Users in an Exchange Online Protection environment receive NDRs when they send mail to a recipient environment that uses the service

Users in a Microsoft Exchange Online Protection environment receive a nondelivery report (NDR) when they send email messages to a recipient whose messaging environment uses the service for mail security.
This issue occurs if all the following conditions are true:
  • The Exchange Online Protection outgoing servers (also known as "outbound servers") are listed in the reputation block list. (This listing can't be prevented because of certain kinds of spoofing attacks that can be directed against the Exchange Online Protection service and users.) 
  • The recipient email environment implemented the service in reject mode instead of in safe mode.
  • The recipient email environment didn't add the Exchange Online Protection outgoing edge server IP addresses to the list of enabled mail senders.
It's very common for Exchange Online Protection outgoing servers to be listed by the service. However, if you must verify that this occurred, follow these steps:
  1. Use the Message Trace feature in the Exchange Online Protection Administration Center to determine the host name of the outgoing edge server that sent the users' mail items. For more information about how to run a message trace, see Trace an Email Message.
  2. Use the test that's provided by the service to determine whether the IP address is listed as the source of spam.
Because the cause of the issue is rooted in the service, the solution must be directed at Backscatterer. Office 365 doesn't support services. The following guidance is provided as-is and without any warranty to resolve unexpected mail rejections from recipient environments that use the service as a block list.

To resolve this issue, try one of the following methods:
  • Contact the recipient mail administrator to have the specific Exchange Online Protection outgoing server IP addresses added to an enabled list to bypass the checks. For an updated list of Exchange Online Protection IP addresses, see Exchange Online Protection IP addresses.
  • Contact the recipient mail administrator to recommend that he or she implement the service in safe mode, as recommended at the following website:
"Backscatter" (also known as "outscatter," "misdirected bounces," "blowback," and "collateral spam") refers to the incorrect and automated bounce messages that are sent by mail servers, typically as a side effect of incoming spam. Because Exchange Online Protection is a spam-filtering service, mail to nonexistent recipients and to other suspicious messages is rejected by the service. When that happens, Exchange Online Protection generates a new NDR message and delivers it back to the "sender." Because spammers frequently use a forged or invalid "from" address in their messages, the sender address to which the NDR is sent may result in backscatter. When this happens, outgoing servers that are associated with the Exchange Online Protection network may be listed on the Backscatterer DNS block list (DNSBL). 

The Backscatterer DNSBL is a list of IP addresses that send backscatter. It's not a spammer list. The instructions on the Backscatterer website recommend that you not set up or use the reject mode for all incoming mail from the service. You should use the service in safe mode to block messages in which MAIL FROM resembles the following:
For more information about the correct configuration, see the following website: We are committed to enabling customers to have a secure email environment that is both spam-free and virus-free. As part of that commitment, Exchange Online Protection takes many steps to make sure that mail that's filtered through our network doesn't contain unsolicited commercial messages. 

Third-party information disclaimer

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

The information and the solution in this document represent the current view of Microsoft Corporation on these issues as of the date of publication. This solution is available through Microsoft or a third-party provider. We do not specifically recommend any third-party provider or third-party solution that this article might describe. There might also be other third-party providers or third-party solutions that this article does not describe. Because we must respond to changing market conditions, this information should not be interpreted as a commitment by Microsoft. We cannot guarantee or endorse the accuracy of any information or of any solution that is presented by Microsoft or by any mentioned third-party provider.

Microsoft makes no warranties and excludes all representations, warranties, and conditions whether express, implied, or statutory. These include but are not limited to representations, warranties, or conditions of title, non-infringement, satisfactory condition, merchantability, and fitness for a particular purpose, with regard to any service, solution, product, or any other materials or information. In no event will Microsoft be liable for any third-party solution that this article mentions.

Article ID: 2590562 - Last Review: 10/17/2014 02:43:00 - Revision: 11.0

Microsoft Exchange Online Protection

  • o365022013 o365 o365a o365e o365p o365m kb3rdparty eop KB2590562