Forum Discussion

Harald Bacik's avatar
Harald Bacik
Copper Contributor
Dec 08, 2017
Solved

External software sends email and is marked as outgoing SPAM

Hey everybody!   We use an external software to send emails. All these emails get marked as outgoing SPAM. How can I avoid this? We use SMTP Sending with TLS activated. And it only happen...
office 365
Harald Bacik's avatar
Harald Bacik
Copper Contributor
Dec 08, 2017

Okay.

I checked the header with an analyzer tool and this is the information:

 

 1. Entry (line 5):
      Original line: from ERWINROTHER-PC (91.112.208.185) by AM0PR0602MB3427.eurprd06.prod.outlook.com (2603:10a6:208:21::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Thu, 7 Dec 2017 14:24:00 +0000
      Sender:        91.112.208.185
      Sender (IP):   2603:10a6:208:21::29
      Sender (from): ERWINROTHER-PC
      Received from: AM0PR0602MB3427.eurprd06.prod.outlook.com
      Received time: 07.12.2017 14:24:00 (UTC)
      Duration:      00:00:13
      Analysis:
        The sender host name is possible forged.
          The host name in "from" (ERWINROTHER-PC) does not match the client host name (91.112.208.185).
        The domain names does not match.
          The recipient domain of this entry (outlook.com) should be
          the sender domain of the next entry (154.175).
          This is often due to an IP address change, such as network address translation (NAT) of a private IP address to a public one.

   2. Entry (line 4):
      Original line: from EUR01-DB5-obe.outbound.protection.outlook.com (213.199.154.175) by HE1EUR02FT049.mail.protection.outlook.com (10.152.11.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.282.5 via Frontend Transport; Thu, 7 Dec 2017 14:24:13 +0000
      Sender:        213.199.154.175
      Sender (IP):   10.152.11.8
      Sender (from): EUR01-DB5-obe.outbound.protection.outlook.com
      Received from: HE1EUR02FT049.mail.protection.outlook.com
      Received time: 07.12.2017 14:24:13 (UTC)
      Duration:      00:00:00
      Analysis:
        The IP address of the sender is not a public IP address.
        The sender and/or the recipient seems to be from a non-public network.
        The sender host name is possible forged.
          The host name in "from" (EUR01-DB5-obe.outbound.protection.outlook.com) does not match the client host name (213.199.154.175).
        There are no host or domain names available for a comparison.

   3. Entry (line 3):
      Original line: from HE1EUR02FT049.eop-EUR02.prod.protection.outlook.com (2a01:111:f400:7e05::203) by DB6PR07CA0190.outlook.office365.com (2603:10a6:6:42::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.323.4 via Frontend Transport; Thu, 7 Dec 2017 14:24:13 +0000
      Sender:        2a01:111:f400:7e05::203
      Sender (IP):   2603:10a6:6:42::20
      Sender (from): HE1EUR02FT049.eop-EUR02.prod.protection.outlook.com
      Received from: DB6PR07CA0190.outlook.office365.com
      Received time: 07.12.2017 14:24:13 (UTC)
      Duration:      00:00:01
      Analysis:
        The sender host name is possible forged.
          The host name in "from" (HE1EUR02FT049.eop-EUR02.prod.protection.outlook.com) does not match the client host name (2a01:111:f400:7e05::203).
        There are no host or domain names available for a comparison.

   4. Entry (line 2):
      Original line: from DB6PR07CA0190.eurprd07.prod.outlook.com (2603:10a6:6:42::20) by AM5PR0701MB2737.eurprd07.prod.outlook.com (2603:10a6:203:76::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.3; Thu, 7 Dec 2017 14:24:14 +0000
      Sender:        2603:10a6:6:42::20
      Sender (IP):   2603:10a6:203:76::11
      Sender (from): DB6PR07CA0190.eurprd07.prod.outlook.com
      Received from: AM5PR0701MB2737.eurprd07.prod.outlook.com
      Received time: 07.12.2017 14:24:14 (UTC)
      Duration:      00:00:00
      Analysis:
        The sender host name is possible forged.
          The host name in "from" (DB6PR07CA0190.eurprd07.prod.outlook.com) does not match the client host name (2603:10a6:6:42::20).
        The domain names does not match.
          The recipient domain of this entry (outlook.com) should be
          the sender domain of the next entry (93.139).
          This is often due to an IP address change, such as network address translation (NAT) of a private IP address to a public one.

   5. Entry (line 1):
      Original line: from AM5PR0701MB2737.eurprd07.prod.outlook.com (10.173.93.139) by VI1PR0701MB2750.eurprd07.prod.outlook.com (10.173.80.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.3 via Mailbox Transport; Thu, 7 Dec 2017 14:24:14 +0000
      Sender:        10.173.93.139
      Sender (IP):   10.173.80.150
      Sender (from): AM5PR0701MB2737.eurprd07.prod.outlook.com
      Received from: VI1PR0701MB2750.eurprd07.prod.outlook.com
      Received time: 07.12.2017 14:24:14 (UTC)
      Duration:      ---
      Analysis:
        This entry was added by the recipients mail server.
        The IP address of the sender is not a public IP address.
        The sender and/or the recipient seems to be from a non-public network.
        The sender host name is possible forged.
          The host name in "from" (AM5PR0701MB2737.eurprd07.prod.outlook.com) does not match the client host name (10.173.93.139).