Hotmail Email Filtering and SPF

March 01, 2008

Changing email encoding solved many of my email sending woes, but hotmail was still refusing to accept my outgoing emails. In researching email acceptance, I found out that many people are having issues with hotmail silently refusing their emails. This has even resulted in a petition to remove Microsoft’s intense spam filtering system that blocks legit emails (including mine). That aside, I did some research to find someone with a solution.

I started my search at my web host, Media Temple , and found an article on hotmail and yahoo email spam flagging issues where they recommended using aSPFrecord. Next, I found someone who this solved his hotmail email sending issues with thisSPFrecord. ThisSPFmust be the magic bullet, I thought.


What is a SPF record you say? Before I get into that, I want to give you some information that was helpful for me to understand why my email was getting dropped by hotmail.


Introduction to DNS Records


DNS records play a huge role in the, “I’m not spam” game. Let me explain the basics.


When you register a domain you have to set your name servers in your domain control panel. This usually looks like: NS1.DOMAIN.COM and NS2.DOMAIN.COM. These records would give the company who owns DOMAIN.COM rights to your DNS records. Your DNS records control everything associated with your domain and can be changed via your domain control panel. In your control panel, you will find something called A or CNAME records. These records point to your web server. In my case, my control panel shows A records as: *.domain.com, and domain.com point to the IP address of my web server.



Look at A or CNAME records as your bread and butter records that tell you where your server and files are.

The other basic type of record is your MX records. The MX records point to your incoming mail server(s).



When you think of MX records, think of email.

Some registrars, like Yahoo, only allow you to edit these three basic types of DNS records: your name servers, MX records and A/CNAME records. This works in most cases (consumer and small business), but I found they will not allow you add any custom records to your DNS information such as TXT orSPF.


My original plan was to use Yahoo as my mail server, but they won’t let you set thisSPFrecord, so that means Yahoo (erhm Microsoft’s pet) just lost my business.


So what isSPF?


The Sender Policy Framework is used to tell mail servers that your outgoing mail as legit. As far as I can tell, it is the key to unlocking hotmail to receive your outgoing emails in the midst of the spam wars. To add thisSPFrecord, it is pretty straight forward. Your web host should know and be able to help you with this – my web host provides an article on setting up anSPFrecord .


Let me give you an example. I want to tell mail servers that it is okay if email originates from my dedicated web server, which has IP address 555.555.555.555. So, I would specify this by adding a record to my DNS of type TXT that looks like:


v=spf1 a mx ip4:555.555.555.555 ~all

“v=spf1” says that it is a Sender Policy Framework record. “a” and “mx” states that the records come from my original domain name. And finally the, “ip4:555.555.555.555” is what really matters – it states sending mail from the server with that IP address, 555.555.555.555 is acceptable.


You can generate your own record with the SPF Setup Wizard. You still have to know the basics of DNS though, which is why I explained them earlier.


In the end, make sure that the company you point your name servers to allows you to add a custom SPF/TXT record. It is worth the time to understand this if you plan on sending automated emails to a wide audience. You don’t want your users to ditch using your application because they are waiting for an email for 10 minutes with no response.

14 comments

#1. Booch on February 19, 2008

I’m left hanging! Did adding the SPF record to the DNS do the trick? Does Hotmail now accept and show email sent?
We ran into the same problem where all other email providers were accepting our email except for Hotmail. The only other workaround we found was to communicate to the user/customer to whitelist the email address we were sending from and that worked fine. Of course, this solution would be much better if it indeed does work.

#2. Marc on February 19, 2008

Sorry to leave you hanging. What I posted is an attempt at making sense of my research on the subject.

In my case, Yahoo doesn’t allow adding SPF records and I’m currently using them as my mail server. I’ll be switching over and adding the SPF record very soon. I follow up with you on how it goes.

Note that of all the hotmail issues that I’ve read about, it appears that adding the SPF record has always been the solution.

#3. Marc on February 26, 2008

UPDATE: Sending to hotmail now works! I also sent them a support request and they gave me further email advice.

#4. John G on April 13, 2008

Hi Marc,
I have been struggling with this issue for over two weeks now. Both Yahoo and Hotmail send my emails directly to spam while Gmail and AOL work fine. I run my own SMTP server and have setup both an SPF and PTR which seem to be valid and tech support from my ISP says my DNS and SPF/PTR are fine. Is there a trick I am missing? Do I need to remove or include something in my email Header or SPF? Your help would be greatly appreciated!

#5. Marc on April 14, 2008

Hotmail and Yahoo may blacklist any domains that are considered, “new”. So maybe if your SPF records are fine, you might need to somehow make them aware that you exist. Microsoft has a dedicated site to post masters: http://postmaster.msn.com/ you can email support from there and get them to acknowledge your existence. I hope that helps.

#6. John G on April 14, 2008

I am in the process of doing this … I will let your readers know the results. If anyone else has tips please post them. This is a common and frustrating problem for developers. Thanks.

#7. John G on May 07, 2008

Well I never could figure out a solution. So we decided to pay authsmtp for a remote SMTP relay and they seem to stay out of all the spam boxes. However for some reason just Yahoo seems to be very slow in receiving emails to the inbox… sometimes up to an hour long wait. Maybe my SPF needs tweaking? Anyway just wanted to update readers. And our site is now live… check it out at http://www.hellotree.com

#8. Marc on May 09, 2008

Sorry you couldn’t get things solved via sending mail from your own server. Remote SMTP is the next best thing.
Interesting website, I was thinking of doing something similar dealing with family trees.. but also having the ability to list peoples’ birthdays and special events that gets sent out to the entire family.

#9. Don Hammond on May 19, 2008

Marc:
My daughter has had a Hotmail account for many months, and suddenly I’m getting bouncebacks alleging that there are complaints about the IP address. I’m using Eudora 6.2, and my internet provider is Comcast. Strangely enough, she sent me an email using the Hotmail account, and when I replied she received it. When I initiate an email, I get the bouncebacks. If you have any suggestions aside from visiting the Microsoft postmaster site I’d of course be grateful.
thanks,
Don Hammond

#10. Rafael on December 08, 2008

Hello,

I sent every week a newsletter from more than one year and just yestarday the email don’t arrive to hotmail.

I already create the record (I use Mediatemple too) You know how many time I must wait to get it working again? this is not inmediate?

Thanks in advance

#11. Wes Barnes on March 12, 2009

Marc,

Thanks for sharing your experience! It helped resolve my issue.

I also use Media Temple to host my email. I have a friend who has a hotmail account. At some point earlier this week messages to that friend started bouncing back. It was from both Media Temple domains (I own two different web sites) that own. I went in and added the following…

“v=spf1 a:mydomain.com/20 ~all”

to my DNS zone, as stated in the in Media Temple’s instructions (http://kb.mediatemple.net/questions/658/HOWTO%3A+SPF+-+All+Purpose) and I was all set. Oddly, I have another friend that has a Hotmail account and I was able to send to them without issue but I suspect that could be server specific issue. Anyway, thanks again.

w

#12. Ismail on February 13, 2010

Hello Mark,

Thanks for this nice post. I have been managing several domains for about 4 years for my own business and due to deliverability issues, I had switched to another gmail address. However, as it seems skeptical for the people, I have decided to get back to my own domains and found this SPF thing 2 days ago. After some research, I could manage to run it. However, interestingly, after activating SPF record, I have started to receive spam messages from my accounts to my own account in one of my domains. That’s to say, in one domain, I have 3 mail accounts, and within a day, I started to receive around 30 to 40 spam mails with the same from and to addresses. More interestingly, in the details (in gmail) it says that mailed and signed by my own domain, miscomputer.net. What could be the reason you think ? Any help will be highly appreciated.

#13. Marc Grabanski on February 13, 2010

Ismail:
Email / domain policies is that black box of wierdness that I have only begun to explore in this article. I do not have the answers for your specific situation.

#14. mathieu on October 11, 2010

Ismail You have to define an IP in your SPF… If you just say my domain is …..com it’s not enought for the authentification.

Leave a comment

Comment in textile images by gravatar