> Currently there are issues sending mail to outlook, gmail, hotmail, and yahoo (they use outdated nospam-block lists and do not help us in finding a solution. Please find a more serious mail provider.
... very curious to know what this sysop considers a "serious mail provider."
A serious mail provider would not block legitimate incoming email with massive amounts of collateral false positives.
A serious mail provider would care about ensuring that this does not happen and handle enquiries sent to the RFC-mandated address postmaster@ and respond promptly to such enquiries.
I send mail from Digital Ocean. I can tell you that neither Apple nor Microsoft give two hoots about any of those if you are on their ASN blocklist.
I send lots of email that is verified with SPF and DKIM to them via relays. But any messages sent directly from "untrustworthy" IP ranges are just blocked with a generic message.
This is in contrast to GMail which rightfully treated my first messages as suspicious. But once a handful of users pressed "not spam" they don't care about what IP it comes from anymore as the domain reputation has taken precedence.
Not only that. I used to run an email server and despite the fact that I had all of that one day outlook decided to consider my IP address (on AWS EC2) as spam and thus reject emails.
To this day is too much effort running your email service. I moved to an account to Infomaniak that works good and I don't dove all my data to Microsoft or Google.
Given that this sysop thinks that these email providers still use IP-based block lists, it gives me the impression that this person has been out of the email game for a long, long time.
As others have mentioned, the domain also does not use SPF, DMARC or PTR address. So it'll also be unlikely that they sign their outbound email with DKIM.
Microsoft absolutely does use strict ASN-based blocking.
> permanent error (550): 5.7.1 Unfortunately, messages from [{REDACTED IP}] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors.
The other providers don't seem to be as picky. (At least I haven't seen major issues sending from Digital Ocean which is an ASN with a bad reputation.) It seems that once they had experience with my domain (with SPF + DKIM) they judge messages primarily using domain reputation not IP reputation.
Those are temporary/ephemeral IP restrictions. They typically last for a few minutes. That's not the same as the static 'outdated' IP block lists that the OP is referring to.
Simply said: if block lists were permanent, we'd be blocking the entire IPv4 space by now. And also, spammers would have almost free reign when using IPv6, since you can get blocks of millions of addresses for free. Large email providers know this, they have been battling spam for decades now.
When enabling DMARC the IP address more or less becomes irrelevant. If the email is not DMARC aligned the email won't be accepted anyway (I'm assuming a 'reject' DMARC policy here) and if the email is DMARC aligned, the domain reputation, rather than IP reputation will be used.
When working with DMARC aligned domains, most email service providers will rely solely on content based spam detection, and how often people flag the email as spam to determine the domain's reputation.
Of course I am generalizing here. What I wrote here is true for most large email service providers, but each have their own implementation. And of course there will always be self-hosted/on-premise solutions that keep using static block lists (for example: Spamhaus).
These aren't temporary. Every message I have sent for years has got the same block message. Sure, they aren't necessarily outdated but they aren't lasting for a few minutes.
> When working with DMARC aligned domains, most email service providers will rely solely on content based spam detection
This seems to be true for most major providers. But my experience shows that Microsoft and Apple don't do this. They still apply strict broad IP-based blocking. Sending messages from the same domain via a relay such as AWS SES is perfectly fine. But if the sender IP is in Digital Ocean ASN it is dropped right away. The domain is p=reject
I worked with a guy who would take every piece of spam we got, dig into the mail headers, and then add the source IP to a custom blacklist on our mail server. It took a few hours to figure out why we weren't getting email from a customer and that's how I found the list.
He had manually added over 20,000 IP addresses to the list.
Let's talk about Microsoft as serious mail provider:
I self-host my mail server for <10 years. My server is in 0 blocklists. DKIM / DMARC / SPF implemented since ages. The company I work for, hosts their emails on 0365, I have been sending emails from one account to the other with no problem.
Recently I got an email from an outlook.com account. I am in the contacts list of the sender. I tried to respond, my email was rejected. The email auto-response from MS contained links with "things you should do in order to make mails from your server acceptable by MS". I have everything done already since ages. Nothing missing.
I googled on how to "appeal". I find a hell lot of people complaining in MS forums about it, no obvious solution.
Eventually I find a portal from MS to do exactly that: Appeal. I tried to use the portal but I got an error "event service error" - or something similar. Portal not working.
I say "what the heck - I ll try later". I do try later, same outcome. Several times. For days. I google the error, I find several threads on redit since years complaining that the portal doesn't work giving this exact error. Since years.
I keep trying nevertheless to respond to the email and go through the portal again for days. Nothing.
I try the following: I signup for azure, it asks me for an email address, I say I have none and guides me to sign up to outlook. Outlook asks me for a backup email address, I provide my email address from the blocked server.
I then try to respond again to the original email that outlook has been rejecting - WORKS.
Summary again: MS blocks email my mail server for not fulfilling requirements that it actually fulfills. MS portal to object, doesn't work since years. I create an outlook email and set self-hosted mail address as "backup" - my server gets unblocked.
Fun fact: I received "on-boarding" emails from MS Azure to my new MS Outlook account. MS Outlook classified them as "Junk".
Actually, that's precisely expected from Microsoft. The impossibility of communicating with any humans who've ever been in the same room as a clue about how to fix these things assures this.
I’ve seen my fair share of email delivery issues, but all being this globally shit-canned says to me is “we’re operating in some very-abused IP space and operators aren’t lining up to let us in”.
This is all assuming that the mail is otherwise ticking all the boxes. One too many times I’ve seen someone get on their HN soapbox because their $5 DigitalOcean mail server keeps getting shit-canned, only to find after some polite prodding that they just flat-out weren’t aware of the modern-day complexities of sending email.
Not to say that this is what’s happening here, of course.
I got the impression this refers to the services geared toward the general public. I wonder if the providers have more stringent requirements for consumer email than for business email. I imagine the latter would be more likely to fuss about false positives, particularly when dealing with vendors or customers.
Probably one that's not free and ad-supported. Circa 2000, Hotmail and Yahoo were looked down on. Gmail avoided this by providing more storage than most ISPs offered and being invite-only.
... very curious to know what this sysop considers a "serious mail provider."