Yes, but not my call (long story), only mentioned to illustrate that the Microsoft practice is wide spread not just the likes of Plusnet.

Oh well. MS possibly have reasons for their actions with regard to AWS stuff. Trying to get the reason "why" could be like getting blood from a stone.

---

@grumble wrote:

Have you ever considered moving your churches stuff off AWS hosting?

---

To where - Microsoft - as they appear to want everyone to do?

Twice we have seen SMTP server 212.159.14.19 be blocked by talktalk.net

Could this mean I have to go through the SPF lists to try & an SMTP server's IP that is not blocked / does get accepted ?

The talktalk.net rejection messages both look like this :


Reporting-MTA: dns; avasout-peh-003 [212.159.14.19]
Received-From-MTA: dns; [192.168.0.16] [86.30.96.254]
Arrival-Date: Thu, 14 Aug 2025 16:37:30 +0100


Final-recipient: rfc822; xxxxxxxx@talktalk.net
Diagnostic-Code: smtp; 550 5.7.1 Connection refused - [212.159.14.19] blocked by Validity - https://senderscore.org/blocklist-lookup/ - OXSEU001_102 - https://postmaster-oxseu.vadesecure.com/inbound_error_codes/#_102

Last-attempt-Date: Thu, 14 Aug 2025 16:37:30 +0100

As only TT seem to be    blocking that server IP for 'sending spam', personally I would be wondering if senderscore or vadesecure were entirely trustworthy. AIUI, the outgoing PN  mailservers have filtering enabled.

---

@Townman wrote:

@stuck 

A big assumption based on what knowledge?  Agreed something somewhere needs rectified but what gives you confidence that is in Plusnet’s space?

---

It's based on the fact that setting the encoding is not an option within my email client (Outlook 2016), it's a server setting, and the servers are within Plusnet's space.

PS sorry for the slow response, I've been away for a couple of days.

Do you have a reference advising it’s a server side setting?

See https://www.howtogeek.com/403137/how-to-change-the-character-encoding-in-outlook/

I believe Content-Transfer-Encoding is not the same as Character Encoding.

See the details here:

https://www.w3.org/Protocols/rfc1341/5_Content-Transfer-Encoding.html

Personal opinon : Email companies are completely over doing the systems security. Large Companies can sort out their own email problems. Small Companies with the help of support Companies can sort out their own email problems. Home users just need help to identify genuine emails.

@Champnet 

Or to say that differently, just mark those suspected as spam [Spam] and leave the user to decide how to act.

Anti Virus measures are though a different issue - they must be quarantined.  Thinking about which, if the bully boys want to get tough then quarantine the suspected to be spam message and send a quarantined notification to the addressee.

Given there are other (better?) solutions one has to consider is this is just a matter of being difficult.

The last remarks from Plusnet were on the 15/02/2025 when the multi destination failures involving Microsoft's family of outlook, live, hotmail msn etc were acknowledged.

Since then this thread has extended on a daily basis with various views exchanged, but no progress.
For some this may a novelty topic, for others, like us,  it remains a considerable nuance with no end in sight.

Looking back over our rejection headers I see repetition of responses with X-CM-Score` and `X-CNFS-Analysis`,
not knowing the meaning of any of the headers I had not spotted the recurrence of sm=1

I used Gemini AI to give me a clue what this might mean ( words in bold below are as is from response ) :

The email headers you provided, specifically X-CM-Score and X-CNFS-Analysis, are not standard headers defined by RFCs. Instead, they are proprietary headers added by a third-party anti-spam engine, specifically Cloudmark Authority.

Here's a breakdown of what these headers mean and why the email was likely rejected:

• X-CM-Score: 0.00

• This header is a spam score assigned by Cloudmark Authority.
• The score is typically a numerical value, where a lower score indicates a higher likelihood of the message being legitimate ("ham").
• A score of 0.00 means the email was considered to be "good mail" and not spam by the Cloudmark engine itself.

• X-CNFS-Analysis: v=2.4 cv=FYuUx4+6 c=1 sm=1 tr=0 ts=68add125 a=...

• This is the core analysis header from Cloudmark. It's a verbose breakdown of the tests the email went through.
• v=2.4: The version of the Cloudmark engine used.
• cv=FYuUx4+6: A unique identifier for the analysis.
• c=1: This likely means the email was classified as "Clean" by Cloudmark's content analysis.
• sm=1: This likely means the email was classified as "Spam" by Cloudmark's sender-based analysis. This is the critical part. Cloudmark has a unique fingerprinting system that can identify messages from known spam-sending sources. Even if the content of a single message looks fine, if the sender's pattern (e.g., domain, IP address, message format) matches a known spam campaign, it will be flagged.
• tr=0: This likely indicates the message did not trigger any "Tarpit" rules, which are used to delay known spammers.
• ts=68add125: The timestamp of the analysis.
• a=...: The rest of the string is a series of codes and hashes. These are internal Cloudmark "fingerprints" of the email's content and characteristics. They are used for a variety of tests, and while they can't be decoded without Cloudmark's proprietary tools, the presence of these numerous "a=" codes indicates that the engine performed a detailed analysis.

Conclusion: Why the email was rejected

The most likely reason for the rejection is the combination of the X-CM-Score: 0.00 and sm=1 in the X-CNFS-Analysis header. This suggests a conflict in the spam analysis:

• The content of the email itself (X-CM-Score) was rated as non-spam (a score of 0.00 is good).
• However, the sender, the sending IP address, or a characteristic of the email's format was identified by Cloudmark's unique sender reputation system (sm=1) as belonging to a known spam source.

Microsoft, particularly for its Hotmail and Outlook services, has used Cloudmark Authority for spam filtering for many years. When an email is rejected by Microsoft, it's not just because of a single failed check. It's a combination of factors, and in this case, the negative sender reputation assigned by Cloudmark's engine likely overrode the clean content score, leading to the rejection.

To resolve this, the sender should:

1. Check their IP address and domain reputation on major blacklists (e.g., Spamhaus, MXToolbox).
2. Ensure their email authentication is perfect (SPF, DKIM, and DMARC are all correctly configured and passing). A DKIM fail, in particular, would make the message much more likely to be identified by Cloudmark as a spoof or a forged message from a high-volume spammer.
3. If they are a high-volume sender, they should sign up for Microsoft's Smart Network Data Service (SNDS) to monitor their reputation and check for any potential issues.

An email sent to just 1 MSN destination this morning has not been delivered,
the given reason differs from before but it is quite explicit :


Reporting-MTA: dns; avasout-peh-004 [212.159.14.20]
Received-From-MTA: dns; Clarelaptop [86.30.96.254]
Arrival-Date: Tue, 02 Sep 2025 09:05:43 +0100


Final-recipient: rfc822; xxxxxxxx@msn.com
Diagnostic-Code: smtp; 550 5.7.1 Unfortunately, messages from [212.159.14.20] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3150). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [Name=Protocol Filter Agent][AGT=PFA][MxId=11BBCEF0ABC34784] [AMS0EPF00000198.eurprd05.prod.outlook.com 2025-09-02T08:05:43.444Z 08DDE77859667370]

Last-attempt-Date: Tue, 02 Sep 2025 09:05:43 +0100


X-CM-Score: 0.00

X-CNFS-Analysis: v=2.4 cv=ZqhOKM7G c=1 sm=1 tr=0 ts=68b6a557
 a=jv2iGZvUMF79a2FuGYYI7Q==:117 a=jv2iGZvUMF79a2FuGYYI7Q==:17
 a=DAwyPP_o2Byb1YXLmDAA:9 a=pGLkceISAAAA:8 a=EBOSESyhAAAA:8
 a=v4VQgZWKpguHUptlstwA:9 a=QEXdDO2ut3YA:10 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8
 a=Rw1BrFYWzHep8Uh0ZbQA:9 a=qDgWjBND2TR6aD0r:21 a=gKO2Hq4RSVkA:10
 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10 a=frz4AuCg-hUA:10
 a=bRR0wkrmzp2pBsSsbEoA:9 a=n3BslyFRqc0A:10 a=x9I3668ZiE8A:10
 a=rls1ZAiwvL0A:10 a=yJM6EZoI5SlJf8ks9Ge_:22



: