Hello,
Context
We have been sending emails from an application using SES for several years without any issue.
A verified identity is used for sending the emails.
Problem
Starting from last week, a few emails are considered as SPAM by Outlook servers. This is a small proportion of the emails.
For example, it concerns at least two mails received yesterday at 15 h 25 and 15 h 26 UTC + 2.
When we look at the message's headers, this one seems interesting:
x-forefront-antispam-report:
CIP:54.240.3.11;CTRY:US;LANG:fr;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:a3-11.smtp-out.eu-west-1.amazonses.com;PTR:ErrorRetry;CAT:SPOOF;SFS:(13230016)(83170400001)(356005)(81166007)(6486002)(5660300002)(34206002)(1096003)(9316004)(71280400001)(28085005)(8676002)(4326008)(79850400001)(7696005)(63370400001)(6506007)(336012)(26005)(9686003)(36736006)(956004)(42882007);DIR:INB;
CAT:SPOOF
indicates that the mail is considered as spoofing.
This is due to PTR:ErrorRetry
which indicates the reverse DNS check is failing.
When I manually do this reverse DNS check (with dig -x 54.240.3.11
), it works.
Settings that could matter
SPF
SPF is active and seems working:
received-spf: Pass (protection.outlook.com: domain of eu-west-1.amazonses.com
designates 54.240.3.11 as permitted sender) receiver=protection.outlook.com;
client-ip=54.240.3.11; helo=a3-11.smtp-out.eu-west-1.amazonses.com; pr=C
DKIM
DKIM signature is also enabled and DKIM authentication passes (we have dkim=pass (signature was verified)
in the authentication-results
header.
SES events
In case that matters, we are tracking the "bounce", "complaint", "delivery delays" and "reject" events and there was no event for the impacted mails.
Questions
I think that the origin of the error can:
- an issue with the AWS DNS record at the time of the mail sending ;
- a network issue impacting the Outlook server ;
- ?
Have you already encountered this kind of issue ?
If so, were you able to solve it ?
If you need more details, do not hesitate.
Thank you for your help and have a nice Day.
Romain