I assume this is the type of issue we are facing :
https://dmarcian.com/microsoft-enforces-spf-dkim-dmarc/  

Regarding MS treating <anything>.plus.com as being from plus.com

Why are we being seen as the same sender ? 
E.g. do we all share a common .plus.com factor such as the same signature in our sent emails ?

Or perhaps, what differs from when we send emails via gmail.com a sender with a vast traffic level ?

Regarding sending via <company domain>.co.uk (123Reg) there are only 3 email accounts,
I have asked & no reports of rejections from MS emails.  But again the volumes per week are low.

I too am clutching at straws !

Regarding MS treating <anything>.plus.com as being from plus.com

Why are we being seen as the same sender ? 
E.g. do we all share a common .plus.com factor such as the same signature in our sent emails ?

Because MS are ignoring the fact that '<something@yourusername.plus.com> is a sub-domain of '.plus.com' - i.e. they just see the 'plus.com' and treat everyone as the same sender.

Why are we being seen as the same sender ?  

Now that's the $64000 question ?

Or perhaps, what differs from when we send emails via gmail.com a sender with a vast traffic level ?

Yet another very good question.

Regarding sending via <company domain>.co.uk (123Reg) there are only 3 email accounts,
I have asked & no reports of rejections from MS emails.  But again the volumes per week are low.

There won't be any outright rejections, since you are classed as a low volume sender and so providing SPF is valid , emails will be accepted, however there will likely be DKIM failures reported. To see if thats correct, you would need to look at the DMARC aggregate reports

To explain,

A DMARC record for a domain can provide an email address to which failure and aggregate reports of received email can be reported. In order to see the DKIM failures you need to examine those reports. Here is an extract of one such report from Microsoft to one of my domains. It contains one record fro each email received during the analysed period (usually by day) and as you can see Microsoft only received one email from my domain during the day

NB my actual domain name has been redacted for obvious reasons

---------------------------------------------------

Phillip,

[EDIT: Posts crossing - this took a deal of drafting]

One understands all the business needs you mention; what one is seeking to do is identify the key stumbling blocks which are giving rise to the issues you are encountering.  As you state, this has all worked fine for years, now it does not ... so what has changed?

Previously all *.plus.com emails were DKIM signed with a DMARC policy of "we do not direct what YOU should decide to do with a DKIM failure" in other words, we do not tell you how to run your email service.  In other words YOU the receiver apply your own policy.  These form two of the key measures for verifying the legitimacy of an email in an attempt to reduce spam.  That coupled with content inspection is a fairly robust approach.  Under that framework all has worked well since the days of the first round of bully-boy tactics from Gmail.

Recently Microsoft made a unilateral draconian decision that ALL sub-domains of a root domain are to be treated as a single source of email and where the volume of emails from that source exceeds 5,000 per day, the root domain will be designated a bulk sender and subject to the imposition of additional rules.  In short, Microsoft has started to tell the world how everyone else should run their email services.  Where a root domain is deemed a bulk sender, the following must be implemented...

1. SPF
2. DKIM
3. DMARC

In general the requirements have been either of 1 or 2 with 3 being optional, now all three are mandatory for a bulk sender.  Consequently emails sent to any Microsoft service were being bounced straight back to Plusnet sender.

Currently reluctantly accepting that *.plus.com is deemed a bulk sender, SPF was added to each *.plus.com sub-domain; there after emails have been delivered to Microsoft mailboxes, where the were not upon the change being implemented.

You then ruck up with this very interesting fringe case: can send emails to individual Hotmail and Live mailboxes absolutely  fine - SPF=PASS, DKIM=PASS, DMARC=PASS - but attempt to send one email to several of those same email addresses concurrently and it all falls apart - SPF=PASS, DKIM=FAIL, DMARC=PASS.

What is the key change?  Multiple addresses, visible to the receiving service.   Who knows what the receiving service will make of that, like everything else with Microsoft, it is guess work ... because if they gave the answers, such would be deemed helpful to the real villains to circumvent the anti-spam measures.

There are many reports of issues with hotmail email targets, one of which is potentially very interesting: where you have advised that sending to a single addressee succeeds but sending to several fail, is that EXACTLY the same email?

See Issues with mailing into Microsoft domains - Microsoft Q&A

We are facing the same problem: everything is OK, DKIM/SPF/DMARC but that same error comes when the subject line contains some iso8859-1 characters like this one :

Subject: Mise à jour

Hotmail and others break on the dkim validation because of it.

Subject lines with UTF-8 characters seem ok, quoted printable ok too.

You may try to simulate the error with another pure-ascii subject line to validate this.

Microsoft have not offered any answers...

Here's an interesting result from a search 'microsoft dkim temperror'

https://learn.microsoft.com/en-us/answers/questions/2278218/spf-dkim-failures-from-external-sender-t...

We're not the only organsiation with the problem and the last post there is particularly telling regarding any response from Microsoft... 

Thank you for the detailed explanations.

There are many reports of issues with hotmail email targets, one of which is potentially very interesting: where you have advised that sending to a single addressee succeeds but sending to several fail, is that EXACTLY the same email?

Not the same email, to my son I wrote a message explaining we are having issues with MS destinations and that this is a test to a single MS address.

To the groups of trustees, the message becomes whatever is dictated by the situation,
e.g, Shall we proceed to replace the dilapidated bathroom or kitchen etc ...

Subject lines with UTF-8

We don't use any special character sets, a subject might be :  Renovations of 7 Chapel Lane

We're not the only organsiation with the problem and the last post there is particularly telling regarding any response from Microsoft... 

It certainly is, @MisterW , and the feeble MS response to the OP suggests they haven't a clue either!

Can someone please advise on the following, please bear in mind that I am not a techy:

Given that MS sees all of our plusnet.com e-mails as a bulk send, can the SPF, DKIM and DMARC settings be implemented in a way to reflect our situation?

Why should Plusnet have to make changes to mitigate unilateral, non-standard actions by others?

Plusnet have already changed to have the SPF at the <account>.plus.com level.

We now have a situation where an email configuration / approach that perhaps was valid in the past is no longer functioning for multi destination emails to Microsoft,

The risk I fear is it may not be too long before other ISPs or all email platforms follow suit in an attempt to clamp down on scam and spam senders. 

If that happened the Plusnet soon to be Greenby email account would not be functional at all for us.

And yet Google allow their 'Googlgroups' users to use the platform to send masses of spam, and take months to close said groups.

It is perfectly legitimate for DKIM & DMARC to be at the parent i.e plus.com level provided 'relaxed' mode is set , see the section in RFC7489 here https://datatracker.ietf.org/doc/html/rfc7489#section-3.1.1. 

From what I can see from the headers, Plusnet do define DKIM & DMARC to be in 'relaxed' mode.

There is no option for 'relaxed' mode for SPF and therefore it has to be at the level of the actual sending domain i.e in our case the subdomain level.

Therefore, looking at MisterW's response above, where he describes SPF needing to be at subdomain level, is it a lost cause for us with the way Plusnet e-mail is set up?