# sendmail to hotmail fails



## deadeyes (Sep 24, 2016)

Hi all,

My goal was to send all mail for root to hotmail. So I modified the aliases file and ran newaliases.
Now my mail does get accepted by the hotmail MX (message queued for delivery) however it never goes to the hotmail mailbox (not in Junk/Spam, ... Nowhere).

After investigating a lot I found out for one address (user1@example.com) it works and gets delivered fine while for others (info@example.com, ...) it seems to fail. This might have to do with a filter at hotmail side which relates incoming mail to existing mail you have from that address (if I send from hotmail first to the info address and then reply it does get delivered). I verified with another target hotmail address as well and I see the same behavior.

I've tried a mailing list but the one responder only wanted to believe this is a DNS issue(which I in my humble opinion doubt as mail is delivered correctly in some cases and the mx accepts my mail).

I've tried different things trying to get my mails delivered:
- Verified MX record for example.com: mail.example.com
- Verified A record for mail.example.com: 1.2.3.4
- Verified PTR record for 1.2.3.4: mail.example.com
- Verified SPF record: has the correct IP
- Checked blacklists: not listed
- Subscribed to Hotmail SNDS and JMRP: to see if it's marked as junk and to see what I can improve, however no listings there.
- /etc/mail/local-host-names holds all the domains it's responsible for: example.com and mail.example.com
- checked "Sender score": ok
- Used mxtoolbox to check my mail config
- Used dnsstuff.com/tools to verify mail config
- Used mail-tester.com to verify mail config

I do get a 9/10 on mail-tester.com with following remarks:
Your message is not signed with DKIM
You do not have a DMARC record
There is no html version of your message.
Your message does not contain a List-Unsubscribe header

These don't seem very valid to me. Configuring DKIM and DMARC for just this one mail service that's behaving oddly?! Only a few messages are sent to hotmail each day. And none of these are for publicity but for contact with customers. Also the content does not have "call-to-action"s.

Now I'd like to know if any of the below might be wrong or suboptimal:

Is this nodename correct or should it be mail(reference: http://www.diablotin.com/librairie/networking/tcpip/ch10_07.htm)? What about the listed UUCP addresses? Does this matter? I've used NOUUCP in my config as I believe there's no need to have this. The canonical name looks correct to me.
`sendmail -bt -d0.4`
This gives 

```
[NOPARSE]
Canonical name: mail.example.com
 UUCP nodename: mail.example.com
        a.k.a.: mail.example.com
        a.k.a.: [1.2.3.4]
        a.k.a.: [IPv6:fe80:0:0:0:21a:4aff:aaaa:aaaa]
        a.k.a.: [IPv6:2a02:2770:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa]
        a.k.a.: example.cloud.otherdomain.com
        a.k.a.: mail
        a.k.a.: [IPv6:0:0:0:0:0:0:0:1]
        a.k.a.: [IPv6:fe80:0:0:0:0:0:0:1]
        a.k.a.: [127.0.0.1]
        a.k.a.: localhost.localdomain

============ SYSTEM IDENTITY (after readcf) ============
      (short domain name) $w = mail
  (canonical domain name) $j = mail.example.com
         (subdomain name) $m = example.com
              (node name) $k = mail.example.com
========================================================[/NOPARSE]
```

Should hostname return the fqdn (configured in /etc/rc.conf)?
Running:

```
hostname
```
mail.example.com


```
[root@mail /etc/mail]# sendmail  -d61.10
sm_gethostbyname(mail.example.com, 28)... failure
failure
sm_gethostbyname(mail.example.com, 2)... mail
Recipient names must be specified
```

Are there any other DNS related things I can test? Or can somebody assure me what I've tested DNS-wise is enough?

I could just forward my root mail to a non-hotmail mailbox. However my main concern here is that when users are using the squirrelmail their messages don't/might not get delivered (they mainly use their ISP SMTP though; squirrelmail is more of a fallback option).

Thanks a ton for your time reading and in advance for any useful replies.


----------



## gkontos (Sep 24, 2016)

deadeyes said:


> I do get a 9/10 on mail-tester.com with following remarks:
> Your message is not signed with DKIM
> You do not have a DMARC record
> There is no html version of your message.
> Your message does not contain a List-Unsubscribe header



This means that your emails are being treated as "newsletters".

Regarding hotmail, it is a very unreliable service. I would suggest to use a different relay.


----------



## drhowarddrfine (Sep 24, 2016)

Outlook and Yahoo do the same thing. When I go to hotmail, it redirects to outlook so I'm surprised you are able to do that. gkontos is correct, many large email services might throw small emailers like us in the spam pile. That's why so many sites you correspond with may state that you should check your spam folder for replies.

The email service I provide my clients "works" but is a hodge-podge of things I've forgotten how they work. (They don't use it for newsletters and such.) Coincidentally, I started looking into this myself just a couple of days ago.


----------



## Snurg (Sep 24, 2016)

In addition to what gkontos and drhowardrfine wrote, I observed similar behavior with Gmail and Yandex.
Dubious addresses you never wrote/replied to are considered as spam.



deadeyes said:


> if I send from hotmail first to the info address and then reply it does get delivered.


Just consider this as a mandatory preparative whitelisting operation and you'll be fine.


----------



## usdmatt (Sep 24, 2016)

As long as the forward and reverse DNS are correct, that should be all you really need to send email out. It doesn't really matter what the hostname is, as long as the forward DNS exists and points to the right IP, and the reverse DNS for the IP address matches. The diagnostics on mxtoolbox.com are good enough to check that. The rest are just aids to try and add more legitimacy to your messages. Mailers should only really block or put your emails in spam if they're sure, unfortunately that isn't the case these days.

I would set up DKIM if possible as it will only help give your messages appear more genuine. I can't see why a List-Unsubscribe header should matter for emails that aren't related to a mailing list. Same with html, a spam filter that gives higher spam scores to text only emails would be a bit idiotic as most spam I've seen is html, and text+html is just as easy as text only to generate.

Unfortunately running email is starting to become a bit of nightmare these days. More and more people are moving to services run by or backed by gmail.com/outlook.com or another global provider. A good portion (probably at least 20%) of the domains we run DNS for are using these two for email now, and both these services (and most other large email providers) seem to be extremely aggressive against anything they think could be spam, regardless of content (unless it comes from another big provider). Email seems to be becoming less the open, simple mail transport protocol that made it so prevalent and more "you're ok as long as you're sending through a big, well-known email provider".

We only send a relatively small amount of email but emails from -myisp-.com regularly end up in the gmail spam box with a "a lot of emails from -myisp-.com are spam" message. As far as I can tell from our logs they don't get any spam from us. Outlook.com are even worse, we regularly gets customers swearing blind they can't find emails we've sent at all, even though our logs confirm delivery to their servers. We have correctly configured servers & DNS, DKIM signing, SPF&DMARC records, a good senderscore rating, none of it seems to make that much difference if you're a small unknown sender.

The best you can really do is look at what your logs are telling you. If you don't have a smart host set up, then when you email a gmail/hotmail address through your mail server, it should connect directly to a gmail/hotmail server and deliver the message. The logs will clearly show that the message was accepted or refused. If it's refused you'll see a message. Unless you've got huge spam problems (like you're an open relay or have a spam-sending virus) you'll hopefully find they are accepted. In that case, they have your email and it should either be in the inbox or junk. Unfortunately you can't do a lot if it's in junk other than ask people to whitelist you. All the DKIM/DMARC/etc stuff helps but isn't a guarantee.

If a remote server says it has accepted the email, but the recipient can't find it, that shouldn't happen, and really it's a problem with the recipient's mail service as they should either accept the message and give it to the user, or refuse/bounce it (unless they are absolutely certain it's spam). If we block an email due to spam, I will happily trace the logs and tell our customer what happened, then fix if necessary. Unfortunately you won't get far with the big provider's support if your emails disappear or go into spam, and you'll probably find that the attitude you get from customers is that the recipient ISP are the big power houses of the Internet and it must be your system that has a problem.


----------



## deadeyes (Oct 29, 2016)

I forgot to reply to this.

Thanks for your feedback. It gives me more confidence that my setup is correct and that it's more the content that makes a difference.

I have to say changing from text only to HTML mail did get the mail delivered (even if it was or was not in the spam folder).

I got feedback from hotmail: not real quality feedback but from what they said it was blocked by their antispam and they gave some improvement actions.
It was a list of things that I already had in place except DMARC/DKIM and an Unsubscribe button (while it's most certainly not a newsletter).

My workaround is to not use hotmail for this anymore and sending to another mailbox from my own domain. Apart from that I'm moving away from hotmail and webmail in general.

Thanks and have a good weekend!


----------



## drhowarddrfine (Oct 29, 2016)

Just to note, my problems noted earlier went away when I added SPF and DMARC. There may have been a reverse DNS issue, too, but I'm not sure of that but rDNS is working.


----------



## gkontos (Oct 29, 2016)

drhowarddrfine said:


> Just to note, my problems noted earlier went away when I added SPF and DMARC. There may have been a reverse DNS issue, too, but I'm not sure of that but rDNS is working.


DMARC also needs a valid DKIM. Keep than in mind.


----------

