Office 365, RBL and rejections

Occasionally during your working day, you may find that email is rejected after is it sent with a notice similar to the following:

Delivery has failed to these recipients or groups:

Nicolas Blank
Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.

The following organization rejected your message: mail.company.com

Diagnostic information for administrators:

Generating server: bigfish.com

recipient@company.com
mail.company.com #<mail.company.com #5.7.1 smtp;554 5.7.1 Service unavailable; Client host [216.32.181.183] blocked using list.dsbl.org> #SMTP#

Original message headers:

Received: from mail173-ch1-R.bigfish.com (10.43.68.226) by
CH1EHSOBE001.bigfish.com (10.43.70.51) with Microsoft SMTP Server id
14.1.225.23; Fri, 10 Aug 2012 07:18:48 +0000
Received: from mail173-ch1 (localhost [127.0.0.1]) by
mail173-ch1-R.bigfish.com (Postfix) with ESMTP id A6ABF380305; Fri, 10 Aug
2012 07:18:48 +0000 (UTC)…………………..

Let’s break this down. You tried to send an email to Nicolas Blank at nicolas@company.com. The responsible mail server is mail.company.com.

Who the heck is bigfish.com?

Bigfish is an acquisition by Microsoft, which became FOPE, Forefront Online Protection for Exchange, which is the cloud based protection layer for Exchange online. Like it or not, all email in o out of your Office 365 mailbox passes through bigfish. If you feel like wallowing in irony, you’ll notice that the responsible MTA is Postfix. Moving right along…..

Let’s have a look at the important bit in the error message:

mail.company.com #<mail.company.com #5.7.1 smtp;554 5.7.1 Service unavailable; Client host [216.32.181.183] blocked using list.dsbl.org> #SMTP#

From this we can infer that mail.company.com refused to accept mail from “216.32.181.183” since that host appeared on a RBL Realtime Blackhole List, which is a list of known spammers. The list in question happened to be “list.dsbl.org”.

It’s quite possible for an organisation to be added to an RBL mistakenly, due to a number of reasons. With this in mind I logged a call, and was told that the FOPE addresses are not fixed, in order to prevent abuse or denial of service attacks, and that I should wait a while and resend the mail.

As an aside I also contacted the administrator at “company.com”, who then removed list.dsbl.org from their list of RBLs since it is no longer maintained.

Where to from here? Two things, if your Office 365 email bounces due to a list.dsbl.org RBL failure, then you may want to contact the responsible email administrator and ask them to update their RBL list. Or you may choose to wait a while and resend your mail.