This article presents the reasons why you can blacklisted by Microsoft and provides a guide on how to proceed in these situations.
Microsoft maintains its own internal blacklists, which are used to reject emails coming from specific IP addresses. Any IPs listed on the Spamhaus blacklist are also blacklisted by Microsoft. As far as we know, this is the only external (DNS-based) blacklist that Microsoft uses. The rest of the blacklisted IPs are based on Microsoft’s own criteria. These listings are not very transparent, and unfortunately include a large number of false positives, as Microsoft will often list larger ranges.
There are two distinct blacklists that Microsoft uses, each for different platforms. One is for OLC (Outlook Consumer), which is used by outlook.com, hotmail.com, live.com, and msn.com. The other is for Office365.
If you receive an error message from Microsoft when sending emails from a server you have with us, please check the error message to find out which blacklist the IP is on. Please make sure your server isn’t sending any spam, and that your IP isn’t listed on any DNS-based blacklists. Please also ensure your emails comply with the Microsoft policies, practices, and guidelines found on their website: https://postmaster.live.com/pm/policies.aspx
Once you have done that, you can follow the instructions below to get your IP delisted.
OLC (Outlook Consumer)
If an IP is listed on the OLC blacklist, then emails from that IP will be rejected with the following error message:
550 5.7.1 Unfortunately, messages from [x.x.x.x] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors.
Note: there are two error codes that Microsoft uses. S3140 means the IP is fully blocked, while S3150 means it is throttled.
To delist IPs from this blacklist, please fill out the following form: https://olcsupport.office.com/
Once you have filled the form out, you should get a (strangely worded) auto-reply confirming your request was received. Sometimes it takes just a few minutes to get this auto-reply, but it can also take some hours.
After that, and usually within 12 hours, you will get another reply. This time, you will be informed if the IP has been delisted, which Microsoft calls “mitigated” or “conditionally mitigated”. If the email says “not qualified for mitigation”, then it means the IP was not delisted.
This email is the result of an automated process at Microsoft. This initial decision was made by a bot, and in the past few years, the decision is usually that the IP is “not qualified for mitigation”. In this case, please respond and ask for additional information. When you do so, the ticket will be escalated, and an actual staff member at Microsoft will take a look at the IP. In most cases, they will then manually delist the IP.
If they still refuse to delist the IP, and you’ve only recently been allocated the IP, you should tell them this. They will then require an email or PDF confirmation from us, the ISP, with information on when the IP was allocated. To request this confirmation from us, please contact our support team by opening a support request via your account, and let us know exactly what Microsoft needs.
In those rare cases where all of the above fails, we can fill out the delisting form for the IP. We don’t have any special contacts at Microsoft, but their support will sometimes respond differently to a new delisting request. If that doesn’t work for us either, the only solution is to change the IP.
Office365
For Office365 there are two separate, but linked, blacklists, that result in two separate error messages.
The first error message is:
550 5.7.606 Access denied, banned sending IP [x.x.x.x]. To request removal from this list please visit https://sender.office.com/ and follow the directions. For more information please go to http://go.microsoft.com/fwlink/?LinkID=526655 (AS16012609)
To delist IPs from this blacklist, please fill out the form linked to in the error message: https://sender.office.com/
The error message also contains a link to the workflow to get the IP delisted: http://go.microsoft.com/fwlink/?LinkID=526655
If you follow the instructions, the IP should be automatically delisted.
The second error message is:
550 5.7.511 Access denied, banned sender[x.x.x.x]. To request removal from this list please forward this message to moc.t1734104669fosor1734104669cim.g1734104669nigas1734104669sem@t1734104669siled1734104669. For more information please go to http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410) [VE1EUR01FT060.eop-EUR01.prod.protection.outlook.com]
When you contact the email address mentioned in this message, a reply will tell you to either fill out the Office365 delisting form, or to forward a recent error message:
Please ensure that you have resolved any issues generating malicious or abusive traffic from the IP in question and utilize the portal found at https://sender.office.com/ <https://sender.office.com/> to complete the process of IP removal.
Then please wait for 1-2-hour delay before this change propagates through our entire system. After waiting of 1-2 hour try to send email again.
If you continue to receive Non-Delivery Receipts (NDRs), or "bounce messages," that indicate that the IP address is still blocked by our spam filtering system, please forward one of the most recent and complete error message to us and we will investigate further.
If the Office365 delist form states that your IP isn’t on the blacklist, please forward a recent error message to moc.t1734104669fosor1734104669cim.g1734104669nigas1734104669sem@t1734104669siled1734104669. Since we don’t have access to your server, we cannot do this for you.
In those rare cases where Microsoft still won’t delist the IP, please contact our support team by sending a request via your account. We don’t have any special contacts at Microsoft, and we can only fill out the delisting form as well. If that doesn’t work for us either, the only solution is to change the IP.
Microsoft Programs
For advanced users, it can be helpful to join two free programs that Microsoft offers for OLC (not Office365): the Smart Network Data Services (SNDS) and the Junk Email Reporting program (JMRP).
Neither the SNDS nor the JMRP allow you to delist your IP; they simply provide detailed information about the traffic on your sending IP, the sending IP reputation with Microsoft, and the user complaint rates.
As Microsoft says, there is no silver bullet to maintaining or improving good IP reputation, but these programs help you proactively manage your email eco-system to help ensure better deliverability to Microsoft users.
SNDS
This program allows you to monitor the “health” and reputation of your registered IPs by providing data about traffic such as mail volume and complaint rates seen originating from your IPs. This data is only provided for IPs which send more than 100 emails per day to Microsoft OLC accounts.
To register, please visit: https://sendersupport.olc.protection.outlook.com/snds/
You will need to request authorization for the IPs you would like access to. Microsoft uses a combination of WHOIS and rDNS to check who the owner of a particular IP is. In some cases, you will be able to send an email to your own domain to verify ownership.
JMRP
This is similar to a feedback loop (FBL), in that it will send you a copy of an email marked as “junk” by the recipient. However, to prevent listwashing, the JMRP will only send a copy of about 1 out of every 1000 emails marked as junk. This limits the usefulness of the JMRP, and means many senders get little to no complaints via JMRP, even though recipients are in fact marking their emails as junk.
You will first need to be authorized for the IP in the SNDS (see above) before you can create a feed for it in the JMRP.
To join, please visit: https://sendersupport.olc.protection.outlook.com/snds/JMRP.aspx
Please note that since we have access to all of our IPs in the SNDS, we can create, change and delete any JMRP feeds for our IPs. At this point in time we don’t have any feeds for IPs belonging to unmanaged servers.