Issues Sending Emails from @netcabo.pt — DKIM Failure Due to Domain Misconfiguration

Question

Hello Microsoft Q & A,  

 

I’m writing on behalf of multiple users affected by a persistent issue impacting legacy email addresses with the @netcabo.pt domain (formerly managed by the Portuguese ISP NOS, now hosted on Microsoft infrastructure).  

 

📌 Issue Description:  

Since mid-June 2025, users with active @netcabo.pt email addresses have been unable to send emails via Outlook or other clients. All messages fail to send and bounce back with errors related to DKIM (DomainKeys Identified Mail) validation failure.  

Error examples include: 

“DKIM authentication failed” 

“Message not sent: 550 5.7.1 Unauthorized sender”  

Receiving works fine — only sending is broken.  

 

🔧 Technical Diagnosis:  

After direct contact with Microsoft Support, several users (including myself) have received consistent answers:  

The issue is caused by missing or misconfigured DKIM records on the domain netcabo.pt  

Microsoft does not manage DNS records for third-party domains  

Only the domain owner (NOS) can create or update DKIM-related CNAME/TXT records  

This aligns with the standard DKIM implementation model:  

Microsoft can generate DKIM keys and provide DNS instructions, but the domain owner must publish them in their DNS zone (via their registrar).  

 

⚠️ Ongoing Problem:  

NOS, the ISP that still owns the domain netcabo.pt (DNS lookup confirms this — the domain redirects to their main site [nos.pt]), claims that they are not responsible, stating that the service was "migrated to Microsoft in 2014." They continue to redirect all affected users to Microsoft Support, even after multiple confirmations from Microsoft that the problem lies with NOS’s DNS.  

This leads to a deadlock:  

Microsoft Support says NOS must fix the DKIM configuration.  

NOS Support says the issue is "outside their scope" and refers users back to Microsoft.  

Users cannot send emails and are caught between two entities, with no resolution.  

 

✅ Request for Microsoft Community / Support Teams:  

We kindly request that Microsoft:  

Escalate this internally to any teams that work with ISP partnerships or domain-based services  

Confirm publicly that Microsoft cannot configure DKIM records for domains it does not own  

If possible, proactively reach out to NOS to clarify their responsibility and help resolve the issue  

This would help thousands of affected legacy users who still rely on @netcabo.pt accounts for personal or even professional use.  

 

Thank you for your time and support.  

Please let us know if any further details or diagnostics are needed.  

Best regards,  

Jorge C  

Portugal  

 

Answer 1

Hello Microsoft Q & A,  

 

I’m following up on my previous post regarding DKIM-related sending failures affecting @netcabo.pt email addresses. While Microsoft infrastructure now allows emails to be sent successfully, there is still a critical piece of authentication missing — DKIM remains inactive for this domain.  

 

📌 Current Status: Emails from @netcabo.pt (hosted on Microsoft infrastructure via MX record 2019102901.pamx1.hotmail.com) are no longer being rejected with 550 errors. Sending works across clients. However, all messages observed so far continue to lack DKIM signatures.  

 

🔍 Technical Findings: 

Outbound headers consistently show: dkim=none (message not signed) 

There is no DKIM-Signature: header in messages sent from the domain. 

DNS lookups for common DKIM selectors (e.g., default, selector1) at: *.domainkey.netcabo.pt return NXDOMAIN, meaning no DKIM records are published. 

Likewise, a DNS query for the expected DMARC record at _dmarc.netcabo.pt also returns NXDOMAIN, confirming that DMARC is not configured. 

 

⚠️ Why It Matters: While mail now sends properly, these messages: 

Have no cryptographic authentication (DKIM) 

Lack a DMARC policy to instruct recipients on handling spoofed messages 

Rely solely on SPF, which does not survive email forwarding 

This impacts email deliverability, trust, and leaves users vulnerable to impersonation.  

 

 🧭 Ongoing Gap: 

Microsoft has the infrastructure and keys to enable DKIM, but cannot sign emails unless the domain owner (NOS) publishes the proper DNS records. 

NOS continues to deflect support requests and refer users back to Microsoft. 

Affected users remain in limbo — sending works, but security and compliance remain broken. 

 

✅ Request for Microsoft Community / Support Teams:  

We kindly ask that Microsoft: 

Confirm publicly that DKIM remains inactive for netcabo.pt 

Clarify whether there is any escalation path or workaround when the DNS owner is unresponsive 

Consider re-engaging with NOS (domain holder) to help resolve the deadlock, if possible 

 

Thank you again for your time and commitment to supporting legacy users of the @netcabo.pt domain. I’m happy to provide email headers, DNS results, or further tests upon request.  

Best regards,  

Jorge C  

Portugal  

  Hello Microsoft Q & A,  

 

I’m following up on my previous post regarding DKIM-related sending failures affecting @netcabo.pt email addresses. While Microsoft infrastructure now allows emails to be sent successfully, there is still a critical piece of authentication missing — DKIM remains inactive for this domain.  

 

📌 Current Status: Emails from @netcabo.pt (hosted on Microsoft infrastructure via MX record 2019102901.pamx1.hotmail.com) are no longer being rejected with 550 errors. Sending works across clients. However, all messages observed so far continue to lack DKIM signatures.  

 

🔍 Technical Findings: 

Outbound headers consistently show: dkim=none (message not signed) 

There is no DKIM-Signature: header in messages sent from the domain. 

DNS lookups for common DKIM selectors (e.g., default, selector1) at: *.domainkey.netcabo.pt return NXDOMAIN, meaning no DKIM records are published. 

Likewise, a DNS query for the expected DMARC record at _dmarc.netcabo.pt also returns NXDOMAIN, confirming that DMARC is not configured. 

 

⚠️ Why It Matters: While mail now sends properly, these messages: 

Have no cryptographic authentication (DKIM) 

Lack a DMARC policy to instruct recipients on handling spoofed messages 

Rely solely on SPF, which does not survive email forwarding 

This impacts email deliverability, trust, and leaves users vulnerable to impersonation.  

 

 🧭 Ongoing Gap: 

Microsoft has the infrastructure and keys to enable DKIM, but cannot sign emails unless the domain owner (NOS) publishes the proper DNS records. 

NOS continues to deflect support requests and refer users back to Microsoft. 

Affected users remain in limbo — sending works, but security and compliance remain broken. 

 

✅ Request for Microsoft Community / Support Teams:  

We kindly ask that Microsoft: 

Confirm publicly that DKIM remains inactive for netcabo.pt 

Clarify whether there is any escalation path or workaround when the DNS owner is unresponsive 

Consider re-engaging with NOS (domain holder) to help resolve the deadlock, if possible 

 

Thank you again for your time and commitment to supporting legacy users of the @netcabo.pt domain. I’m happy to provide email headers, DNS results, or further tests upon request.  

Best regards,  

Jorge C  

Portugal  

 

Answer 2

Hi everyone, just wanted to share a quick update about the @netcabo.pt situation.

Good news first: sending emails finally works again. No more “550 Unauthorized sender” errors. But there’s still a problem that hasn’t gone away behind the scenes.

Right now, emails sent from @netcabo.pt are still not being DKIM signed. That means they aren’t cryptographically verified. I’ve double-checked a bunch of test messages. None of them have a DKIM-Signature header, and the headers all say dkim=none.

I also ran DNS lookups for the usual DKIM selectors like default and selector1, and none of them exist under *.domainkey.netcabo.pt. The DMARC situation is similar. _dmarc.netcabo.pt returns NXDOMAIN, so it looks like there’s no policy published at all.

The domain’s mail still routes through Microsoft servers (2019102901.pamx1.hotmail.com), so I know the delivery chain. But even with working SPF, the lack of DKIM and DMARC means these messages are less secure and more likely to be flagged by spam filters, especially when forwarded or inspected by strict providers like Gmail or Yahoo.

It’s been confirmed before that Microsoft can’t DKIM sign unless NOS publishes the right DNS records. But NOS keeps pointing users back to Microsoft. So it feels like we’re stuck again, just more quietly this time.

If anyone from Microsoft is watching this thread, could you please

• Confirm whether @netcabo.pt messages are still being sent without DKIM

• Suggest any workaround for users if the DNS owner remains unresponsive

• Or maybe even reengage NOS to get this resolved for good

Thanks again for your help and for everyone here who’s been sharing info. Happy to provide headers or DNS results if it’s useful.

Morpheus Ziplon