MS servers got blacklisted by "CYMRU BOGONS IPv6"

No. It has been a long road of troubleshooting and a case with premier support, but we found that apparently mxtoolbox just marks internal Microsoft servers on the ipv6 subnet as a blacklisted item, even though it turned out to be a red herring and not the issue itself.

Where we are now is, that we have found that at some point in June, Microsoft updated their EOP filtering with some adjustments to the AI or machine leaning, as they really don't want to call it AI. When they did this, it picked up that we had a +all in our SPF record, instead of a ~all or -all. (We had that in place for some systems we allowed to send on our behalf, but did not have a SPF record created for and it had been in place for years.) When they made that change with their AI, it just had a problem with that and so far, we have been able to prove that is the working theory, we are just stuck on getting premier support to analyze the codes within an extended message trace to identify whatever it didn't like specifically, so we can get it in writing and present it to our top brass as to why we had a disruption for the last 3 months.

That is our working theory at this time and may change, but we have done enough testing on this that we believe that was what occurred. And for others reading this, we know +all is not recommended, we just had some older systems not updated and it was on the to-do list, as to why it was there. We are currently going with softfail and just dealing with that, rather than other messages landing in someone's junk for now, until we can get all of those other systems in our SPF or decommissioned.

Did this ever get resolved for you? I have now found myself in the same situation. The source server that is sending mail from the 365 environment is the one that is blacklisted and everything else is good after it leaves 365. We are hybrid and currently still route mail back on premise, before going out through our spam filter, which is used as the smart host and our messages are going to junk. I have reached out to Microsoft with a ticket and they state that they could not remove it, but also contacting http://www.team-cymru.org/Services/Bogons/ was even less helpful.

Please reply if you were able to get yourself removed, I'd really appreciate it.

Hello Eben-Ezer Tres,

The problem is opposite. My colleagues are sending emails from corporate email, which is served by Outlook/Microsoft 365/Exchange (idk how you call it properly). When the end user with Yahoo account received the email, he got it in spam folder.

So email is sent from Outlook to Yahoo. Analyzing raw message on Yahoo end, gave me an relay IP which is blacklisted in "CYMRU BOGONS IPv6". So I can't follow the instructions from above.

Please check related tasks, they have almost exactly the same issue, but they were forwarded to support team, but in my Exchange Admin panel there is only one support option - Community support.

Raw headers:

For privacy 

Unfortunately, I'm having similar issues as well now for about one week. This IP "fe80::6aaf:5473:1fc1:8dc4" from Microsoft is on the same blacklist so all of our emails being sent to Gmail/GSuite are being blocked as potential spam. Even when sending to Yahoo emails, they're going straight to spam folder now.

Anyone find some magical solution to this? If not, does it eventually clear on its own? I'd imagine being on the blacklist isn't a permanent thing. Your input is appreciated!

Hey Ian, sadly no. I haven't gotten myself removed from the Bogon's blacklist.

I just accepted the fate :D I think it's bad nature of centralised mail exchange such as office 365, sns etc. Some of Microsoft's clients at some point of time will try to send bad/spam emails and as a result they will blacklist the used ip :( Sadly, I think it's impossible to avoid ever. The solution might be to host your own mail server, but it comes with tons of other cons.

Contacting Bogon didn't help. Thanks for pinging.