Need help!! How to mitigate Microsoft Blocks
Posted by scottrichardson@reddit | sysadmin | View on Reddit | 33 comments
Hi guys, I run a small-ish web studio and provide email services to clients.
Microsoft keeps blocking us. I don't know why.
It's been happening on and off once a month, but now, has been for 5 days straight.
My clients include many small businesses, local restaurants, trades etc. Currently emails from them to anyone at hotmail/outlook etc are bouncing.
My servers are EC2 running WHM/cPanel.
My assumption is it's possibly too many emails from a single IP in a fixed amount of time?
A couple of my clients are cinemas who send out a weekly newsletter via PhpMailer routed through said mail server.
I have gone through the steps to have our IP 'unblocked' but it says that we are not blocked.
The error: 550 5.7.1 Unfortunately, messages from [XX.XX.XX.XX] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3150).
At this stage I am going to start losing clients as they are genuinely getting angry that they cannot contact their own clients who use Microsoft.
Yes, our server is configured correctly. DNS, DMARC, SPF, DKIM, RDNS etc etc...
Any help is greatly appreciated!
jafo@reddit
Many of the replies here are correct, it sounds like you may have users who are not being responsible with their email, and that's hurting other customers. You need to be *ON TOP* of the email going through your server if you are going to run a mail server.
That said, I have a few ideas others haven't mentioned.
One: If you have Claude Code + Opus, download a days mail logs and ask it "Do you see anything in this mail log that looks like someone sending spam?" Or do you have some monitoring or other way of analyzing the mail logs?
Sending from an AWS IP is likely going to be problematic. The messages we send from AWS are either sent using SES, or a VPN to our data center and on to the public Internet from that static IP. SES is probably what you should be using to send from AWS, so you might want to see if you can get a dedicated IP from a hosting provider that doesn't show up on "virtual hosting" lists.
If you do indeed have RDNS, DMARC, DKIM, and SPF set up properly (I assume you do), the next thing you need to look at is the Microsoft postmaster tools, in particular SDNS, though you probably won't be able to set that up at AWS (to set it up an e-mail is sent to your WHOIS contact for the IP block, and AWS isn't going to ack that): https://sendersupport.olc.protection.outlook.com/snds/index
You probably need to set up a FBL and start monitoring it. This will help understand when your users mail is getting flagged as spam.
Check DNSBLs, maybe there are other reputation lookups you can do, like on an e-mail domain, I haven't looked at that.
Expect this all to take a while to resolve. You may need to move your users that are complaining off to another IP, but if they are sending mail that is getting flagged by users it may be that their domain already has a bad reputation.
The people saying you can't just run email like this anymore aren't wrong, but there is an asterisk: Unless you really stay on top of your users and dot all your is and cross all your ts.
Bona fides: I run an outgoing email server for around 6K users, and we don't really have a deliverability problem.
scottrichardson@reddit (OP)
Thank you! Appreciate the info. And yes, I have had AI agents analyse the logs and did identify a few things like bounces. Which I have fixed now. I’ve also moved the two cinemas off to MailGun today.
I do absolutely stay on top of our email. And I guess maybe I’d hoped that the two cinema websites and their custom built mailing software - also built by me, would be enough (throttled, chunked, rate limited etc). I guess not.
I actually do have a sysadmin who does monitor my setup and has also provided various tweaks. And for the most part has worked. But this last block that’s lasted longer is what has trigged me to come on here and get more advice. Maybe I need a new sysadmin?
For what it’s worth I feel like I’ve done damn well given I’ve set this whole thing up myself and run my business(es) successfully for 20+ years with a lot of happy clients. I provide a full spectrum of bespoke services and we do really well across them all, but this email stuff has certainly been a little thorn in my side. But I’m more than happy to acknowledge what I don’t know, I don’t know. I’m a small player, servicing a small town with small businesses. The need to be/do more on the email hosting side has not presented itself until recently.
scottrichardson@reddit (OP)
So, thank you all for the insight and responses. First thing I’m doing is plugging my two cinema clients into Mailgun API and delivering via that. I’ll have that finished shortly. That will remove ~ 4,000 emails a week.
Second I will add more IPs and have some clients moved over to unique IP’s.
In response to the “you should just use Microsoft, Gmail, or insert other big platform here” solution. I feel that’s a kick in the guts to people trying to provide bespoke solutions like what I do. Frankly my mail server is faster than Gmail or Microsoft. IMAP responsiveness is night and day. I speak to this from personal experience since I ran my own company email through Google for a couple of years and it was frustratingly slow in comparison to our own solutions.
So rather than throw my hands in the air and give all my business to other providers, I would much prefer to try fix my setup instead. If all else fails, then I’ll move on.
I appreciate all your knowledge and advice and I’m open to any suggestions and advice. Always grateful to learn.
itishowitisanditbad@reddit
Why are you going to lose customers then?
You're a mail provider struggling to even provide mail.
You shit talk other companies being slow when you're failing to even deliver and say things like
Have some humility.
I can't fathom someone shit talking other companies when they're literally doing worse.
aight. You do you.
scottrichardson@reddit (OP)
Look, I’m not trying to shit talk anything. I came here asking for some advice, under some moderate levels of stress trying to solve a problem. Yes, they are slower. And yes this is why my clients appreciate what we do. And for the vast majority of instances, we provide mail just fine thanks. However an intermittent issue has become a more pressing matter. Humility was coming here in the first place asking for some advice.
itishowitisanditbad@reddit
Its very humble to announce how you've already demonstrated humility by accepting help from people here.
Why are you worried about them leaving then?
Ok, so thats good enough and people wouldn't leave then?
You do then proceed to, again, shit talk without prompting.
No-Rock-1875@reddit
Sounds like Microsoft’s spam filters have flagged your IP because they see a lot of “unknown” or low‑quality traffic coming from it. First thing to do is pull the recent SMTP logs and look for patterns high bounce rates, many recipients that never open, or a spike in messages per minute can all trigger a block. Clean the address lists (remove hard bounces and obvious role‑accounts) and consider running them through a validator; I’ve found that a bulk clean before each campaign cuts complaints dramatically. Also throttle the outbound rate (e.g., 200 msgs/min per IP) and, if possible, give each high‑volume client its own dedicated IP or use a reputable ESP for newsletters. Finally, check the IP on public blocklists (mxtoolbox, etc.) and submit a delist request with Microsoft’s sender support, making sure your SPF/DKIM/DMARC alignment is solid.
scottrichardson@reddit (OP)
I did just that today. After I migrated the two accounts sending newsletters (cinemas) to Mailgun, I also went and analysed their bounces for hard bounces and removed offending recipients from their lists. Have requested another mitigation/delist.
No-Rock-1875@reddit
Sounds solid cleaning the hard bounces first usually drops the block rate fast. Just keep an eye on spam‑complaint metrics during the warm‑up; a sudden spike can re‑trigger the block even after the list is tidy.
disclosure5@reddit
None of this is going to matter with an IP address on a hosting company's ranges.
No-Rock-1875@reddit
Yeah, shared hosting blocks get flagged by Microsoft almost instantly. Moving to a dedicated IP and gradually warming it up usually makes a big difference.
saltyslugga@reddit
Your auth can be perfect and you'll still get blocked if the IP reputation is trash. This smells like reputation and traffic quality, not SPF/DKIM/DMARC.
Stop mixing client business mail and newsletter blasts on the same outbound IP. Rate limit hard, clean the mailing lists, process bounces/complaints, and don't let random web apps send bulk mail from the same server customers use for normal mail.
scottrichardson@reddit (OP)
Done. Just removed the bulk stuff to Mailgun. That removes about 4000 emails a week.
djDef80@reddit
Are you actually keeping up with your DMARC reports? You should take a deep dive at those if you haven't yet to see who is spamming with your domain.
scottrichardson@reddit (OP)
DMARC records all appear clean.
Physics_Prop@reddit
You are sending spam and you don't know it.
Valkeyere@reddit
I think he does know it or is being willfully ignorant of it.
jkdjeff@reddit
He knows and is being pretty smug about it.
scottrichardson@reddit (OP)
Wow guys all very judgemental. No - I don’t believe I am sending spam. Unless spam is our local cinemas’s newsletter which people actively subscribe to. Like I said. Regional town. I monitor outgoing email, I rate limit all accounts. All of my clients are small business used for B2B or B2C purposes.
Curious201@reddit
You already have the hard assets: land, water, some trees, and space. I wouldn’t start by buying bees or equipment.
Start by figuring out one small thing the land can already do with almost no new money. Clear a small area, see what grows well, talk to nearby restaurants/markets, and ask what they actually buy. Herbs, eggs, honey, camping spots, storage, firewood, olives, whatever fits your area. But don’t guess from Reddit and then spend money. Also don’t ignore the “ugly” income. Renting a piece of land for parking/storage, letting someone graze animals, or partnering with a local farmer might be boring, but boring cash beats a romantic farm idea that eats your savings.
Previous-Low4715@reddit
You need to use azure communication services instead of exchange online.
showbizusa25@reddit
Usually when Microsoft starts blocking like this, it’s reputation damage from bulk mail sharing the same IP as normal client traffic.
aguynamedbrand@reddit
Rather than trying to do it yourself and failing at it you need to hire a competent SysAdmin to do it for you.
scottrichardson@reddit (OP)
On the flip side of that argument, I’ve been running this business for 21 years and rather successfully. But as mentioned, times have changed. And this issue is only recent (8 months on and off).
I’ve done it all myself. And given my main skill is development and design, I believe I’ve done damn well considering.
jkdjeff@reddit
You do realize that you’re posting in a subreddit whose members spend an increasing amount of time trying to prevent spam like you’re enabling, right?
Valkeyere@reddit
Noone wants marketing emails. We work hard to get rid of them. Major players have finally started to do things that clamp down on this bullshit. Meanwhile my guys out here trying to enable junk emails that his clients want to send out but their own customers don't want, guaranteed.
aguynamedbrand@reddit
Development and design does not a sysadmin make. I have to wonder what else is not being don’t correctly or securely.
SengU87@reddit
CAN-SPAM Act. If you are sending emails not in compliance with the US law on commercial emails, your server will likely get blocked.
zelgor7@reddit
The simple answer is: it's not the early 2000s and email hosting in small scale is not possible.
Slightly more robust answer, There are lots of changes on how email host providers determine if emails are safe or not. Some of which are requiring certain DMARC/DKIM and other general DNS entries on Domains they are getting emails from. These changes have been more sophisticated in the recent years.
It's time to move those clients to a hosted email service that can handle all the changes needed for secure emailing in 2026.
Leather-Arachnid-417@reddit
ehhhhhh...I dont really agree with that. Yes, you have to be very mindful of the mail traversing the server, especially with multiple clients, but standing a VPS up with static addressing and postfix is very doable as long as , DMARC, RDNS, DKIM, SPF are straight. Slowly build your rep and you should be fine.
Now, if you stand one up and and start sending 3000 emails about Viagra, yeah, you are gonna get the door shut in your face. And no, you arent gonna run one on residential IP blocks either.
disclosure5@reddit
Realistically you just can't do this any more. This isn't a Microsoft block - the majority of major mail providers aren't going to be accepting emails from this sort of service any more.
thetokendistributer@reddit
Brother woke up one day and chose 2005
Mindestiny@reddit
Sounds like you know exactly why - a majority of the mail flowing through your self-hosted mailserver is spam/junk mail from small businesses doing direct marketing blasts.
Services like Mailchimp and Mailgun exist specifically to avoid that happening and manage IP reputation for marketing services. Mail filtering is working as expected - sending mail like you are should be blacklisted, your IP's reputation is rightfully trashed if you're self sending this stuff in 2026. Move these folks to proper hosted email solutions and proper marketing email platforms ASAP.