don't seem to care or do anything about it in the slightest.
This is exactly what I've begun telling people and warning friends and family members about. I run my own email... well I run my own ISP at this point and we have our own dedicated block of IPv6 addresses but still rely on IPv4 addresses from our cloud providers and I've started to grow frustrated by the lack of movement by the incumbent email providers that I've started just straight up telling people don't expect any email delivery from me if you're using any provider that still lacks proper IPv6 on their SMTP servers.
It's no longer my problem and I will happily tell people that their email provider is defective and that they need to find a new host. If that is too much for them, to bad so sad not my problem. I did everything I could do. At some point you have to stop trying to work around "Big Cloud" and their nonsense.
Microsoft blocking a mail server and DO being blocked aren't necessarily the same thing.
I service a number of MS accounts (hosted domain and O/H/live.com) and they block mail from small servers I manage - and from (non-major) online services I work with. There are forums frequent that send verification mails to MS addys that never arrive.
Past that: My last time blocking mail server attacks from DO IPs is today. It's always today and has been years and years. Not just DO. OVH, Psychz and a at least doz more attack with that consistency.
[edit: Post below mentions DO SMTP changes in 2022. DO is still attacky but less attacky is possible. Not sure.]
And not that far behind, Amazon. Amazon is a lot harder because unlike the above, I regularly get legit traffic from them.
This is from DO's own site based on a quick search:
"I am being BOMBARDED, and I mean BOMBARDED with spam from Digital Ocean over 5 spams a day all from the same bunch of domains, all hosted on DigitalOcean and coming from your IPs.
In the last 2 weeks I’ve emailed your abuse mailbox 20+ times and filled in the contact abuse form 10+ times.
NOTHING is being done about it. My next plan of action is to keep posting here until Digital Ocean takes action.
Do you even have an abuse team? are they doing any work at all? I can provide 30 more samples if needed."
Absolutely pathetic - all major providers should blackhole email from DO.
Note that this contrasts to AWS. I was on AWS from flat network days (where folks were running scans internally etc. AWS respond with a ticket usually to abuse reports and then usually a bit later a note that things have been taken care of.
How does AWS which is FAR larger in IP address space than DO have so much LESS spam coming from their IP address space? Perhaps because they pay a tiny bit of attention to the issue.
* Latency: Hetzner's ping latency is more than double for me
* Switching costs: migrating hosting providers can be time consuming
That said, I agree that DigitalOcean isn't good value for money anymore.
I solved the problem by paying for a next hop SMTPS server as an upstream smarthost for non-local mails. That means my mails come from a subnet that fronts TONS of other servers/domains. That makes it a bigger headache for MS to block.
Sad but there you go. I do not use the external service for inbound. Inbound mails come direct to my server per the MX.
Mailgun has been very good to me, highly recommended.
https://www.mail-tester.com/
As it happens, I noticed my mails have gone through just fine in the last months, at least to companies using Microsoft services without me doing anything specific, after I threw the towel with Outlook. I did switch VPS providers almost a year ago, though to a provider that I expect to be more filtered (ovh).
Several times per year—I can practically guarantee it’ll happen sometime in December, and indeed had to deal with this just five days ago—I end up with a bunch of users whose email notifications stop working because Microsoft have started blocking the entire netrange where my server lives. I don’t have control over other Linode customers, guys! I even wrote extra code to stop sending mail to addresses that start bouncing specifically to avoid blacklisting, so after MS finally processes a blacklist mitigation request, someone also has to go in and re-enable those accounts.
SPF, DKIM, DMARC are all configured; I’ve sent from the same IP address for about a decade; I’ve not once received an email abuse report; mail volume is low (most days, volume does not reach the minimum threshold for SNDS to report data[0]). I’ve never had any other mail provider blacklist my server. SNDS always says everything is OK as I am S3150s. What is even the purpose of SNDS at this point when it lies about what is going on?
[0] P.S. The janky SNDS calendar widget resets the month to the current month every time you click on a date, even if the date being viewed is in a previous month. I don’t have any hope that anyone will ever touch SNDS code again since it was clearly designed in the early 2000s and the copyright on the site is now ten years old, but this is a pretty silly bug.
About the calendar widget thing… man am I glad I our team doesn’t own that. No one ever touches legacy stuff cause they’re afraid it’ll break or no one will update but the trick is to file it as an accessibility bug since that gets someone to actually prioritize it since it shows up in reports that the execs read. But dude good luck getting that off the backlog, the one engineer we have who is good at UX stuff (i.e, can code with both quality and velocity instead of just one) has her hands full as is.
You do have control over being a Linode customer though. If Linode isn't doing enough to prevent abuse, they deserve to be blocked.
a) if a mail sever looks like it’s gonna send spam, then you gotta block it. I personally have philosophical hang ups about this, like it’d be wrong to sentence someone to prison for crimes they didn’t commit just because a system added up some points and made a prediction with high confidence, but in real life, you absolutely need to be proactive. b) there is literally no way to do this that wont immediately get abused. Trust me we’ve tried. We make it nearly impossible to get unlocked on purpose because if it was easy, then it’d be like 1 innocent person using it and 99 attackers due to the adversarial incentive structures.
Now ofc there’s more nuance here, we really do want to get it wrong less often, and you do pay us so it’s not fair to blame it all on the bad guys, so I’m grateful for the feedback but I think you should give me even more detailed feedback since there’s not much I can do except give a vague high level explanation unless you help me by being specific.
Why? Why can Microsoft not learn that an IP has been healthy and spam-free for 10+ years and only bother me when there is actual spam is being sent?
…I think this is just a systemic issue beyond my ability to comprehend, let alone solve, and— I hope I’m wrong about this but honestly when I look ahead it seems the future is only going to get worse for people like you. Which I wish I could phrase in a way that was more kind and respectful, it’s not what anyone wants, these unthinking scars inflicted on email as a medium.
But what I can do is make sure that it’s not worse for you, specifically. If I was perfect I’d attack this rot at its core, but I’m not, so I’ll just solve the problem in front of me even though I know it doesn’t scale and hope God forgives me. Get in touch with me directly and I’ll figure out how to make sure you don’t have to jump through those hurdles again.
Deleted Comment
What's the rationale there?
Eg. Known bad domains, known bad IP addresses, incorrectly setup DKIM / SPF, no reverse DNS, non-matching reverse DNS, and that's before even looking at content to determine whether spam.
My hot take is that this prolly won’t last because every org descends to doing a creepy level of data collection eventually so I have a textbook on privacy preserving ML downloaded for when we join the “surveillance but we found a way to make it technically legal” squad. We haven’t done that yet though.
What do you mean by tiers, exactly?
Does MS ignore IP reputation in cases where the domain has a good reputation?
How would you go about getting a new domain and an IP address from a public cloud provider working consistently?
I've had issues with outlook when it comes to new domains and IPs, but after some time it works. I do however usually have more email than a personal server so what's the best way - if such a thing exists - for a personal server that has much lower volume of mail to be trusted?
There isn’t a quick way, by design. You need to wait a minimum period and meet some predicates, and the organized scammers already know what the period is via empirical testing but I’m not comfortable disclosing details of those predicates for disorganized scammers to use. More so because I’d definitely get into trouble for it than due to any belief in security via obscurity. Cushy job makes you risk averse.
Since I can’t share any of the tricks, some general advice— the main thing that matters is a long track record of good behavior. You can end up in a vicious cycle where you fight the system when it punishes you and then it doubles down on the beatings— this is bizarre and kafkaesque and happens all the time. What you want is for there to be two-way communication, if it’s unbalanced with traffic being broadcast but no one engaging with it, that’s going to be cracked down on sooner than if recipients reply.
> Delivery to xxx@outlook.com failed with error: outlook-com.olc.protection.outlook.com. said:...
He got error messages? I get mail silently dropped.
MS drops mail from my reputable mail servers - and from rep svs that send mail to MS accts I manage.
Did you sign up to their JMRP to figure out what they didn't like or how were they blocking you?