Problem sending emails to HOTMAIL and OUTLOOK and other Microsoft Consumer Email Systems

Hello Bhanu Kalagara,

Welcome to the Microsoft Q&A and thank you for posting your questions here.

I understand that you are having issue sending mail to HOTMAIL and OUTLOOK and other Microsoft Consumer Email Systems.

This is direct-to-recipient SMTP delivery from an Azure VM/NAT public IP with insufficient or degraded reputation, which Microsoft consumer mail systems may reject even when SMTP connectivity exists. Azure explicitly recommends authenticated SMTP relay (TCP 587) for reliable delivery and IP reputation management, noting that external providers can reject mail sent directly from VM IPs.

Use the below resolution as best practice to resolve this:

• Stop sending directly from the blocked VM/NAT public IP and move outbound mail to an authenticated SMTP relay on port 587 (for example, Azure Communication Services Email SMTP). - https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-network/troubleshoot-outbound-smtp-connectivity https://learn.microsoft.com/en-us/azure/communication-services/quickstarts/email/send-email-smtp/smtp-authentication
• Submit a delisting request for the blocked IP at Microsoft’s delist portal so the IP can be re-evaluated (only if you still need to send from that IP). - https://learn.microsoft.com/en-us/defender-office-365/external-senders-mail-flow-troubleshooting
• Implement SPF, DKIM, and DMARC correctly and ensure alignment for the domain you use in the From address, as these signals materially affect acceptance and filtering. - https://learn.microsoft.com/en-us/defender-office-365/email-authentication-spf-configure, https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dkim-configure, https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure
• Warm up and stabilize sender reputation (avoid sudden volume spikes, keep bounce and complaint rates low) to prevent re-blocking after delisting or infrastructure changes. - https://learn.microsoft.com/en-us/defender-office-365/external-senders-mail-flow-troubleshooting, https://substrate.office.com/ip-domain-management-snds/postmaster/

After switching to an authenticated relay and completing email authentication (SPF/DKIM/DMARC), deliverability typically stabilizes because mail no longer originates from the blocked IP and authentication signals are verifiable end-to-end.

Use the below official resources for implementation details:

• Troubleshoot outbound SMTP connectivity in Azure (recommended relay on 587)
• Set up SMTP authentication for Azure Communication Services Email
• External senders troubleshooting & blocked IP guidance (incl. delist portal)
• Set up SPF for your domain
• Set up DKIM signing
• Set up DMARC (alignment + rollout)
• Outlook.com Postmaster: authentication expectations and enforcement notes

I hope this is helpful! Do not hesitate to let me know if you have any other questions, steps or clarifications.

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.

Hi @ Bhanu Kalagara,

Welcome to Microsoft Q&A Platform.

It looks like your SMTP IP (51.140.49.64) is being blocked by Microsoft’s consumer systems (Hotmail/Outlook) with an S3150 error. In other words, Microsoft has put that IP on a blocklist, so messages get bounced immediately. Here’s a checklist of things to try:

Request delisting

• Go to the Microsoft delist portal: https://sender.office.com/
• Submit your IP and follow the instructions.

Switch to an authenticated relay on port 587

• Azure blocks port 25 by default (unless you’re on an EA/MCA-E subscription with an exemption).
• Use Azure Communication Services’ SMTP relay or a third-party service like SendGrid. These keep your IP reputation healthy.

Verify network & DNS setup

If you must use port 25, confirm your subscription type and run the “Port25BlockedInsights” diagnostic in the Azure portal under your Virtual Network > Diagnose and solve > Cannot send email (SMTP-Port 25).
Check reverse DNS (PTR), SPF, DKIM, and DMARC for your sending domain. Microsoft often rejects mail if these aren’t correctly configured.

Reference docs:

1. Troubleshoot outbound SMTP on port 25: https://learn.microsoft.com/azure/virtual-network/troubleshoot-outbound-smtp-connectivity
2. Port 25 enablement for EA/MCA-E: https://learn.microsoft.com/azure/nat-gateway/troubleshoot-nat-connectivity#outbound-connections-on-port-25-are-blocked
3. Azure Communication Services SMTP relay: https://learn.microsoft.com/azure/communication-services/quickstarts/email/send-email-smtp/smtp-authentication
4. Microsoft 365 consumer delist portal: https://sender.office.com/
5. External senders troubleshooting (reverse-DNS, S3150, etc.): https://learn.microsoft.com/defender-office-365/external-senders-mail-flow-troubleshooting

Pleaseand “up-vote” wherever the information provided helps you, this can be beneficial to other community members.