I now found a thread on the S3150 error code on the Microsoft Q&A forums that suggests that this block is applied per ASN, not per IP address, but there is a form Plus.net could fill out to get the server unblocked again. Likely it'll be blocked again given the levels of aggressive blocking MS is applying here.

I may have to find a different SMTP forwarding service I guess.

That thread makes interesting reading.  Two observations

There doesn't seem to be much help from Plusnet.  But why would they, they want rid of email.  That has already forced me to get my own domain and start to move away.  That will make it easy to change ISP frequently.  BT already killed Plusnet mobile forcing me onto EE which then hiked the price and I moved away.  I expected BT to kill Plusnet broadband as well.  Odd that they haven't yet.  I have only ever been with Plusnet.  They have stayed just competitive enough and technical support has always been excellent when needed.

Microsoft don't seem to be much help and it's not a problem unique to Plusnet from that Thread.  I've discovered I can't send emails to a btinternet address as well and that's related to microsoft as well.  I've heard a suggestion that it would be a way of microsoft forcing people onto their email.  Seems to me it could also be a way of forcing people to leave if multiple businesses can't reach you!

Frustrating isn't it!

Phil

What is the explicit issue sending to BTinternet - it’s being discussed elsewhere around here.

I had an email not arrive to a btinternet email address and wondered if it could be a similar issue to plusnet and the hotmail address I couldn't contact.  A bit of googling (not much I admit and ignored AI) suggested microsoft were somehow involved in bt email as well.

Some of the attempts to email my hotmail contact did not get mail delivery responses.  The btinternet one I only tried once and didn't get any delivery failure but no delivery.  Just resorted to text!

Sorry, I don't really have concrete evidence about bt email but thought my comment might get some confirmatory comments (or not).

There are reports of BTinternet emails being delivered successfully to the addressee’s spam folder.

Thanks,  I'll check with the recipient.

Only Plusnet can fix this;

In Short:

To configure DKIM, DMARC, and SPF, one needs to modify DNS records. Since only the domain owner has control over the DNS settings for their domain, only they (or those they authorise) can configure these protocols.

DKIM, DMARC, and SPF are all email authentication protocols that help prevent email spoofing and phishing, ensuring that emails sent from a domain are legitimately from that domain. These protocols require changes to DNS (Domain Name System) records, which is why only the domain owner or someone with proper access to the domain's DNS settings can configure them. Here’s why:

1. DKIM (DomainKeys Identified Mail)

What it is: DKIM adds a digital signature to an email message. This signature is associated with the domain sending the email.

Why only the domain owner can configure it: DKIM requires you to add a special TXT record to your domain’s DNS settings that stores the public key. When an email is sent, the DKIM signature can be verified using the public key in the DNS record. Only the person with access to the DNS settings of the domain can add or modify this key.

2. DMARC (Domain-based Message Authentication, Reporting, and Conformance)

What it is: DMARC helps specify how to handle emails that fail SPF or DKIM checks. It also provides reporting to the domain owner about email authentication results.

Why only the domain owner can configure it: DMARC requires the addition of a specific TXT record to the domain's DNS. The domain owner decides the policy (e.g., reject, quarantine, or allow) for handling emails that fail SPF/DKIM checks. Since this involves access to DNS settings, only the domain owner or an authorized person can set up or modify the DMARC policy.

3. SPF (Sender Policy Framework)

What it is: SPF allows the domain owner to specify which mail servers are allowed to send emails on behalf of the domain.

Why only the domain owner can configure it: SPF works by adding a TXT record to the domain’s DNS settings. This record lists authorized IP addresses or mail servers. To update or change this record, one must have access to the DNS settings for the domain, and since the domain owner controls these settings, they are the only ones who can configure SPF.

Why is DNS Access Required?

DNS is the Key: DNS is essentially the "phonebook" of the internet. It maps domain names to IP addresses and hosts other critical information for the domain (like mail servers and authentication keys). Changes to these records can directly impact the functionality and security of the domain.

Security Implications: Allowing anyone other than the domain owner to make these changes would introduce potential risks for email spoofing and unauthorized email sending. By controlling access to DNS, the domain owner ensures that only authorized email servers can send messages on behalf of the domain, reducing the chances of impersonation and fraud.

Where did you C&P that from, @jkg ?

Plusnet do have valid DKIM, DMARC, and SPF entries.

What are you wanting Plusnet do in that lengthy post ?

It is open source stuff

Start by configuring SPF.

SPF allows the domain owner to specify which mail servers are allowed to send emails on behalf of the domain

Plusnet have 13 outgoing email servers defined in their SPF entries they are listed here :

https://www.nslookup.io/domains/_spf-internal.plus.net/email/spf/

https://www.nslookup.io/domains/_spf-internal2.plus.net/email/spf/

@jkg The domain owner for .plus.com addresses is PLUSNET.

What about DMARC?