When you telnet to your mail server [externally] does the host mentioned in the Helo greeting match any A name record?

Sometimes there are issues with multiple PTR records existing for an IP address. Some client programs only pull the first one (when there could be 20!). Some DNS servers respond with the PTR records in different order on sucessive lookups.

Where was the PTR record added? At the server owner's domain or yours? Ideally MX ---> A ---> IP ---> PTR ---> domain A record should exist. All forward/reverse lookups between any pair should work, return as authoritative and be correct data.

When you telnet to your mail server [externally] does the host mentioned in the Helo greeting match any A name record?

HELO test.com
250 example.co.uk

Where was the PTR record added?

Where can I check that? I don't think it exists that's why the mail recipients are bouncing.

The DNS records in the first post are what I set when the server was setup. Those are the only records I recall setting up.

---

I made a recent change to the SPF because I had changed ISP since then and I believe the @all is no longer relevant. The SPF record is now:

v=spf1 mx a a:smtp.myisp-example.net ?all 

I do not know if this is a coincidence but this change seems to have upset microsoft. I am now receiving bounces for mail (sent from the server) to outlook and hotmail recipients. The error code is 550 SC-001

But this could be due to the DNS issue. If I run the IP address through senderbase dot org I see this warning:

Fwd/Rev DNS Match No

"Forward and Reverse DNS lookups are performed to see, if the name to IP and IP to name DNS lookups produce the same results. This feature is used to see if DNS is correctly set up for a host and can be an indicator for a malicious host."

That could be why microsoft destined emails are bouncing.

So what do I need to add to resolve this DNS lookup issue?

Your mail server's IP address must have an A record and a PTR record in the domain named in the From address.

Where and how do I do that?

In the domain name service I use the Control Panel only has these options:

Hostname: _____________
Type (A - AAAA - CNAME - MX - TXT/SPF - SRV) __
Destination IP Address: _____________

If this has to be setup on the webserver itself, then where do I add it?

OK, this had to be configured by the webhosters / datacenter. They added the record and I am now not getting any Fwd/Rev DNS mismatch errors.

Good to know.

Funny you should raise this - I had a similar error and there was nothing we had changed in many, many, years. I wonder why this has become an issue now?

DMARC has been applied, among other things.

I think I have a solution now. And here is an unusual tale of dealing with a highly efficient Microsoft employee or automated droid - I can not work out which.

What Was The Issue?
I could not send mail to microsoft addresses. outlook.com, hotmail.com and hotmail.co.uk. Server generated mail (forum reply notifications, subscription confirmations) and support emails from the office desktop device were all being returned instantly.

Why?
For some reason microsoft was rejecting any mail to outlook and hotmail for email from mydomain,co,uk

For server generated mail the error code is always 550 SC-001 (COL004-MC1F54)
and for the desktop support email account the error code is always 550 SC-001 (SNT004-MC1F30)

Why Now?
I do not know. This first started in June where just a couple of emails a week would bounce (intermittently).

But last week this went into total block mode. I am now receiving around 50 undelivered messages a day.

Did You Cause This?
Possibly. I was reading about beefing up email settings (DMARC and such) and whilst I put that on the back burner for now I did change the SPF record, because it looked to have an expired configuration.

It could be that the change in SPR record caused microsoft to put a total block on it.

Do You Spam, Is Your Email Relaying and Such? What is Your Reputation? Are you on Blacklists?
No we are low volume mail! The mail account is nailed down and we do have good reputation scores. On a typical mail sender scoring site we are scoring 87, which is above the recommended 80.

We are not on any blacklists.

Are All DNS Records Correct?
There was an issue with Reverse / Forward DNS mismatch. This was corrected by the datacenter 24hours ago and sites that reported the mismatch are now not. But it could be that microsoft still think there is a mismatch and that is why the are bouncing the emails.

According to mxtools, Domain Health Report we have:

1 Error - Missing DMARC record
1 Warning - SOA Refresh Value is outside of the recommended range
287 Passed

Have You Contacted Microsoft
Yes. I did that this morning and the reply was unusual. The first is that it was all actioned in minutes. I was expecting an response in days or possibly weeks but Microsoft are hinting that "the ban is lifted".

On submission of the form there was an instant reply:

Reported deliverability problem to Outlook.com
Dear Frank Rizzo

Please note that your ticket number is in the subject line of this mail.

1.1.1.1

Note: Errors are unlikely, however, if an error is indicated, please resubmit the specific IP or IP range.

Thank you,

I do not understand that. It is a bit cryptic. They start the reply formally but then state errors are unlikely. What does that mean? Is an error indicated? Why do I have to resubmit the specific IP when they already know it?

A few minutes later I received this:

Dear Frank Rizzo

We have completed reviewing the IP(s) you submitted. The following table contains the results of our investigation.

Conditionally mitigated
1.1.1.1
Our investigation has determined that the above IP(s) qualify for conditional mitigation. These IP(s) have been unblocked, but may be subject to low daily email limits until they have established a good reputation.

Please note that mitigating this issue does not guarantee that your email will be delivered to a user’s inbox.

Ongoing complaints from users will result in removal of the mitigation.

Mitigation may take 24 - 48 hours to replicate completely throughout our system.

If you feel your issue is not yet resolved, please reply to this email and one of our support team members will contact you for further investigation.

Regardless of the deliverability status, Outlook.com recommends that all senders join two free programs that provide visibility into the Outlook.com traffic on your sending IP(s), the sending IP reputation with Outlook.com and the Outlook.com user complaint rates.

So the IP was blocked and that they will correct the issue slightly but there is a condition attached.

I have no idea why it was blocked, and thus I have no idea if I can't meet the conditions again. Therefore it could be blocked again in the future.

Is it Now Fixed?
Yes it is. I just sent a test email from the support desktop account and it was immediately delivered to a hotmail client.

A server sent email has not been delivered yet but also there is no bounce. They used to be instant.

What DId I Learn?
Should have configured reverse PTR records a long time ago. Even though things were working then, changes in 3rd party sites policies could cause problems later. It is clear that Microsoft had changed something (tightened up on servers that had "something not quite right" and started blocking mail). In my case it was probably the fact that there was a Rev/Fwd DNS mismatch.

Even though the problem was corrected (the datacenter added the correct records), and that sites were correctly reporting all was configured correctly, reputations were intact, DNS health checks passed Microsoft were still blocking.
You then have to fill in a form asking Microsoft to lift the block.

Past behaviour, partial DNS setup and to a degree the block of IP's your site is in are getting higher weight in the SPAM vs Ham decisions post 2012. Some recipients are ahead of the curve and were doing these things in 2010 and others are still only rejecting based on a mail server only having an MX record (with no A record). Ironic in that Hotmail and to a degree MSN was a big source of spam up until recently <G>

Reading postmaster help pages on the recipients website sometimes helps find the last few clues to success including a white-listing application form (if they offer that option). As a semi retired corporate email admin I'd say this is a pretty good outcome in that you got the emails to go through.....sometimes no mater how high the message score or how perfect the DNS is and the network your on never spammed they still reject your efforts.

The is no setting on the sending server to counteract an overzealous recipient email admin who has configured a near impossible set of conditions for inbound message to pass in order to enter! On rare occasions I've had senders scream at me from two inches away and had to tell them to call the other company's president/email admin to get their complaint resolved (as I was out of solutions). Suggesting a phone call or FAX in place of the email got an even darker reaction...