Delivery to some Windows domains (i.e. outlook.com, live.jp, live.com) are rejected with 550 error

book

Article ID: 158195

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Email messages to outlook.com and/or live.jp, live.com domains are stuck in the Messaging Gateway (SMG) outbound queue and are not delivered. The sender receives a Delivery Status Notification (DSN) message from the SMG.

In the Delivery Status Notification returned to the sender: 

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can delete your own text from the attached returned message.

(SOME EMAIL ADDRESS): 550 SC-001 (COL0-MC4-F44) Unfortunately, messages from (SOME IP ADDRESS) weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors.

Cause

The Windows domain is rejecting messages from the SMG based on the recipient domain's policies, practices, and guidelines.

Resolution

The reason of rejection is usually found in the 550 SMTP response described at the end of the Delivery Status Notification (DSN). 

In the example above, you need to access http://mail.live.com/mail/troubleshooting.aspx#errors to find the SMTP error code corresponding to the DSN's (In the above example 550 SC-001). Examine their policies, practices, and guidelines carefully. Check if your SMG's/DNS's settings are compliant to their policies and modify the SMG/DNS settings as necessary.

For example, Windows live services might require the reverse DNS lookup capability for your outbound MTA, so you should try dig -x [your Outbound MTA's IP address] command to confirm that your IP address can be successfully resolved into the MTA's FQDN by your DNS server. If you have the TXT record with your DNS server for the SPF/Sender ID, you should also check if the Outbound MTA's IP address are within the permitted IP address range. You should also make sure that your Outbound MTA's IP address are NOT within the range of the dynamic IPs, looking up the IP address with http://www.spamhaus.org.