From: "Lewis G Rosenthal" Received: from [192.168.100.201] (account lgrosenthal@2rosenthals.com HELO [192.168.100.19]) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPSA id 12901332 for ecs-isp@2rosenthals.com; Thu, 24 Apr 2025 14:29:05 -0400 Subject: Re: [eCS-ISP] Trouble getting mail delivered to Office365 (outlook.com), ProofPoint, and Barracuda protected domains To: eCS ISP Mailing List References: Organization: Rosenthal & Rosenthal, LLC Message-ID: <680A82E9.2050301@2rosenthals.com> Date: Thu, 24 Apr 2025 14:28:57 -0400 User-Agent: Mozilla/5.0 (OS/2; Warp 4.5; rv:38.0) Gecko/20100101 Firefox/38.0 SeaMonkey/2.35 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi, Peter... On 04/23/25 09:46 pm, Peter Moylan wrote: > On 24/04/25 10:18, Peter Moylan wrote: >> >> The big problem, I suspect, is that some big mail services might be >> adopting a "silently reject" policy, simply discarding mail they >> don't like instead of returning a failure reply. My choir uses a >> Yahoo mail account (against my advice), and a problem we had was >> that messages to all members went only to some members, and we were >> never notified about the failures. I'm no longer on the choir >> organising committee, so I don't know whether they are still doing >> it. > > You might be asking "why were there delivery failures?". In that case it > was because Yahoo mail was (and possibly still is) a major source of > spam, so it was often blacklisted. Because of this, Yahoo adopted a > policy of not telling senders when their mail wasn't deiivered. > > The 2rosenthals server is not blacklisted, but it could be on someone's > private blacklist. > It's even more sinister than that. Apparently, some of the latest deep scanning techniques probe the website(s) associated with the sender domain. In my case, the 2rosenthals.com site was compromised (again; good ol' WordPress). The hack was trivial (a malicious plugin with a payload blocked outbound by the firewall, so essentially harmless), though it did also include a wonky referrer in the index page, which was (thanks to the miracle of WordPress dynamic page caching) cached. Yech. I was able to set the site back to normal in short order, and I can confirm that emails from other hosted domains here (e.g., arcanoae.com) do get through the affected filters (e.g., .mail.protection.outlook.com). I think it should just be a mater of time, now, until we get re-probed and drop off of the internal blocklists. I keep sending test emails. What an ordeal. And to your point, it is indeed frustrating when not only is the email blackholed (and I can almost agree with that for syntactic issues and/or lack of proper RDNS pointer or sending from a dynamic IP), but when Microsoft support actually responds to my ticket telling me "Nothing was detected to prevent your mail from reaching Outlook.com customers." Not very helpful, that. So far, I've tested from arcanoae.com going to addresses behind ProofPoint and Office365 for Business domains, and all is working as it should. Still waiting for 2rosenthals.com to get let off the naughty list. 12 hours of my life I'll never get back. Thanks for the thoughts, all. -- Lewis ------------------------------------------------------------- Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA Rosenthal & Rosenthal, LLC www.2rosenthals.com visit my IT blog www.2rosenthals.net/wordpress -------------------------------------------------------------