Outlook blocked again, but strange response
![](https://secure.gravatar.com/avatar/7cf88649933be81c7f08fbbf722c08e0.jpg?s=120&d=mm&r=g)
Hi,
So it's happened again and I have no idea why, though I suspect some of my IP neighbors may have been put on Microsoft's naughty list as my subnet with Linode was recently listed on Uceprotect level 2. Anyway, I go to send an Email to an Outlook user, and get the typical thing, Unfortunately, messages from XXX.XXX.XXX.XXX weren't sent. Fill out the support request, expect to get conditionally mitigated in a few hours…nope. Instead, I get this:
Hi ,
Thanks for your patience, we are currently experiencing technical difficulties and our engineers are working to resolve the issue at the earliest.
Thanks again,
Outlook.com Deliverability Support
Has anyone received this from Microsoft before? If so, will the issue eventually be resolved, or do I need to wait a few days and submit my request again?
Thanks,
Jayson
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 3/11/24 6:28 PM, Jayson Smith wrote:
UCEPROTECTL2 and even more egergious, UCEPROTECTL3 are IMO scam/extortion lists. They list entire netblocks and then offer to whitelist your specific IP **temporarily** for a fee. Unfortunately some ESPs do use them.
Dealing with Microsoft support about issues like this is a pain. My experience is it's difficult to tell whether their chatty, friendly responses are actually written by a human or a robot and you have to keep repeating stuff as they ask for things which were provided earlier in the thread, but if you are patient and persistent, you eventually get the result you want.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/46f05b3d8ce25ad889788c9d34219727.jpg?s=120&d=mm&r=g)
On Mon, 2024-03-11 at 21:28 -0400, Jayson Smith wrote:
As a Linode (now Akamai) user myself, I can confirm that they have "Issues" with the reputation of their IP address spaces, especially their IPv6 address space. They've been very liberal and helpful in helping us stay connected, as they have for many others, and I've corresponded with them about this issue. They're not doing anything wrong, and crack down on spammers using their cloud servers, but it's not the kinder, gentler Internet of yester-year, and they're, to an extent, caught in the middle.
On top of this, MS Outlook servers are, and have been for a long time, a real PITA, notorious for long time for blocking emails on very flimsy grounds. To the best of my knowledge, there's no fix for this at the list-server level.
The bottom line seems to be that the only email services which work consistently with all recipients are those with deep pockets - Gmail, Yahoo, Microsoft email, etc. If you have the money, you can buy a better reputation for your IP addresses are address group, but it's a money game.
--
Lindsay Haisley | "The first casualty when
FMP Computer Services | war comes is truth."
512-496-7118 |
http://www.fmp.com | -- Hiram W Johnson
![](https://secure.gravatar.com/avatar/fb16bc6b490dbaddb44d743089b2f5ab.jpg?s=120&d=mm&r=g)
From: Lindsay Haisley <fmouse@fmp.com>
Gmail is a major PITA last 12 months, (& yahoo etc long before) http://www.berklix.org/lists/#bad
Greedy google forces all senders to @gmail to use DKIM/SPF so google can make more profit by reducing their staff admin cost. At cost of wasting time extorted from admins of all senders, forced to research advisability of adding SPF/DKIM to smtp (eg in my case sendmail) configs.
I'm an unpaid admin with no free time to be stolen to profit google, I recall articles way back such as "SPF considered bad" but no free time to research now (as major personal events in train). gmail are literaly wasting my time & degrading my mailman lists.
All @gmail addresses on berklix.org mailman lists have received nothing for a long time, blocked by google, & of course I can't email @gmail recipients to say why.
If I get time, I'll write & post a small diff to hack the front page of generic Mailman source to add to Welcome pages such as http://mailman.berklix.org/mailman/listinfo a note such as: The above is a generic welcome to all global instances of Mailman. To see if there are notes specific to this server click here ___
I'm interested what independent mailman-users@ think on technical issues of DKIM/SPF, but `advice' from fined monopolist google Not wanted. http://www.berklix.net/search/#google -> https://www.bbc.com/news/business-54619148
Cheers,
Julian Stacey. Gmail & Googlemail Fail http://berklix.org/jhs/mail/#bad Brits abroad reclaim your http://StolenVotes.UK www.gov.uk/register-to-vote Arm Ukraine. Contraception V. Global warming & resource wars.
![](https://secure.gravatar.com/avatar/dbf97c196d6ec08d02e175372aecc411.jpg?s=120&d=mm&r=g)
On 3/12/24 11:40, Julian H. Stacey wrote:
I'm interested what independent mailman-users@ think on technical issues of DKIM/SPF, but `advice' from fined monopolist google Not wanted.
Search RISKS archives around the time SPF was introduced, that's about the earliest discussion I know of.
Non-technically it's snake oil, obviously: nothing is stopping me from buying a domain (in "national alphabets", too, so there's no shortage of names) using a stolen credit card number, "protect it" so noting comes up in whois, add all the DMARC/DKIM/SPF records imaginable, and start spamming like there is no tomorrow. Once it's blacklisted by everyone: ditch it and buy another. Rinse, lather, repeat.
It's only stopping the small mom-and-pop spammers. And mailman users.
Dima
![](https://secure.gravatar.com/avatar/e2371bef92eb40cd7c586e9f2cc75cd8.jpg?s=120&d=mm&r=g)
Dmitri Maziuk writes:
Disclaimer: I'm not an independent user. I am a Mailman developer, a participant in the development of some of the most recent authentication protocols, and a paid or pro bono consultant on Mailman to three organizations without which the Internet as we know it would not exist (in some exaggerated sense, but it's true ;-).
It's only stopping the small mom-and-pop spammers.
DKIM and SPF are not about stopping spam. They can't be, all they are is authentication of sending hosts. Most sending hosts are multiuser, so stopping spam has to be done by filtering by recipients.
What these protocols do is provide a way to enable trusted senders to reliably get their mail through. As we see from the OP in this thread, that's aspirational, you can do everything according to the stated rules and still get blacklisted, but that's what conforming to protocols can do in theory (and often in practice). And in fact the default is to trust (at least to the extent that the recipient reads your mail to decide based on content whether it's spam instead of slamming the door on MAIL FROM).
And mailman users.
Wrong. It's *enabling* Mailman users. If you're using email to communicate with people who would NOT be using email if it weren't for Minitel, AOL, Gmail, and Outlook365[1], grow up: you have to take the bad with the good.
As long as there are legitimate mom-and-pop shops that don't participate in authentication protocols, the spammers can infiltrate those mail flows because those legit sources are indistinguishable from spammers "warming an IP", as big "ethical spammers" like SalesForce call it. If you're not participating in these protocols, you're helping to enable spam.[2]
I'm not saying there aren't (more or less) legitimate reasons for not participating, at least locally. For example, the host that I use to communicate with students doesn't. I did use the university outgoing gateway at first, but I had to go to direct mail because they kept marking my terse homework submission acknowledgement emails as spam, I think it was mistaking the submission's Message-ID and other non- verbal data for URLs and profiling codes. Of course if you go up a level that's on the university (for one thing, they refused to add SPF and DKIM records for my subdomain).[3]
But most of the time we can do it without great cost. Sure, it's an annoyance, and it's tricky to get set up correctly. But once you have your SPF, DKIM, and DMARC records set up, and your certificates lined up, there's very little maintenance. The university won't give me a certificate for my website for some reason, but so what, LetsEncrypt will, and I don't need a cert that's trusted by people who don't know me. (I used self-signed for a while but LetsEncrypt is even easier.)
Right now I'm doing a 2->3 migration for a medium-size organization that's leaving a coloc host for the cloud, and so they have to give up their IPs. Guess what? SPF and DKIM means their reputation is going to be quite portable to the new IPs. Of course reputation at that level is really only meaningful for recipients at -- you won't believe this -- those big "oppressive" providers like Google and Microsoft who can afford massive ML systems to maintain site profiles. That's not a benefit you get everyday, but in this situation it's big.
I get the feeling that "I'm not a spammer, why do I have to pay this cost?" too. But that's part of being an adult -- you sometimes have to clean up others' messes. The SPF-DKIM-DMARC-ARC dance is just not a very high cost to pay for the vast majority of us, and it's not even all that expensive to buy in the market (but I'm gonna be damned if I don't do my own and you probably feel that way too :-). And it's not just Google and Microsoft that benefit. We do too.
If you want to complain about the big freemail and corporate providers, there are *plenty* of valid complaints. Complete lack of transparency, unresponsive service, failure to follow published rules, imposing high error rates on non-customers and then blaming lost mail on the sender, etc, etc. But asking us to do the minimum to authenticate if we want them to extend trust when our content triggers a false positive isn't one of them.[4]
Steve
Footnotes: [1] And you are -- the complaint was that Google forces you, but that's wrong -- the Gmail users on your lists are the assholes for using Gmail, OK?
[2] And at scale: at one point in early 2014 Yahoo was receiving sustained flows of spam over 1 million per minute, according to a Yahoo admin I personally trust because she gave me a kitten once. :-) She reported that that campaign didn't even try once Yahoo put a p=reject DMARC policy in place.
[3] I do have some sympathy for the postmasters because "it's always September on the Internet."
[4] And that's why my sympathy gets exhausted quickly. "The call is coming from inside the house", I am not anonymous to the university.
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 3/11/24 6:28 PM, Jayson Smith wrote:
UCEPROTECTL2 and even more egergious, UCEPROTECTL3 are IMO scam/extortion lists. They list entire netblocks and then offer to whitelist your specific IP **temporarily** for a fee. Unfortunately some ESPs do use them.
Dealing with Microsoft support about issues like this is a pain. My experience is it's difficult to tell whether their chatty, friendly responses are actually written by a human or a robot and you have to keep repeating stuff as they ask for things which were provided earlier in the thread, but if you are patient and persistent, you eventually get the result you want.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/46f05b3d8ce25ad889788c9d34219727.jpg?s=120&d=mm&r=g)
On Mon, 2024-03-11 at 21:28 -0400, Jayson Smith wrote:
As a Linode (now Akamai) user myself, I can confirm that they have "Issues" with the reputation of their IP address spaces, especially their IPv6 address space. They've been very liberal and helpful in helping us stay connected, as they have for many others, and I've corresponded with them about this issue. They're not doing anything wrong, and crack down on spammers using their cloud servers, but it's not the kinder, gentler Internet of yester-year, and they're, to an extent, caught in the middle.
On top of this, MS Outlook servers are, and have been for a long time, a real PITA, notorious for long time for blocking emails on very flimsy grounds. To the best of my knowledge, there's no fix for this at the list-server level.
The bottom line seems to be that the only email services which work consistently with all recipients are those with deep pockets - Gmail, Yahoo, Microsoft email, etc. If you have the money, you can buy a better reputation for your IP addresses are address group, but it's a money game.
--
Lindsay Haisley | "The first casualty when
FMP Computer Services | war comes is truth."
512-496-7118 |
http://www.fmp.com | -- Hiram W Johnson
![](https://secure.gravatar.com/avatar/fb16bc6b490dbaddb44d743089b2f5ab.jpg?s=120&d=mm&r=g)
From: Lindsay Haisley <fmouse@fmp.com>
Gmail is a major PITA last 12 months, (& yahoo etc long before) http://www.berklix.org/lists/#bad
Greedy google forces all senders to @gmail to use DKIM/SPF so google can make more profit by reducing their staff admin cost. At cost of wasting time extorted from admins of all senders, forced to research advisability of adding SPF/DKIM to smtp (eg in my case sendmail) configs.
I'm an unpaid admin with no free time to be stolen to profit google, I recall articles way back such as "SPF considered bad" but no free time to research now (as major personal events in train). gmail are literaly wasting my time & degrading my mailman lists.
All @gmail addresses on berklix.org mailman lists have received nothing for a long time, blocked by google, & of course I can't email @gmail recipients to say why.
If I get time, I'll write & post a small diff to hack the front page of generic Mailman source to add to Welcome pages such as http://mailman.berklix.org/mailman/listinfo a note such as: The above is a generic welcome to all global instances of Mailman. To see if there are notes specific to this server click here ___
I'm interested what independent mailman-users@ think on technical issues of DKIM/SPF, but `advice' from fined monopolist google Not wanted. http://www.berklix.net/search/#google -> https://www.bbc.com/news/business-54619148
Cheers,
Julian Stacey. Gmail & Googlemail Fail http://berklix.org/jhs/mail/#bad Brits abroad reclaim your http://StolenVotes.UK www.gov.uk/register-to-vote Arm Ukraine. Contraception V. Global warming & resource wars.
![](https://secure.gravatar.com/avatar/dbf97c196d6ec08d02e175372aecc411.jpg?s=120&d=mm&r=g)
On 3/12/24 11:40, Julian H. Stacey wrote:
I'm interested what independent mailman-users@ think on technical issues of DKIM/SPF, but `advice' from fined monopolist google Not wanted.
Search RISKS archives around the time SPF was introduced, that's about the earliest discussion I know of.
Non-technically it's snake oil, obviously: nothing is stopping me from buying a domain (in "national alphabets", too, so there's no shortage of names) using a stolen credit card number, "protect it" so noting comes up in whois, add all the DMARC/DKIM/SPF records imaginable, and start spamming like there is no tomorrow. Once it's blacklisted by everyone: ditch it and buy another. Rinse, lather, repeat.
It's only stopping the small mom-and-pop spammers. And mailman users.
Dima
![](https://secure.gravatar.com/avatar/e2371bef92eb40cd7c586e9f2cc75cd8.jpg?s=120&d=mm&r=g)
Dmitri Maziuk writes:
Disclaimer: I'm not an independent user. I am a Mailman developer, a participant in the development of some of the most recent authentication protocols, and a paid or pro bono consultant on Mailman to three organizations without which the Internet as we know it would not exist (in some exaggerated sense, but it's true ;-).
It's only stopping the small mom-and-pop spammers.
DKIM and SPF are not about stopping spam. They can't be, all they are is authentication of sending hosts. Most sending hosts are multiuser, so stopping spam has to be done by filtering by recipients.
What these protocols do is provide a way to enable trusted senders to reliably get their mail through. As we see from the OP in this thread, that's aspirational, you can do everything according to the stated rules and still get blacklisted, but that's what conforming to protocols can do in theory (and often in practice). And in fact the default is to trust (at least to the extent that the recipient reads your mail to decide based on content whether it's spam instead of slamming the door on MAIL FROM).
And mailman users.
Wrong. It's *enabling* Mailman users. If you're using email to communicate with people who would NOT be using email if it weren't for Minitel, AOL, Gmail, and Outlook365[1], grow up: you have to take the bad with the good.
As long as there are legitimate mom-and-pop shops that don't participate in authentication protocols, the spammers can infiltrate those mail flows because those legit sources are indistinguishable from spammers "warming an IP", as big "ethical spammers" like SalesForce call it. If you're not participating in these protocols, you're helping to enable spam.[2]
I'm not saying there aren't (more or less) legitimate reasons for not participating, at least locally. For example, the host that I use to communicate with students doesn't. I did use the university outgoing gateway at first, but I had to go to direct mail because they kept marking my terse homework submission acknowledgement emails as spam, I think it was mistaking the submission's Message-ID and other non- verbal data for URLs and profiling codes. Of course if you go up a level that's on the university (for one thing, they refused to add SPF and DKIM records for my subdomain).[3]
But most of the time we can do it without great cost. Sure, it's an annoyance, and it's tricky to get set up correctly. But once you have your SPF, DKIM, and DMARC records set up, and your certificates lined up, there's very little maintenance. The university won't give me a certificate for my website for some reason, but so what, LetsEncrypt will, and I don't need a cert that's trusted by people who don't know me. (I used self-signed for a while but LetsEncrypt is even easier.)
Right now I'm doing a 2->3 migration for a medium-size organization that's leaving a coloc host for the cloud, and so they have to give up their IPs. Guess what? SPF and DKIM means their reputation is going to be quite portable to the new IPs. Of course reputation at that level is really only meaningful for recipients at -- you won't believe this -- those big "oppressive" providers like Google and Microsoft who can afford massive ML systems to maintain site profiles. That's not a benefit you get everyday, but in this situation it's big.
I get the feeling that "I'm not a spammer, why do I have to pay this cost?" too. But that's part of being an adult -- you sometimes have to clean up others' messes. The SPF-DKIM-DMARC-ARC dance is just not a very high cost to pay for the vast majority of us, and it's not even all that expensive to buy in the market (but I'm gonna be damned if I don't do my own and you probably feel that way too :-). And it's not just Google and Microsoft that benefit. We do too.
If you want to complain about the big freemail and corporate providers, there are *plenty* of valid complaints. Complete lack of transparency, unresponsive service, failure to follow published rules, imposing high error rates on non-customers and then blaming lost mail on the sender, etc, etc. But asking us to do the minimum to authenticate if we want them to extend trust when our content triggers a false positive isn't one of them.[4]
Steve
Footnotes: [1] And you are -- the complaint was that Google forces you, but that's wrong -- the Gmail users on your lists are the assholes for using Gmail, OK?
[2] And at scale: at one point in early 2014 Yahoo was receiving sustained flows of spam over 1 million per minute, according to a Yahoo admin I personally trust because she gave me a kitten once. :-) She reported that that campaign didn't even try once Yahoo put a p=reject DMARC policy in place.
[3] I do have some sympathy for the postmasters because "it's always September on the Internet."
[4] And that's why my sympathy gets exhausted quickly. "The call is coming from inside the house", I am not anonymous to the university.
participants (6)
-
Dmitri Maziuk
-
Jayson Smith
-
Julian H. Stacey
-
Lindsay Haisley
-
Mark Sapiro
-
Stephen J. Turnbull