outlook.com outgoing blacklists?

I have an email server which hosts 3 domains.
I have reason to believe that microsoft maintains an outgoing blacklist and would like confirmation on this.

I have had many a report that people on domains hosted on hotmail/outlook are getting messages bounced back stating that our server was unreachable.
This only happens for one of the three domains hosted on our server.

I went to outlook.com and setup an account.
When I create a new message and enter the recipient at that affected domain, the address immediately turns red, and when I hover over it states that
the address may not be valid.
This happens without ever sending a packet to our servers.
The affected domain can send emails to hotmail/outlook accounts just fine.

Anybody have some recommendations on how I resolve this, as Microsoft support seems to be under technical.


Todd K. Grand

Step 0: Verify that the DNS has the appropriate MX, A, and other records
for the failing domain.

DNS has been confirmed to be valid.

Anybody have some recommendations on how I resolve this

The most likely explanation is a configuration error at your end, so the first step is to share what the domain is.


The only example I could come up with is an IDN, which Todd already said
wasn't the case.
At least I know Unicode domains didn't work on Exchange 2013 OWA, but worked
when changed to ASCII.
It may have changed by now though.


Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222

Todd shared the domain with me privately.

The DNS configuration (and SMTP and TLS) looks fine, with nothing out of the ordinary, to me too.

So the next thing to look at would be the rejection message.


Almost seems like something corrupt at Outlook/Hotmail or a blacklist of some type.

Anybody have some recommendations on how I resolve this

The most likely explanation is a configuration error at your end, so the
first step is to share what the domain is.

That's the 0th Step, actually.

If people are going to ask for help, *PLEASE* provide us enough details to
be able to guess without consulting Carnak the Magnificent to figure out
what the actual details might be. :frowning:

Aloha mai Nai`a.

Content-Type: message/delivery-status

Reporting-MTA: dns;COL004-OMC2S2.hotmail.com
Received-From-MTA: dns;COL129-W41
Arrival-Date: Wed, 9 Sep 2015 02:13:28 -0700

Final-Recipient: rfc822;support@qkstream.com
Action: failed
Status: 5.5.0
Diagnostic-Code: smtp;554 The mail could not be delivered to the recipient because the domain is not reachable. Please check the domain and try again (-744508417:308:-2147467259)

Keep in mind that the address has a failed status even before sending on outlook.com webmail site.

another email domain hosted on the same server is tgrand@tgrand.com.
Hotmail/Outlook can send fine to this domain.

When I send from outlook.com to qkstream.com packets never arrive from microsofts outbound ip addresses.
Yet I can see the packets fine if I send from outlook.com to tgrand.com

Certainly looks to be broken to me:

mpetach@hinotori:~> nslookup -q=any gkstream.com

Non-authoritative answer:
Name: gkstream.com
gkstream.com nameserver = ns1.parkingcrew.net.
gkstream.com text = "v=spf1 ip6:fd1b:212c:a5f9::/48 -all"
gkstream.com nameserver = ns2.parkingcrew.net.
        origin = ns1.parkingcrew.net
        mail addr = hostmaster.gkstream.com
        serial = 1441890000
        refresh = 28800
        retry = 7200
        expire = 604800
        minimum = 86400

Authoritative answers can be found from:


mpetach@hinotori:~> traceroute gkstream.com
traceroute to gkstream.com (, 64 hops max, 40 byte packets
1 ws1 ( 1 ms 1 ms 1 ms
2 s0-0-0-2.core1.sjc.layer42.net ( 4 ms 4 ms 4 ms
3 ge2-48.core1.sv1.layer42.net ( 4 ms 4 ms 4 ms
4 te0-0-0-18.ccr21.sjc04.atlas.cogentco.com ( 6 ms
41 ms 73 ms
5 be2015.ccr21.sfo01.atlas.cogentco.com ( 47 ms
(TOS=40!) 7 ms 7 ms
6 be2132.ccr21.mci01.atlas.cogentco.com ( 57 ms 57 ms 57 ms
7 be2156.ccr41.ord01.atlas.cogentco.com ( 57 ms 70 ms 57 ms
8 be2351.ccr21.cle04.atlas.cogentco.com ( 75 ms 64 ms 67 ms
9 be2596.ccr21.yyz02.atlas.cogentco.com ( 71 ms 71 ms 71 ms
10 be2090.ccr21.ymq02.atlas.cogentco.com ( 84 ms 121 ms 161 ms
11 be2384.ccr21.lpl01.atlas.cogentco.com ( 150 ms 150
ms 151 ms
12 be2182.ccr41.ams03.atlas.cogentco.com ( 170 ms 170
ms 169 ms
13 be2261.ccr41.fra03.atlas.cogentco.com ( 164 ms 164 ms 164 ms
14 be2228.ccr21.muc03.atlas.cogentco.com ( 174 ms 174 ms 174 ms
15 te0-0-0-2.agr12.muc03.atlas.cogentco.com ( 173 ms
te0-0-0-2.agr11.muc03.atlas.cogentco.com ( 191 ms
te0-0-0-2.agr12.muc03.atlas.cogentco.com ( 174 ms
16 ( 170 ms ( 175
ms ( 170 ms
17 ( 175 ms
( 173 ms 174 ms
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 *^C *
26 ^C
mpetach@hinotori:~> telnet gkstream.com 25

telnet: Unable to connect to remote host: Connection timed out


Hi Matthew,

I'm pretty sure your 'gkstream.com' is wrong and that he means qkstream.com (see https://www.robtex.com/en/advisory/ip/66/171/128/130/ ). That does not seem broken.

I do wonder if this domain qkstream.com used to be squatted?

David Hofstee

Deliverability Management
MailPlus B.V. Netherlands (ESP)

-----Oorspronkelijk bericht-----

Looks like there are some IPv6 and TCP problems with the DNS



Interesting, however those ipv6 addresses were dropped from our dns almost 2 weeks ago.
No quad A records should exist anylonger, as it has been more than 48 hours.

You need to update the glue in your delegation.

; <<>> DiG 9.11.0pre-alpha <<>> +norec qkstream.com @a.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17274
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 6

; EDNS: version: 0, flags:; udp: 4096
;qkstream.com. IN A

qkstream.com. 172800 IN NS ns1.quickwisp.com.
qkstream.com. 172800 IN NS ns2.quickwisp.com.
qkstream.com. 172800 IN NS ns3.quickwisp.com.

ns1.quickwisp.com. 172800 IN AAAA 2001:470:b:4bb::25
ns1.quickwisp.com. 172800 IN A
ns2.quickwisp.com. 172800 IN AAAA 2001:470:b:4bb::22
ns2.quickwisp.com. 172800 IN A
ns3.quickwisp.com. 172800 IN A

;; Query time: 14 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Thu Sep 10 15:56:31 BST 2015
;; MSG SIZE rcvd: 209


Definitely something I need to address, I agree.
However with that said the tgrand.com domain has the same problem yet hotmail/outlook.com sends fine to these.

IPV6 Glue is gone.
and no the domain is qkstream.com not gkstream.com
The domain I have owned for 8 or so years.
The problem started within the past 3-4 weeks.

The problem has been resolved.
Thanks to everybody that contributed.

Well now you have to share the answer.