Apple and Microsoft emails bounced
![](https://secure.gravatar.com/avatar/3bf07b524d0449ded0c9e5d3801fe420.jpg?s=120&d=mm&r=g)
Routinely, email posts from Microsoft (.hotmail, .live, .me) and now more recently Apple (.icloud and .mac) are being bounced en masse.
Is there something we or our host can do to stop this from happening?
Appreciate any advice.
Thanks
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 3/6/24 11:59 AM, jan@janalexander.ca wrote:
Routinely, email posts from Microsoft (.hotmail, .live, .me) and now more recently Apple (.icloud and .mac) are being bounced en masse.
What are the reasons for these bounces. If you are not currently seeing bounce DSNs set the list's Bounce processing -> bounce_notify_owner_on_disable setting to Yes and if available, also set bounce_notify_owner_on_bounce_increment.
Is there something we or our host can do to stop this from happening?
At a minimum, assuming Mailman >= 2.1.18, set Privacy options... -> dmarc_moderation_action to Munge From and dmarc_quarantine_moderation_action to Yes. See <https://wiki.list.org/DEV/DMARC>.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/3bf07b524d0449ded0c9e5d3801fe420.jpg?s=120&d=mm&r=g)
We're using 2.1.39 and set to Munge From and quarantine moderation action is set to Yes.
We've had this problem all along, since we took it over in 2019. It has always been the Microsoft products, only this time, the Apple products. Brian Carpenter, bless his soul, used to fix it up for us. We understood from Brian that Microsoft routinely blocks their emails from receiving what appears to them as bulk emails. We're a very small group.
But, maybe it's not that. Jan tells me she gets the notices that (icloud ad mac) emails are blocked (bounced) when no one has sent anything. It's not triggered by a send event. Can you explain that to me?
EMWD, the Mailman host in California, said our DKIM setting was wrong and sent a new one which we've put in the DNS records.
Curiouser, Cathryn
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 3/7/24 3:24 PM, jan@janalexander.ca wrote:
We're using 2.1.39 and set to Munge From and quarantine moderation action is set to Yes.
OK.
But, maybe it's not that. Jan tells me she gets the notices that (icloud ad mac) emails are blocked (bounced) when no one has sent anything. It's not triggered by a send event. Can you explain that to me?
What is the content of these notices? There are many possible reasons why DSNs might not be received until possibly days after a message is sent. Without seeing the notices and possibly the mail logs from the host, I won't speculate.
EMWD, the Mailman host in California, said our DKIM setting was wrong and sent a new one which we've put in the DNS records.
And has that helped? DKIM signing is important and must be properly configured, but that's between you and EMWD. We can't help with that. When Brain was still alive, EMWD was extremely responsive to these issues, but I don't know what their current support situation is.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/3bf07b524d0449ded0c9e5d3801fe420.jpg?s=120&d=mm&r=g)
Below is the bounce notice received. It looks like "Excessive or fatal bounces" is the culprit. Our threshold is set to 5.0. Once the bounce threshold score is reached it checks "nomail" next to the account and disables it. You know all this of course.
However, it's not exactly logical that all the icloud and mac email accounts have excessive bounces at once. Or, the hotmail and live accounts for that matter.
I went back through the EMWD tickets.
- (2019)15 hotmail accounts blocked -- Brian updated the SPF and we put it in our DNS records.
- Hotmail accounts blocked -- (after Brian) updated DKIM, suggested if that didn't work to get our members to "whitelist" our emails
- Hotmail accounts blocked -- EMWD says Microsoft rejecting dedicated mail from our IP, opened escalation request; Microsoft "conditionally mitigates."
- 4 months later -- same thing
- 4 months later -- same thing
- Uniserve emails blocked -- EMWD said: "Looking at the logs, I see that the list is accepting messages from Hotmail/Outlook addresses. However, Microsoft is bouncing messages from the list sent to those addresses - so although other list members are receiving it, they wouldn't see their own messages coming through the list."
- (2024) icloud and mac emails blocked -- prior to this we went to a new host, EMWD updated DKIM and we had the new host company put it in the DNS records.
This is a Mailman mailing list bounce action notice:
List: Neighbours Member: Tashache@me.com <mailto:Tashache@me.com> Action: Subscription disabled. Reason: Excessive or fatal bounces.
The triggering bounce notice is attached below.
Questions? Contact the Mailman site administrator at mailman@mailist.dunbar-vancouver.org <mailto:mailman@mailist.dunbar-vancouver.org>.
From: Mail Delivery System <Mailer-Daemon@mm3.emwd.com> Subject: Mail delivery failed: returning message to sender Date: March 6, 2024 at 11:58:26 AM PST To: neighbours-bounces@mailist.dunbar-vancouver.org
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
Tashache@me.com host mx02.mail.icloud.com [17.57.152.5] SMTP error from remote mail server after end of data: 554 5.7.1 [HM08] Message rejected due to local policy. Please visit https://support.apple.com/en-us/HT204137 Reporting-MTA: dns; mm3.emwd.com
Action: failed Final-Recipient: rfc822;Tashache@me.com Status: 5.0.0 Remote-MTA: dns; mx02.mail.icloud.com Diagnostic-Code: smtp; 554 5.7.1 [HM08] Message rejected due to local policy. Please visit https://support.apple.com/en-us/HT204137
From: neighbours-request@mailist.dunbar-vancouver.org Subject: Neighbours Digest, Vol 232, Issue 6 Date: March 6, 2024 at 9:00:02 AM PST To: neighbours@mailist.dunbar-vancouver.org Reply-To: neighbours@mailist.dunbar-vancouver.org
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 3/8/24 12:10 PM, jan@janalexander.ca wrote:
Below is the bounce notice received. It looks like "Excessive or fatal bounces" is the culprit. Our threshold is set to 5.0. Once the bounce threshold score is reached it checks "nomail" next to the account and disables it. You know all this of course.
However, it's not exactly logical that all the icloud and mac email accounts have excessive bounces at once. Or, the hotmail and live accounts for that matter.
Sure it is. They are all rejecting the same mail so the user's bounce scores all increment on the same messages and reach threshhold on the same message.
This is not a very informative message, but it does say that your mail
and mail server should conform to best practices. The important things
are full circle DNS for the sending server (which is the case for the
mailist.dunbar-vancouver.org domain) and DKIM signing outgoing mail. I
can't see from what you posted if the mail has a valid DKIM signature.
Where there additional headers beyond the From:, Subject:,Date:, To: and
Reply-To: that you posted?
Most of the best practices
are things controlled by the host.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 3/6/24 11:59 AM, jan@janalexander.ca wrote:
Routinely, email posts from Microsoft (.hotmail, .live, .me) and now more recently Apple (.icloud and .mac) are being bounced en masse.
What are the reasons for these bounces. If you are not currently seeing bounce DSNs set the list's Bounce processing -> bounce_notify_owner_on_disable setting to Yes and if available, also set bounce_notify_owner_on_bounce_increment.
Is there something we or our host can do to stop this from happening?
At a minimum, assuming Mailman >= 2.1.18, set Privacy options... -> dmarc_moderation_action to Munge From and dmarc_quarantine_moderation_action to Yes. See <https://wiki.list.org/DEV/DMARC>.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/3bf07b524d0449ded0c9e5d3801fe420.jpg?s=120&d=mm&r=g)
We're using 2.1.39 and set to Munge From and quarantine moderation action is set to Yes.
We've had this problem all along, since we took it over in 2019. It has always been the Microsoft products, only this time, the Apple products. Brian Carpenter, bless his soul, used to fix it up for us. We understood from Brian that Microsoft routinely blocks their emails from receiving what appears to them as bulk emails. We're a very small group.
But, maybe it's not that. Jan tells me she gets the notices that (icloud ad mac) emails are blocked (bounced) when no one has sent anything. It's not triggered by a send event. Can you explain that to me?
EMWD, the Mailman host in California, said our DKIM setting was wrong and sent a new one which we've put in the DNS records.
Curiouser, Cathryn
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 3/7/24 3:24 PM, jan@janalexander.ca wrote:
We're using 2.1.39 and set to Munge From and quarantine moderation action is set to Yes.
OK.
But, maybe it's not that. Jan tells me she gets the notices that (icloud ad mac) emails are blocked (bounced) when no one has sent anything. It's not triggered by a send event. Can you explain that to me?
What is the content of these notices? There are many possible reasons why DSNs might not be received until possibly days after a message is sent. Without seeing the notices and possibly the mail logs from the host, I won't speculate.
EMWD, the Mailman host in California, said our DKIM setting was wrong and sent a new one which we've put in the DNS records.
And has that helped? DKIM signing is important and must be properly configured, but that's between you and EMWD. We can't help with that. When Brain was still alive, EMWD was extremely responsive to these issues, but I don't know what their current support situation is.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/3bf07b524d0449ded0c9e5d3801fe420.jpg?s=120&d=mm&r=g)
Below is the bounce notice received. It looks like "Excessive or fatal bounces" is the culprit. Our threshold is set to 5.0. Once the bounce threshold score is reached it checks "nomail" next to the account and disables it. You know all this of course.
However, it's not exactly logical that all the icloud and mac email accounts have excessive bounces at once. Or, the hotmail and live accounts for that matter.
I went back through the EMWD tickets.
- (2019)15 hotmail accounts blocked -- Brian updated the SPF and we put it in our DNS records.
- Hotmail accounts blocked -- (after Brian) updated DKIM, suggested if that didn't work to get our members to "whitelist" our emails
- Hotmail accounts blocked -- EMWD says Microsoft rejecting dedicated mail from our IP, opened escalation request; Microsoft "conditionally mitigates."
- 4 months later -- same thing
- 4 months later -- same thing
- Uniserve emails blocked -- EMWD said: "Looking at the logs, I see that the list is accepting messages from Hotmail/Outlook addresses. However, Microsoft is bouncing messages from the list sent to those addresses - so although other list members are receiving it, they wouldn't see their own messages coming through the list."
- (2024) icloud and mac emails blocked -- prior to this we went to a new host, EMWD updated DKIM and we had the new host company put it in the DNS records.
This is a Mailman mailing list bounce action notice:
List: Neighbours Member: Tashache@me.com <mailto:Tashache@me.com> Action: Subscription disabled. Reason: Excessive or fatal bounces.
The triggering bounce notice is attached below.
Questions? Contact the Mailman site administrator at mailman@mailist.dunbar-vancouver.org <mailto:mailman@mailist.dunbar-vancouver.org>.
From: Mail Delivery System <Mailer-Daemon@mm3.emwd.com> Subject: Mail delivery failed: returning message to sender Date: March 6, 2024 at 11:58:26 AM PST To: neighbours-bounces@mailist.dunbar-vancouver.org
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
Tashache@me.com host mx02.mail.icloud.com [17.57.152.5] SMTP error from remote mail server after end of data: 554 5.7.1 [HM08] Message rejected due to local policy. Please visit https://support.apple.com/en-us/HT204137 Reporting-MTA: dns; mm3.emwd.com
Action: failed Final-Recipient: rfc822;Tashache@me.com Status: 5.0.0 Remote-MTA: dns; mx02.mail.icloud.com Diagnostic-Code: smtp; 554 5.7.1 [HM08] Message rejected due to local policy. Please visit https://support.apple.com/en-us/HT204137
From: neighbours-request@mailist.dunbar-vancouver.org Subject: Neighbours Digest, Vol 232, Issue 6 Date: March 6, 2024 at 9:00:02 AM PST To: neighbours@mailist.dunbar-vancouver.org Reply-To: neighbours@mailist.dunbar-vancouver.org
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 3/8/24 12:10 PM, jan@janalexander.ca wrote:
Below is the bounce notice received. It looks like "Excessive or fatal bounces" is the culprit. Our threshold is set to 5.0. Once the bounce threshold score is reached it checks "nomail" next to the account and disables it. You know all this of course.
However, it's not exactly logical that all the icloud and mac email accounts have excessive bounces at once. Or, the hotmail and live accounts for that matter.
Sure it is. They are all rejecting the same mail so the user's bounce scores all increment on the same messages and reach threshhold on the same message.
This is not a very informative message, but it does say that your mail
and mail server should conform to best practices. The important things
are full circle DNS for the sending server (which is the case for the
mailist.dunbar-vancouver.org domain) and DKIM signing outgoing mail. I
can't see from what you posted if the mail has a valid DKIM signature.
Where there additional headers beyond the From:, Subject:,Date:, To: and
Reply-To: that you posted?
Most of the best practices
are things controlled by the host.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (2)
-
jan@janalexander.ca
-
Mark Sapiro