How to Deal With the Microsoft Outlook IP Blacklist

In previous tutorials, I explained how you can easily set up your own mail server using iRedMail or Modoboa, and I shared some tips on getting your IP address removed from blacklists. However, some folks have a hard time getting off the Microsoft Outlook IP blacklist, which is used by outlook.com, hotmail.com, live.com, and msn.com mail servers.

Microsoft Outlook typically sends back the following message if your IP address is blocked.

host eur.olc.protection.outlook.com[104.47.22.161] said:
550 5.7.1 Unfortunately, messages from [xx.xx.xx.xx] weren't sent.
Please contact your Internet service provider since part of their network
is on our block list (S3150). You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors.
[DB8EUR06FT013.eop-eur06.prod.protection.outlook.com] (in reply to MAIL
FROM command)

As you can see, the whole IP range is blocked. Personally, I don’t think this anti-spam technique should be used due to the collateral damage done to legitimate senders. In contrast, Gmail is much more intelligent in handling IP reputation. You can submit the sender information form to solve this problem. Sometimes Microsoft would unblock your IP address, sometimes your request would be refused.

A surefire way to get your IP address off Outlook blacklist is to get your mail server certified by Return Path. However, this is very expensive. You need to pay a one-time $200 application fee and at least $1,375 license fee per year. I will show you a free way to bypass the Outlook IP blacklist.

Using SMTP Relay Service to Bypass Microsoft Outlook IP Blacklist

You can configure your mail server to relay emails via SMTP relay services. They maintain a good IP reputation, so your emails can get through IP blacklists. There are many SMTP relay services. Some charge a little fee, some offer free quotas every month.

You don’t have to configure your mail server to relay all emails. I will show you how to configure your Postfix SMTP server to relay emails that are sent to outlook.com, hotmail.com, live.com and msn.com email addresses, so you won’t use up the free quota quickly. There are not many people using Microsoft mailboxes these days. Only 6.5% of my subscribers are using hotmail, outlook, live, and msn email addresses.

We can also configure Postfix SMTP server to use multiple SMTP relay services. So if one service provider allows you to send 10,000 emails per month for free, and we use 3 service providers, then we can send 30,000 emails per month for free.

Here I recommend 3 SMTP Relay Services:

  • SendPulse: 12,000 emails/month for free. No credit card required.
  • SendinBlue: 9,000 emails/month for free. No credit card required.
  • Mailjet: 6,000 emails/month for free. No credit card required.

I will show you how to set up each of them with Postfix SMTP server.

Configure SendPulse SMTP Relay

First, create a free account at SendPulse. After that, click the SMTP button in your SendPulse dashboard, then click Get started.

sendpulse transactional campaigns

Next, you need to complete your user profile.

sendpulse user profile

Then you need to wait for SendPulse to review your account. Once your account is approved, you can use SendPulse to send emails. Click the SMTP Settings button in the account dashboard and you have the SMTP settings that you can use in Postfix SMTP server.

sendpulse smtp settings

SSH into your mail server and open the Postfix main configuration file with a command-line text editor like Nano.

sudo nano /etc/postfix/main.cf

Add the following line at the end of this file.

transport_maps = regexp:/etc/postfix/transport.microsoft

Hint

If you use iRedMail, you can find the transport_maps parameter and add the regexp line.

transport_maps =
    regexp:/etc/postfix/transport.microsoft
    proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf
    proxy:mysql:/etc/postfix/mysql/transport_maps_maillist.cf
    proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf

If you use Modoboa, you can find the tranport_maps parameter and add the regexp line.

transport_maps =
        regexp:/etc/postfix/transport.microsoft
        proxy:mysql:/etc/postfix/sql-transport.cf
        proxy:mysql:/etc/postfix/sql-spliteddomains-transport.cf

Then add the following lines to the end of this file.

# outbound relay configurations
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = may
header_size_limit = 4096000

Save and close the file. Next, create the /etc/postfix/transport.microsoft file.

sudo nano /etc/postfix/transport.microsoft

Add the following line in this file. This tells Postfix to use SendPulse SMTP relay if the recipient is a hotmail user.

/.*@hotmail.*/i             relay:[smtp-pulse.com]:587

Save and close the file. The create the .db file.

sudo postmap /etc/postfix/transport.microsoft

Next, create the /etc/postfix/sasl_passwd file.

sudo nano /etc/postfix/sasl_passwd

Add the SMTP relay host and SMTP credentials to this file like below. Replace smtp_username and smtp_password with your own username and password that are given by SendPulse. Note there’s a colon between the username and password.

[smtp-pulse.com]:587            smtp_username:smtp_password

Save and close the file. Then create the corresponding hash db file with postmap.

sudo postmap /etc/postfix/sasl_passwd

Now you should have a file /etc/postfix/sasl_passwd.db. Restart Postfix for the changes to take effect.

sudo systemctl restart postfix

By default, sasl_passwd and sasl_passwd.db file can be read by any user on the server.  Change the permission to 600 so only root can read and write to these two files.

sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

From now on, Postfix will use SendPulse SMTP relay to send emails to hotmail users. You need to update your domain name’s SPF record. For example, if your SPF record is

v=spf1 mx ~all

Then change it to the following to allow SendPulse servers to send emails for you.

v=spf1 include:mxsmtp.sendpulse.com mx ~all

Note that if you have already configured DKIM on your own mail server, you don’t have to configure DKIM again in SendPulse, because SendPulse won’t add additional DKIM signature to your emails.

Now you can send a test email to a hotmail.com email address.

Configure SendinBlue SMTP Relay

Create a free account at SendinBlue. Once you complete your user profile, click the transactional tab, you will get your SMTP settings.

sendinblue SMTP relay settings

Note that you might need to contact Sendinblue customer service in order to activate the transactional email service.

Then edit the /etc/postfix/transport.microsoft file.

sudo nano /etc/postfix/transport.microsoft

Add the following line in this file. This tells Postfix to use SendinBlue SMTP relay if the recipient is an Outlook user.

/.*@outlook.*/i    relay:[smtp-relay.sendinblue.com]:587

Save and close the file. The create the .db file.

sudo postmap /etc/postfix/transport.microsoft

Then edit the password database.

sudo nano /etc/postfix/sasl_passwd

Add the SMTP relay host and SMTP credentials to this file like below. Replace smtp_username and smtp_password with your own username and password that are given by SendinBlue. Note there’s a colon between the username and password.

[smtp-relay.sendinblue.com]:587            smtp_username:smtp_password

Save and close the file. Then create the corresponding hash db file with postmap.

sudo postmap /etc/postfix/sasl_passwd

Restart Postfix for the changes to take effect.

sudo systemctl restart postfix

Note that you need to click the Senders & IPs tab in your account dashboard to add your domain.

sendinblue add senders and domains

Set Up SPF/DKIM Authentication in SendinBlue

In your SendinBlue dashboard, click your account name on the upper-right corner, then click Senders & IP. Select the Domains tab -> Manage -> Authenticate this domain.

sendinblue authenticate domain

A popup appears. You need to add the first 3 records for your domain.

sendinblue spf and DKIM authentication

Note that your SPF record should also include SendPulse.

v=spf1 include:mxsmtp.sendpulse.com include:spf.sendinblue.com mx ~all

Configure Mailjet SMTP Relay

Create a free account at Mailjet.  Once you activate your Mailjet account, you will need to choose between Marketer and Developer. Here we choose Developer in order to use SMTP relay.

mailjet smtp relay

In the next screen, choose SMTP relay and click the Continue button.

mailjet smtp relay outlook blacklist

Then you will get your SMTP configurations.

mailjet smtp configuration

Edit the /etc/postfix/transport.microsoft file on your mail server.

sudo nano /etc/postfix/transport.microsoft

Add the following two lines at the end of this file. This tells Postfix to use Mailjet SMTP relay if the recipient is a Micosoft live and MSN mail user.

/.*@live.*/i    relay:[in-v3.mailjet.com]:587
/.*@msn.*/i     relay:[in-v3.mailjet.com]:587

Save and close the file. The create the .db file.

sudo postmap /etc/postfix/transport.microsoft

Then edit the password database.

sudo nano /etc/postfix/sasl_passwd

Add the SMTP relay host and SMTP credentials to this file like below. Replace smtp_username and smtp_password with your own username and password that are given by Mailjet. Note there’s a colon between the username and password.

[in-v3.mailjet.com]:587            smtp_username:smtp_password

Save and close the file. Then create the corresponding hash db file with postmap.

sudo postmap /etc/postfix/sasl_passwd

Restart Postfix for the changes to take effect.

sudo systemctl restart postfix

Now you should be able to send emails to Microsoft live and MSN users with Mailjet SMTP relay. Click the Add and validate domain button in your account dashboard to add sender address or add your domain.

You also need to update your domain name’s SPF record. For example, if your SPF record is

v=spf1 include:mxsmtp.sendpulse.com +a +mx ~all

Then change it to the following to allow Mailjet servers to send emails for you.

v=spf1 include:mxsmtp.sendpulse.com include:spf.mailjet.com +a +mx ~all

Set Up SPF/DKIM Authentication in Mailjet

In mailjet dashboard, click setup SPF/DKIM authentication. By default, SPF status and DKIM status are both in error. Click manage button and follow the instructions to add SPF and DKIM records.

smtp relay set up SPF and DKIM

After SPF and DKIM records are created, wait a few moments, and refresh the Mailjet web page. Your new DNS records can take some time to propagate on the Internet, depending on your DNS hosting service. If SPF and DKIM records are set up correctly and propagation is complete, Mailjet would tell you that SPF and DKIM records are good.

mailjet spf dkim

Wrapping Up

I hope this tutorial helped you bypass the Microsoft Outlook IP blacklist. As always, if you found this post useful, then subscribe to our free newsletter for more useful tutorials 🙂

Rate this tutorial
[Total: 1 Average: 5]

2 Responses to “How to Deal With the Microsoft Outlook IP Blacklist

  • Owesome tutorial. Thanks !

  • vraiment merci pour le travaille que vous fêtes j’ai beaucoup progresser en regardants vos tutoriels et je contenue toujours a vous survire vraiment merci que Dieu vous bénisse frère

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.


The maximum upload file size: 2 MB.
You can upload: image.