Summary
Microsoft blocks AWS SMTP servers due to a confluence of factors, primarily revolving around poor IP reputation and the ease with which spammers can exploit AWS infrastructure. The AWS signup process makes it simple for malicious actors to quickly establish accounts and initiate spam campaigns. This high volume of spam originating from AWS IP ranges results in aggressive filtering and blocking by Microsoft to protect its users from unwanted email. The shared IP infrastructure of AWS SES exacerbates this issue, as the actions of one sender can negatively affect the reputation of others on the same IP. The result is that even legitimate senders on AWS may be inadvertently caught in these blocks. Best practice, as suggested by multiple sources, is to either avoid sending directly from AWS altogether, switch to a dedicated IP, ensure a proper warm-up process, authenticate email, and/or use a reputable Email Service Provider (ESP) to mitigate these deliverability challenges.
Key findings
- Poor IP Reputation: AWS IP ranges are known for a high volume of spam and malicious activities, resulting in poor IP reputation.
- Easy Exploitation: AWS's straightforward signup process enables spammers to quickly create accounts and send unwanted email.
- Shared IP Risks: The shared IP infrastructure of AWS SES means the actions of one sender impact the deliverability of others on the same IP.
- Aggressive Filtering: Microsoft employs aggressive filters against AWS IP space to protect its users from spam.
Key considerations
- Avoid Direct AWS Sending: Consider avoiding sending directly from AWS if deliverability is critical.
- Dedicated IPs: If using AWS, switch to a dedicated IP to manage your reputation.
- IP Warm-up: Implement a gradual IP warm-up process to establish a positive sending history.
- Email Authentication: Implement SPF, DKIM, and DMARC email authentication protocols to improve deliverability.
- Use an ESP: Consider utilizing a reputable Email Service Provider (ESP) for enhanced deliverability.
- rDNS Configuration: Update the rDNS record on your AWS host to reflect your brand/domain.
- Monitor Reputation: Continuously monitor your IP and domain reputation to identify and address issues promptly.
What email marketers say
10 marketer opinions
Microsoft blocks AWS SMTP servers primarily due to the prevalence of spam and malicious activities originating from AWS IP ranges, leading to poor IP reputation. This is often exacerbated by the ease with which spammers can create accounts and send large volumes of emails, especially from shared IPs. As a result, Microsoft proactively blocks these IP ranges to protect its users.
Key opinions
- IP Reputation: Poor IP reputation due to spam originating from AWS is the main reason for blocking.
- Shared IPs: Shared IPs on AWS are often used by spammers, impacting the reputation of all users sharing the IP.
- Ease of Abuse: The ease of creating AWS accounts facilitates spamming, leading to blocks by Microsoft.
Key considerations
- Dedicated IPs: Use dedicated IPs instead of shared IPs to control your sending reputation.
- Warming Up: Properly warm up your IP address to establish a good sending reputation.
- rDNS: Update the rDNS on your AWS host to use your brand/domain.
- Best Practices: Follow email sending best practices to avoid being flagged as spam.
- ESPs: Consider using a reputable Email Service Provider (ESP) to handle email sending.
- Authentication: Authenticate your email (SPF, DKIM, DMARC) to improve deliverability.
Marketer view
Email marketer from SocketLabs explains that problems arise from using shared IPs as your IP reputation can be affected by the activities of other users sending from the same IPs. If those activities are associated with spam or other negative behaviors, all users sharing that IP can be impacted. SocketLabs recommends using a dedicated IP address or a reputable sending platform.
19 Oct 2021 - SocketLabs
Marketer view
Email marketer from Email on Acid explains that deliverability issues stem from poor IP reputation. Because AWS is a service widely used by spammers, and it is simple to create new accounts for malicious use, Microsoft may block AWS IPs to protect users.
5 Jun 2024 - Email on Acid
What the experts say
7 expert opinions
Microsoft blocks AWS SMTP servers due to the platform's reputation for hosting spammers. The ease of signup and deployment allows malicious actors to quickly send spam, resulting in aggressive filtering and blocks of entire AWS IP ranges by Microsoft. This 'bad neighborhood' effect means legitimate senders on AWS can be penalized for the actions of others.
Key opinions
- Reputation: AWS has a poor reputation due to spammers exploiting its infrastructure.
- Ease of Abuse: The easy sign-up process makes AWS attractive to spammers.
- Aggressive Filtering: Microsoft employs aggressive filters against AWS IP space.
- Bad Neighborhood: Legitimate senders on AWS suffer from the actions of nearby spammers.
Key considerations
- Avoid AWS: Consider avoiding sending directly from AWS infrastructure due to deliverability issues.
- Alternative Platforms: Explore alternative sending platforms with better deliverability reputations.
- Mitigation is Key: Understand that Microsoft is primarily mitigating the effects of spam and not necessarily targeting AWS.
Expert view
Expert from Email Geeks says you’re in a bad neighborhood and there’s not much you can do about that other than move.
23 Apr 2023 - Email Geeks
Expert view
Expert from Email Geeks explains that Microsoft pretty much hates AWS and a lot of folks go through this, and that the full IP space has a bad reputation. If someone nearby on your /24 (or sometimes larger range) sends spam, you’re going to get tarred with that brush.
2 Feb 2022 - Email Geeks
What the documentation says
4 technical articles
Microsoft blocks AWS SMTP servers primarily because of poor IP reputation stemming from spam and unwanted email originating from AWS. AWS's shared IP infrastructure means that the actions of one sender can negatively impact the deliverability of others, leading Microsoft to block entire ranges to protect its users. New AWS accounts also have sending limits and limited IP reputation, making them susceptible to blocking if not properly managed.
Key findings
- Shared IP Impact: Shared IPs on AWS SES are vulnerable to the sending behavior of other users.
- IP Reputation is Key: A good IP reputation is crucial for email deliverability.
- Microsoft's Blocking Criteria: Microsoft blocks based on IP reputation, spam complaints, and sending volume.
- New Account Limits: New AWS SES accounts have sending limits and limited IP reputation.
Key considerations
- Dedicated IPs: Use dedicated IPs for greater control over your IP reputation.
- Manage Sending Limits: Properly manage sending limits and gradually increase sending volume.
- Monitor Reputation: Continuously monitor your IP reputation and address any issues promptly.
- Avoid Spam: Adhere to email sending best practices to avoid being flagged as spam.
Technical article
Documentation from Microsoft explains that they block senders based on various factors, including IP reputation, spam complaints, and sending volume. If an AWS IP range is consistently sending unwanted email, Microsoft may block the entire range to protect its users from spam and phishing attempts.
16 Nov 2023 - Microsoft Outlook Postmaster
Technical article
Documentation from AWS notes that new AWS SES accounts have default sending limits and a limited IP reputation. Microsoft may automatically block emails from AWS if these factors are not properly managed, or are perceived as spam-like activity.
25 Nov 2022 - AWS SES Developer Guide
Are there email sending issues with AWS?
How can I improve email deliverability with Microsoft and avoid spam filters?
How can I improve my sender reputation and inbox placement with Microsoft?
How can I remove my IP from the Microsoft block list when using Digital Ocean for sending emails and what are the alternative ways to validate emails?
How do I contact Microsoft about email deliverability issues for B2B clients?
How do I get my emails out of spam for Hotmail and Outlook?
