Best Practices, Industry Updates

Microsoft rejecting your mail? You may be suspected of email harvesting

www.volganet.ru [CC BY-SA 3.0 (http://creativecommons.org/licenses/by-sa/3.0) or GFDL 1.3 (www.gnu.org/licenses/fdl-1.3.html)], via Wikimedia Commons
via Wikimedia Commons
If you’ve been noticing your mail is rejected by Microsoft lately, it’s a good idea to take a look at the Smart Network Data Solutions (SNDS) dashboard. If you’re not aware, SNDS is Microsoft’s tool to show senders how their mail performs to recipients at MS domains. You can sign up for free (assuming you own your IP addresses); if you use an ESP, they’ll have SNDS set up for your sending IP and generally monitor it regularly.

If you do have SNDS access, you can check the IP Status¬†heading to see any blocks that are currently in place for the IPs you own. Over the past few weeks I’ve been seeing a lot of IP addresses listed there due to “E-mail address harvesting.”¬†After working with the Postmaster team, it seems the issue occurs when too many RCPT commands are sent without valid recipients. In other words, the sending server attempted to validate the existence of a lot more email addresses than they actually sent mail to. These blocks are most commonly associated with dictionary attacks, or sending to many usernames at the same domain (aaa@domain.com, aab@domain.com, aac@domain.com) with the purpose of finding good addresses. This tactic is often used by spammers who are – you guessed it – harvesting email addresses for their mailing list.

However, the instances I’ve seen have all been legitimate senders, sending mail to people who have signed up to receive it. In one case, a human error led to sending mail to a list of unsubscribed addresses, but the rest appear to simply be senders whose list hygiene needs improvement. In addition to dictionary attacks, these blocks seem to be triggered by high rates of invalid recipients. These recipients are counted in the number of RCPT commands but not in the total delivered. In one case, the difference between the two was only around 10% – certainly not ideal, but also not indicative of a spammer harvesting addresses.

When working with the Postmaster team, they’ve been very helpful in getting the blocks resolved once we explain the circumstances around the sends and how we’ve taken steps to prevent a recurrence, but these blocks have stopped all mail to Outlook.com users for days in some cases before they are removed. For a sender, this could mean a substantial loss of revenue while the block is in place…so what can you do?

Now more than ever, list hygiene is paramount. Be sure you aren’t sending to old or stale contact lists and target recipients with recent open or purchase activity. Keeping your bounce rates as low as possible will minimize the chances you run into one of these MS blocks.

Been flagged as a harvester yourself? Just having trouble getting delivered to Outlook? Let me know in the comments or via email!

– BG