@Townman Thanks for that comprehensive explanation.

Couldn't agree more on your last comment, which, from my current experience, also applies to Gmail.

---

@PhilipHeyes wrote:

The plus.com part is the bit that is considered the spam sender, that we know is to be sustained.

---

What draws you to that statement? There is noting being sent from @plus.com ... and in what sense do you mean sustained?  By what / whom?

It is the inappropriate aggregation which brings about the bulk sender volume (5k per day) consideration.

One of the matters which passes through my mind is what drives that volume on a domestic only service?

---

@PhilipHeyes wrote:

Why do MS & Apple ignore the subdomain.

---

Now that is a good question.  Why is this apparently only an issue with sending to Microsoft domains?

Same DKIM / DMARC configuration, correctly configured as 'relaxed', appears not to be an issue to other environments, including Gmail.

For what it is worth, an email sent to outlook and Gmail on 29th July which went to my outlook spam folder with SCL=6, I resent today (just open the sent item and resend) was delivered with a SCL=1.

Nothing appears to have changed anywhere, other than Microsoft's judgement call..

"sustained"  means in the brave new world of Greenby the use of <subdomain>.plus.com and use of plus.com are to be carried forwards. 

I totally grasp the idea of a what "relaxed" is supposed to do, but we face the situation
that is not being accepted / permitted / honoured any more by Microsoft & Apple. 

Due to error or intention ?

By intention Apple kit does it best to refuse to connect in the presence of WPA  ,
it may not be the standard but not by error and it sure has caused firms to
disable WPA on Wi-Fi APs using at least WPA2.   Apple forced the hands of all.

---

@PhilipHeyes wrote:

"sustained"  means in the brave new world of Greenby the use of <subdomain>.plus.com and use of plus.com are to be carried forwards. 

---

How else might one think it will be? @account.plus.com is the service / individual user's email address.  Users were able to overly a personal domain if they wanted to do, as many have done, however to all intents and purposes that is an entirely different email service / addressing space.  Arguably such makes a complete mockery of the Microsoft behaviour here - same SMTP email service / platform / potentially a source of spam ... but change the sender identity and all is fine, we will accept whatever volume you send.

To clarify, my @mydomain.co.uk sits on top of @myaccount.plus.com - I could send 4,990 emails a day all on my own and would not trouble Microsoft in the slightest, even though it is all going through relay.plus.net - and might I add, that is in the absence of either DKIM or DMARC.

It just does not make logical sense ... and until the logic is explained by Microsoft, mitigation remains a challenge.  As you seem to hint, Microsoft not being complaint with the rules might be what has to be mitigated, but until that is clearly affirmed by them, it is all guess work.

@Townman 

Thank you for your helpful posts on this thread today.

Did you see my post #451? The only response I got was effectively from ChatGPT (#452)!

If Plusnet users are the only ones having problems then it’ll be an uphill task trying to persuade Microsoft et al. to change what they’ve done.

Ref #451

We know that other regimes are seeing variable SCL scores, in respect of the same email when sent to multiple Microsoft environments.  That inconsistency can only be laid on Microsoft's altar.  We also see other regimes receiving DKIM look up failures where, similarly to Plusnet, those services have DKIM and DMARC configured correctly.  Such has been reported several times by @MisterW in respect of his Mythic Beasts service.

Therefore I think it is presumptive to say with any confidence that there are no other service providers experiencing similar issues.

As for #452 ChatGPT response - one needs to remember that ChatGPT is a GIGO service: it does not have any innate added intelligence.  It just aggregates and regurgitates what it finds from across the internet; if the input is flawed, what it reports will equally be flawed.  There have been no reports around here indicating any issues with email service it mentions other than *.plus.com therefore I would take that analysis with a barrel of salt!

@Townman said

"Same DKIM / DMARC configuration, correctly configured as 'relaxed', appears not to be an issue to other environments, including Gmail."

@Townman subsequently said (in a slightly different context)

"It just does not make logical sense ... and until the logic is explained by Microsoft, mitigation remains a challenge.  As you seem to hint, Microsoft not being complaint with the rules might be what has to be mitigated, but until that is clearly affirmed by them, it is all guess work."

While accepting that Microsoft might not be following the rules, maybe what would keep them happy is to configure DKIM strictly for each individual account, rather than a global 'relaxed' on the higher-level plus.com?

Unfortunately I fear you might never get Microsoft to confirm that.  They may have a policy of not giving out information that could also help the real spammers they want to deter.  It may be a case of suck it and see if the guess works.

I would like to apologise to all super users for any offence I may have caused.

However, as I have never been a PlusNet user and I no longer have any clients using PN it is probably time that I stop following this thread. 

I have followed from the beginning out of professional interest but, as freedom of speech seems to be an issue I will say goodbye.

@Tim-J 

That is a very fair assessment in all quarters.  There are on going dialogues with Microsoft.  Needing to implement DKIM and DMARC on every sub-domain would be a stark damnation of Microsoft's non-compliance with international RFC's.

That said, if it were so wrong, why is this not failing for EVERY email sent to Microsoft environments?

Unless I have missed something, the only current reports relate to sending the same email to multiple recipients across more than one Microsoft brand.  Send to one recipient or one brand and there are no issues.

This may be a very fine distinction.

For us it is emails with multiple destinations where there is one or more Microsoft destination(s)
the one or more MS email a/c will each be rejected.    

@Townman said

"That said, if it were so wrong, why is this not failing for EVERY email sent to Microsoft environments?  Unless I have missed something, the only current reports relate to sending the same email to multiple recipients across more than one Microsoft brand.  Send to one recipient or one brand and there are no issues."

Hypothesis: their spam filtering gives a higher score for emails to multiple recipients?  Add that to the score for non-strict DKIM and you are tipped over a threshold?

@PhilipHeyes 

Given all we have been through here, 'fine distinction' is now somewhat imperative.

To all intents and purposes, the Microsoft and Gmail spaces seem to be behaving normally.  You have made the most input to the residual failure space, as that has a very marked impact on the conduct of your business over the Plusnet email service.

I had understood your reposts to suggest that where the email addressee list included multiple MS domains, that some of those domains will reject delivery, with a DKIM failure.  If the same email is sent individually to those recipients it is received OK.

Are you adding / clarifying that if an email is sent to multiple addressees and just one of them is in a MS domain, it will always be rejected?  If yes, that is a very marked clarification.  Note that my test this morning to Outlook and Gmail executed as expected.

I fear that I am going to have to bite the bullet and configure a *.plus.com account on my Outlook 365 setup!