Quite the Plusnet sub domain is a key difference.

The other key Plusnet difference being the two-tier use of the DNS configuration for email records.

Greenby must the thrilled at the prospect if inheriting this situation.

Phillip,

Can you amplify that please?

In rejected emails to Microsoft's destinations we see : Spf= Pass , Dkim= Fail , DMARC= Pass  

Always Dkim-Fail

My understanding from the response to one of my previous posts was,
only the SPF record is at the <customer>.plus.com level - we can see this in an nslookup of keyline.plus.com

My assumption was that suggested DKIM and DMARK are at .plus.com level

If this assumption is flawed, very happy to be enlightened.

This is very selective logic.

1) For other non - MS destinations we have no idea if DKIM is checked.

2) When sending via SMTP server of 123Reg and Gmail, Microsoft accept all the emails - i.e. their DKIM does not fail.

@PhilipHeyes, the reports I get for my domains show many different destinations successfully checking DKIM, so I'd be very surprised if didn't do the same for anything under the plus.com domain.  @MisterW has previously commented on seeing temperror messages from Microsoft on their dkim dns lookups., which I can also see.

Interestingly you don't get the same when the Microsoft service is paid for!

1) For other non - MS destinations we have no idea if DKIM is checked.

We do, I have evidence of correct DKIM signatures from my plusnet email to both my domains hosted by Mythic Beasts and to my office email ( hosted internally ). 

2) When sending via SMTP server of 123Reg and Gmail, Microsoft accept all the emails - i.e. their DKIM does not fail.

Not true, I'm afraid, Microsoft do report DKIM failures from other senders, however they are still accepted because they don't treat the senders as 'bulk senders'

---

@PhilipHeyes wrote:

Always Dkim-Fail

My assumption was that suggested DKIM and DMARK are at .plus.com level

If this assumption is flawed, very happy to be enlightened.

---

You observation is correct, but your presumption that this is the cause is flawed.

The DKIM alignment is permitted to be relaxed or strict.  Relaxed, as designated by Plusnet, permits *.plus.com to be treated as plus.com - which is the level of the DKIM signing.

If that were so fundamentally wrong, DKIM would be failing everywhere - based on the information available, it is only failing with Microsoft addressees.

---

@Townman wrote:

---

The DKIM alignment is permitted to be relaxed or strict.  Relaxed, as designated by Plusnet, permits *.plus.com to be treated as plus.com - which is the level of the DKIM signing.

---

Is there a cost associated with DKIM - eg could all PN sub-domains simply be added to the DKIM signing, or would this be horrendously expensive (?)

There may be other reasons why this would not be practicable, but thought might be worth asking.

.

The only presumption I am making is that all options even the unpalatable ones are being explored.

I have been watching this tortuous  thread for some time and I do not profess to understand the nuances of the technical details.  There are many references to the problem occurring when emails are addressed to multiple recipients of Microsoft domains. However my personal experience from an admittedly small number of emails is that;

-  emails addressed to only a single Microsoft address (eg Hotmail) are successfully delivered

-  if one or more extra recipient addresses are added the Microsoft address will bounce.  It makes no difference whether the additional  address(es) is/are supported by Microsoft  or any other email service provider (eg btinternet, Google) The failure symptom is the usual  “ Spf= Pass , Dkim= Fail , DMARC= Pass”

Is there something in the transmission chain of events that even the presence of a second recipient of whatever ilk causes Microsoft to think the message is from a bulk sender?

I’m afraid my software is hardly cutting edge – the PC runs on Windows 10 and my email client is Outlook 2010 and I am sending from an  xx@yy.plus.com account.

I’m not sure whether this adds to the sum of human knowledge on the subject and I apologise if this observation has been made somewhere else in the preceding 400 messages.

I assume Plusnet have been in contact with Microsoft and I am sure it would be interesting to many users to know their view.  The fault is a considerable irritant as I work on a committee, some of which have Hotmail addresses,  which makes copious use of the ‘Reply all’ facility to keep everybody in the loop.

I think it's rather more than an irritant, it's a fiasco. One of the most puzzling aspects is that when I send an email (via Outlook 365) to multiple MS-related addresses, I can't predict how many will be rejected (see #377).
However, it seems that you can get around it (i.e. no failures) by using webmail - tedious perhaps but better than having to send an email to each MS-related addressee individually.

@Silver-Codger 

Useful additional detail - thank you.

That correlates well with reports I’ve read elsewhere describing how the same email sent to various different Microsoft platforms get very different spam confidence level (SCL) indices?  They are not from Plusnet environments.

Similarly if I have understood correctly the reports made here, where there are failures, the non-delivery is not all of the Microsoft addressees but just some of them.  That again begs the question why does this fail for some recipients and not all of them?

Are you connected to the Plusnet network?