For the past day or so, Nolasoft mail hosting customers have experienced issues with mail being sent to Hotmail bounced back. We wanted to take a moment to explain to our users what is going on, and what steps we are taking to resolve the issue.
First, Some Background:
Everyone who uses email knows spam is a major issue across the Internet, and it has been for some time. In an effort to reduce the effect of spam, all mail traffic from the Nolasoft mail server is typically routed out to the Internet through Postini (even if your account doesn’t have Postini filtering for inbound messages). The reason for this is two-fold:
- It provides automatic virus scanning on all outbound messages. In the event that a user’s computer has been compromised with a virus trying to send virus messages out using their account directly, this would filter those emails.
- Because Postini is a major email spam and virus protection service, messages sent through their servers are more likely to be seen as “trusted” by other mail hosts, and as a consequence are less likely to be seen as spam for false reasons.
Issues Between Postini and Hotmail
For the past few months, there have been intermittent issues between Postini and Hotmail, where Hotmail suddenly starts rejecting all email coming to them via Postini. When this happens, the sender typically gets a bounce message with something along the lines of:
Could not deliver message to the following recipient(s):
Reason: Remote host said: 550 SC-002 Mail rejected by Windows Live Hotmail for policy reasons. The mail server IP connecting to Windows Live Hotmail has exhibited namespace mining behavior. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help.
According to Postini, the reason this happens is due to how Microsoft Hotmail determines “namespace mining behavior.” Basically, when a spammer sends out email, they send using a fake or illegitimate email FROM address sending to thousands of potential email accounts. As many of the accounts that the spammer is trying to reach may not be valid or active email accounts, the messages start bouncing back to the FROM address that the spammer faked in the message.
So in this case, a spammer has used a fake @hotmail.com address as who the spam appears to be coming from, and they sent the spam to a number of accounts protected by Postini. This caused rejection messages to be sent back to Hotmail, and the Hotmail computers saw the flood of rejection messages and thought Postini itself was “namespace mining”.
Or, to break it down into something easier to digest, consider this scenario:
- A spammer sends out thousands of emails faking the from address as .
- One of these messages is sent to , resulting in a message being sent back to saying the message was undeliverable due to spam.
- But doesn’t really exist – remember, it was faked by the spammer. So Hotmail sees this as an attempt by @postiniblockedaddress.com as trying to search for available email addresses.
- So the Postini-Hotmail issues happens hundreds of times at once, as the spammer is sending thousands of emails out, and Hotmail blocks all mail from the mail server of postiniblockedaddress.com, which results in ALL mail sent out from Postini being rejected by Hotmail.
This has happened a handful of times in the past. Postini says they have tried talking to Microsoft about updating their system to stop viewing these events as namespace mining, but Hotmail is unwilling to change their programming so far. This means that each time this problem happens, Postini ends up contacting Microsoft, who manually fixes the problem with Hotmail.
Who Is Affected By This?
Users sending email to addresses hosted by Microsoft Hotmail, including users @hotmail.com, @live.com, @msn.com, and @q.com.
What Nolasoft Does When This Happens
When we get a report of messages being blocked to Hotmail for “namespace mining behavior”, we take a few steps to get our users back up and running as soon as possible:
- We temporarily disable sending outbound mail through Postini
- We report the issue along with relevant logs to Postini to be worked with Microsoft
- When we receive word back that the problem is resolved, we test and then re-enable sending outbound with Postini.
The reason we eventually go back to sending out through Postini is that we feel the benefits outweigh the risks. Thousands of emails flow out through our system daily, but only a small handful of emails very sporadically get blocked going to one system specifically – Hotmail.
What’s Going On Today?
Yesterday, we had the familiar Postini-Hotmail issue reported, so we took steps to stop routing through Postini temporarily, which in the past has always resolved the issue. Today, though, we started getting a second rejection from Hotmail when sending to them directly from our servers:
Could not deliver message to the following recipient(s):
Reason: Remote host said: 550 OU-002 Mail rejected by Windows Live Hotmail for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation problems. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help. Email/network admins, please visit http://postmaster.live.com for email delivery information and support
Here is Hotmail’s response to what that error means:
Mail rejected by Windows Live Hotmail for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation. If you are not an e-mail/network admin please contact your E-mail/Internet Service Provider for help.
Digging further, this issue can be caused by a handful of reasons:
- A user – any user – on the mail system might be sending emails marked as spam by several recipients. This could be due to a customer with a computer infected with malware or a virus. But given that only in error situations like the one between Postini and Hotmail do we even allow mail to flow outbound direct from our mail system, this seems unlikely, as there would not have been the opportunity for enough mail – much less enough spam – to flow through our system before the second error from Hotmail happened, as it occurred immediately after cut-over.
- The SPF record for the sending domain may be invalid. All domains hosted by Nolasoft have SPF records, and we have checked their validity with Microsoft.
So What Now?
We have sent a message to Microsoft asking them to help clear up the issue. This is one of those unfortunate issues that at this point is nearly 100% out of our hands. We will also continue to monitor our logs for traffic to Hotmail-hosted domains and work with both Microsoft and Postini to resolve any outstanding problems as soon as possible.
Update May 6, 2010 11:55AM:
Mail flow to Hotmail hosted addresses from the Nolasoft mail server appears to be working normally again. We await a response from Postini before sending outbound through their system.