Our extended service monitoring has confirmed that our implemented measures to protect the service have improved IP address reputation and remediated the impact.
Posted Jun 27, 2024 - 09:00 CDT
Identified
Update from Microsoft:
We've identified a pattern of malicious email sending behavior that was contributing to the reduced IP address reputation and implemented measures to protect the service. Our initial review of telemetry after these changes indicates a positive response and a reduction in messages being blocked as expected. We're continuing to monitor our telemetry to ensure this stays on a positive trend and confirm the issue is resolved.
Posted Jun 24, 2024 - 08:30 CDT
Investigating
Service Incident posted by Microsoft:
User impact - Users' email messages may be rejected as potential spam due to poor IP address reputation and not delivered.
More info - Users impacted by this event receive a Non-Delivery Report (NDR) with an error indicating that the email originated from an IP address that is on a Remote Block List/Realtime Blackhole (RBL) and was blocked by a third-party anti-spam service. Users may be successful in sending affected messages upon retry after waiting a period of 5 to 10 minutes from the last attempt.
Scope of impact - The problem may impact some users that send outbound email messages if the recipient leverages a specific third-party anti-spam service mentioned within the NDR.
Root cause - A third-party anti-spam service is blocking a portion of Microsoft’s email IP address ranges to protect organizations that use their services.
Current status - We've received reports from some users who are receiving NDRs indicating that their email messages are being rejected by a third-party anti-spam service as potential spam due to poor IP address reputation. These email messages are not delivered as expected. We're working with the third-party to unblock the affected IP addresses to expedite mitigation of this issue.
In parallel, we're reviewing the reasons that led to the spam detection so that we may reduce the likelihood of the problem repeating. To accomplish this, we're correlating the spam detections to email sending behavior associated with the affected IP address pools. From our analysis of this data, we’ll begin looking into how to improve the reputation of the affected IP addresses and allow legitimate email to be sent as expected. However, our actions to prevent reoccurrences are expected to take an extended period to finalize and implement.