In this day and age, it is pretty common for emails that come from a web application to get incorrectly flagged as junk/spam. In the battle against spam, many email providers have taken a shoot first ask questions later approach. I can’t say I blame them.

But totally rejecting email from a web application, that is originating from a server that is not on any spam blacklists, seems a bit excessive. This is what Hotmail was doing to us recently.

So what’s the solution?

From what I can tell, there isn’t a single solution that will work 100% of the time with Hotmail. If there was that would probably defeat the purpose of their Sender ID system. But I can tell you what we did to get unblocked.

Sender Policy Framework (aka SPF)

SPF is simply a TXT record in your domain which states which servers have the right to send email on behalf of the domain. We had used SPF records in the past for our domains, but we noticed that Hotmail still treated our email as spam. When we switched DNS servers recently as part of our server migration, I didn’t add in the SPF records because it didn’t seem to help much in the past. From what I can tell though, things are different in Hotmail-land now!

For gmail, everything was working fine, but by looking at the headers on the email coming from our application you could see the following:

1

Received-Spf: softfail (google.com: domain of transitioning do-not-reply@redzoneleagues.com does not designate 64.79.213.26 as permitted sender)

So google does look up the SPF record on the domain, but wasn’t blocking our email. Ideally though I want the Received-Spf to be a pass and not a softfail.

How do I make an SPF record?

First off, you will need to be able to edit your DNS entries for your domain. If you don’t know what a DNS is or how to edit it, then you’re going to have problems with this exercise.

Next you can go to Microsoft’s page for generating SPF records here. Answer the questions on the pages and at the end they will give you the string of text that you need to put into your domain. It will look something like: “v=spf1 a mx ~all” but will vary depending on your answers. Edit your domain and add a DNS record of type TXT with the string generated from the SPF tool. Consult your DNS administration documentation if you are unsure how to do this.

Once you are done that part, I recommend you use dig to validate your TXT records on your domain. For example:
dig example.com txt

How do I know it’s working?

To test this I just had my web application send me an email again to my gmail account. This time I got the following:

1

Received-Spf: pass (google.com: domain of do-not-reply@redzoneleagues.com designates 64.79.213.26 as permitted sender)

Sweet.

I did all this but Hotmail is still blocking me!

Hotmail doesn’t use SPF directly. Hotmail will do a SPF lookup on your domain and cache it. So even when you do get your SPF records all hooked up, don’t expect immediate results. They plug this data into their Sender ID system to figure out if they like you or not. They claim that SPF alone won’t allow or block you, but from what I can see it definitely can’t hurt. It could take half a day or so to get your record updated so you need to be a bit patient.

I did all this and waited patiently, but Hotmail is still blocking me!

This was all we needed to do in order to get our email to get past Hotmail’s blockers. Of course the email still goes into the junk folder, but at least our users can still read it. Having your users add your email to their address book or Hotmail “Safe-List” corrects that problem easy enough.

If you’re still getting blocked then you should verify that your server isn’t on any blacklists. Try this tool just to be sure that you are not on any lists. If you are, then good luck getting off it :(

Update – April 11th, 2007

One thing I forgot to mention…
You can also send an email from your domain to senderid@microsoft.com asking them to add your domain to their safe list. When I had first did this with my redzoneleagues.com email address it bounced right away with the following:

1
2
3
4
5

This is an automatically generated Delivery Status Notification
Delivery to the following recipient failed permanently:
senderid@microsoft.com
Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 12): 550 5.7.1 Your e-mail was rejected by an anti-spam content filter on gateway (205.248.106.32). Reasons for rejection may be: obscene language, graphics, or spam-like characteristics. Removing these may let the e-mail through the filter.

This of course was not good. I then emailed them with another email address and actually got a response back from Microsoft a couple of days later saying they added our domain. So perhaps this actually did help us after all. Give it a try if you’re still having problems getting through to hotmail.

Some other potentially helpful links:

• MSN Postmaster Support
• MSN Support Form

I hope this helps anybody who is fighting with Hotmail and getting through their blockers. If you have any more tips let us know!