[SES] Emails considered as SPAM by Outlook servers because reverse DNS checks fail

Hello,

Context

We have been sending emails from an application using SES for several years without any issue.

A verified identity is used for sending the emails.

Problem

Starting from last week, a few emails are considered as SPAM by Outlook servers. This is a small proportion of the emails.

For example, it concerns at least two mails received yesterday at 15 h 25 and 15 h 26 UTC + 2.

When we look at the message's headers, this one seems interesting:

x-forefront-antispam-report: CIP:54.240.3.11;CTRY:US;LANG:fr;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:a3-11.smtp-out.eu-west-1.amazonses.com;PTR:ErrorRetry;CAT:SPOOF;SFS:(13230016)(83170400001)(356005)(81166007)(6486002)(5660300002)(34206002)(1096003)(9316004)(71280400001)(28085005)(8676002)(4326008)(79850400001)(7696005)(63370400001)(6506007)(336012)(26005)(9686003)(36736006)(956004)(42882007);DIR:INB;

CAT:SPOOF indicates that the mail is considered as spoofing. This is due to PTR:ErrorRetry which indicates the reverse DNS check is failing.

When I manually do this reverse DNS check (with dig -x 54.240.3.11), it works.

Settings that could matter

SPF

SPF is active and seems working:

received-spf: Pass (protection.outlook.com: domain of eu-west-1.amazonses.com designates 54.240.3.11 as permitted sender) receiver=protection.outlook.com; client-ip=54.240.3.11; helo=a3-11.smtp-out.eu-west-1.amazonses.com; pr=C

DKIM

DKIM signature is also enabled and DKIM authentication passes (we have dkim=pass (signature was verified) in the authentication-results header.

SES events

In case that matters, we are tracking the "bounce", "complaint", "delivery delays" and "reject" events and there was no event for the impacted mails.

Questions

I think that the origin of the error can:

an issue with the AWS DNS record at the time of the mail sending ;
a network issue impacting the Outlook server ;
?

Have you already encountered this kind of issue ? If so, were you able to solve it ?

If you need more details, do not hesitate. Thank you for your help and have a nice Day. Romain

Topics

Front-End Web & Mobile Business Applications

Relevant content

[SES] Sending emails marked as spam
Ofir
asked 9 months ago
SES Verified Sender Emails marked as Spam
Accepted Answer
AWS-User-0094143
asked 7 years ago
SES is not sending Email to outlook and Ymail
AWS-User-8336682
asked 2 years ago
Amazon pinpoint emails (with using SES service) have been recognised as spam email in Microsoft 365 email account
jimmysyw
asked a year ago
Why are emails failing to deliver when I send Amazon SES emails using the SendTemplatedEmail operation?
AWS OFFICIALUpdated a year ago
Why are the emails that I send using Amazon SES getting marked as spam?
AWS OFFICIALUpdated 2 years ago
Why are the emails that I send using Amazon SES failing with the error message "Email rejected per DMARC policy"?
AWS OFFICIALUpdated 2 years ago
Why aren't my emails sent using Amazon SES reaching their destination?
AWS OFFICIALUpdated a year ago
Using AWS Private Link for application integration
EXPERT
Tedy_T
published 2 years ago
How do I find the SMTP clients using deprecated TLS versions?
EXPERT
Jonathan_D
published 6 months ago