mails fom my mailserver go to spam folder of hotmail.com

Question

I set up a mail server with dovecot/postfix on a debian server. I don't send commercial mail or newsletters. We are only 4 users and nobody send SPAM. We only send classical mails (no large pictures or to many links). We just use it to communicate.
I do a lot of search on the internet to be sure my server is configured correctly.
I configured DKIM, DMARC or SPF (sender ID) records to my DNS and test them with some online services. I also configured rDNS. I try many website like mxtoolbox or mail tester like check-auth@verifier.port25.com and everything seems to be OK

==========================================================
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   neutral
DKIM check:         pass
DKIM check:         pass
Sender-ID check:    pass
SpamAssassin check: ham

==========================================================
Details:
==========================================================

But when I send mail to hotmail.com (it's ok for gmail or yahoo) they go to spam folder.

Source of the mail in hotmail :

x-store-info:4r51+eLowCe79NzwdU2kR0zqpsRfiBoyfFIyamYaTKuJXFW11IA+TxwYKgBCKoLj3VA936YFMVKtQLWjufbx/jkrlwmfFEprWdNKkyT50jZL5QKpm4l9xtpGVUwypPvAGXuJZ0/umKs=
Authentication-Results: hotmail.com; spf=pass (sender IP is 198.245.50.159; identity alignment result is pass and alignment mode is relaxed) smtp.mailfrom=mymail@abrizero.fr; dkim=pass (identity alignment result is pass and alignment mode is relaxed) header.d=abrizero.fr; x-hmca=pass header.id=mymail@abrizero.fr
X-SID-PRA: mymail@abrizero.fr
X-AUTH-Result: PASS
X-SID-Result: PASS
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: 11chDOWqoTm9aq6IDhpB2NaGUeTF9TkLYMgPTDjUr0j8JxAp8gKIkD4qNyqxvvO6sJQb9/Y2vS/OVSxjMuGJj+9t4sB/V1RdLlalDlx5hXUDVIE/Z+9L2P/iy9oGGjw1ppP+bZUkWf4gfhcVRxn62qTUa3eUFFmjfyq8TuyfYnQJEZw3RRrJAegwLnzWJqkFwxbTtO+2U6eiqHvET+RzSNpNp0uvgFsyY1KRelhdu1I=
Received: from mail.abrizero.fr ([198.245.50.159]) by SNT004-MC2F45.hotmail.com with Microsoft SMTPSVC(7.5.7601.23143);
     Tue, 28 Jun 2016 05:34:15 -0700
Received: from localhost (mail.abrizero.fr [127.0.0.1])
    by mail.abrizero.fr (Postfix) with ESMTP id 9897043727
    for <myuser@hotmail.com>; Tue, 28 Jun 2016 14:34:14 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.9.2 mail.abrizero.fr 9897043727
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=abrizero.fr; s=dkim;
    t=1467117254; bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
    h=To:From:Subject:Date:From;
    b=EHmu3RyH9SzdnUiDwcOGLFk9veSBga018jARxFvisSqlgfvMRdbQugC8vxEcr/t9+
     xH9mT4OO/KyKM9hePhoxSZJDmN36JDPZuJRVG50KscQV7euD/rCZatiNXK5+7TEz8p
     liE+A2NeL40C7qeWsb7TCORgKY99/LtpODQZ7JFUUcqkaHEukf+CI97CWnWdzNyx2c
     VXs/IQCu2Jc67iKe5kfeaS0DvAopOKXJ+bkZMq50/9+VPqm0z3dI8sDWV1gacDJXAV
     DOJFSBA6HhZ+uAzCw0pj6CpscvT6JyYl9XNnj0CAKUTxsF17jp6OViFg4DqW/F56jo
     Ec6XY7RrrvJ0A==
X-Virus-Scanned: Debian amavisd-new at abrizero.fr
Received: from mail.abrizero.fr ([127.0.0.1])
    by localhost (serveur.abrizero.fr [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id tk8ikJGiq-nl for <myuser@hotmail.com>;
    Tue, 28 Jun 2016 14:34:14 +0200 (CEST)
Received: from [192.168.30.27] (LMontsouris-657-1-182-72.w82-127.abo.wanadoo.fr [82.127.235.72])
    by mail.abrizero.fr (Postfix) with ESMTPSA id EC2E543726
    for <myuser@hotmail.com>; Tue, 28 Jun 2016 14:34:13 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.9.2 mail.abrizero.fr EC2E543726
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=abrizero.fr; s=dkim;
    t=1467117254; bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
    h=To:From:Subject:Date:From;
    b=EHmu3RyH9SzdnUiDwcOGLFk9veSBga018jARxFvisSqlgfvMRdbQugC8vxEcr/t9+
     xH9mT4OO/KyKM9hePhoxSZJDmN36JDPZuJRVG50KscQV7euD/rCZatiNXK5+7TEz8p
     liE+A2NeL40C7qeWsb7TCORgKY99/LtpODQZ7JFUUcqkaHEukf+CI97CWnWdzNyx2c
     VXs/IQCu2Jc67iKe5kfeaS0DvAopOKXJ+bkZMq50/9+VPqm0z3dI8sDWV1gacDJXAV
     DOJFSBA6HhZ+uAzCw0pj6CpscvT6JyYl9XNnj0CAKUTxsF17jp6OViFg4DqW/F56jo
     Ec6XY7RrrvJ0A==
To: myuser@hotmail.com
From: My user<mymail@abrizero.fr>
Subject: test
Message-ID: <f721496b-536e-9320-4d8a-6dc5e8d90742@abrizero.fr>
Date: Tue, 28 Jun 2016 14:34:12 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.1.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Return-Path: mymail@abrizero.fr
X-OriginalArrivalTime: 28 Jun 2016 12:34:15.0152 (UTC) FILETIME=[619DAF00:01D1D139]

test

I checked this link and tried to request to Microsoft to get delisted, and here is the answer :

Not qualified for mitigation
198.245.50.159
Our investigation has determined that the above IP(s) do not qualify for mitigation.

Please ensure your emails comply with the Outlook.com policies, practices and guidelines found here: http://mail.live.com/mail/policies.aspx.

Can someone say what I do wrong? Thanks and sorry for my bad english.

---

Here is the copy/past of the view source of the mail from outlook.com (I only modify mail adress, the domain and the IP are corrects):

x-store-info:4r51+eLowCe79NzwdU2kR0zqpsRfiBoyfFIyamYaTKsszvJqeTmA1oDOSerPetY4Y+KA0YGPpa+z2efSdp/c80IoyLfBNci87Rrl5Ltu6lTYfa2qaaLiKfM3r3BBc1ARdHHmX7ZWFS0=
Authentication-Results: hotmail.com; spf=pass (sender IP is 198.245.50.159; identity alignment result is pass and alignment mode is relaxed) smtp.mailfrom=my.user@abrizero.fr; dkim=pass (identity alignment result is pass and alignment mode is relaxed) header.d=abrizero.fr; x-hmca=pass header.id=my.user@abrizero.fr
X-SID-PRA: my.user@abrizero.fr
X-AUTH-Result: PASS
X-SID-Result: PASS
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: 11chDOWqoTlbU18rZ0IEh2dgqubGwztE1XuvyAhnDCB1YZy8lToS+TowRWQaBpEvB+q48xsIRWulZWhAVCFLhNtlxdfBoVLbcMPjD8yBD9nojwy5LF7W/0B79KoglhycUh6zai3uKGvKKfpw+VaPZbMGwamAxC4dFazfJ5zE5NDgX0oT9NqCHvC+Y/4YZyL6emeGoECyYTnguubvcrgkpDFwxrFV2SIBgiWkWFdZoys=
Received: from mail.abrizero.fr ([198.245.50.159]) by SNT004-MC2F18.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143);
     Tue, 28 Jun 2016 12:10:28 -0700
Received: from localhost (mail.abrizero.fr [127.0.0.1])
    by mail.abrizero.fr (Postfix) with ESMTP id ACE124373B
    for <myuser@hotmail.com>; Tue, 28 Jun 2016 21:10:27 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.9.2 mail.abrizero.fr ACE124373B
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=abrizero.fr; s=dkim;
    t=1467141027; bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
    h=To:From:Subject:Date:From;
    b=puH1K4jTTKf9b2c4Vwit69JOVr1EpbCKdGnf2cAsUoqK2bgD0699k+Xu5Q6YXDhXG
     jRh9Mot0qejjswkdvqNDEGm6SRL5M0Vr/znI5EATQ6Mr05B+qnBuo1miW9ClLtIQya
     pNK0SYdwdeLj2XYoOURd8EtMCATaP4Op1SJ8aqvv9qVgUrKlQ9imX6nhOjRCisz5P/
     itx/iHe8vXsLYnZLjhtpS6Um0eAWLjbrZqvmWJIwp0FNGVhbsypLInJbAdOOeSbneN
     +D53noZ1o7+YS4S0Vn9jTu05HNIN9JxpkoJ5N4iQLwgrF3c65caTd8DzQlQwFbM+oL
     aT2CzAHDjPB+Q==
X-Virus-Scanned: Debian amavisd-new at abrizero.fr
Received: from mail.abrizero.fr ([127.0.0.1])
    by localhost (serveur.abrizero.fr [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id qqGquWMRWOv6 for <myuser@hotmail.com>;
    Tue, 28 Jun 2016 21:10:27 +0200 (CEST)
Received: from [192.168.0.15] (gas45-4-88-166-142-29.fbx.proxad.net [88.166.142.29])
    by mail.abrizero.fr (Postfix) with ESMTPSA id D1F084373A
    for <myuser@hotmail.com>; Tue, 28 Jun 2016 21:10:26 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.9.2 mail.abrizero.fr D1F084373A
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=abrizero.fr; s=dkim;
    t=1467141027; bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
    h=To:From:Subject:Date:From;
    b=puH1K4jTTKf9b2c4Vwit69JOVr1EpbCKdGnf2cAsUoqK2bgD0699k+Xu5Q6YXDhXG
     jRh9Mot0qejjswkdvqNDEGm6SRL5M0Vr/znI5EATQ6Mr05B+qnBuo1miW9ClLtIQya
     pNK0SYdwdeLj2XYoOURd8EtMCATaP4Op1SJ8aqvv9qVgUrKlQ9imX6nhOjRCisz5P/
     itx/iHe8vXsLYnZLjhtpS6Um0eAWLjbrZqvmWJIwp0FNGVhbsypLInJbAdOOeSbneN
     +D53noZ1o7+YS4S0Vn9jTu05HNIN9JxpkoJ5N4iQLwgrF3c65caTd8DzQlQwFbM+oL
     aT2CzAHDjPB+Q==
To: my user <myuser@hotmail.com>
From: "my.user@abrizero.fr" <my.user@abrizero.fr>
Subject: test
Message-ID: <0b1da694-7eb2-785f-5a28-e9085993c1a7@abrizero.fr>
Date: Tue, 28 Jun 2016 21:10:25 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.1.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Return-Path: my.user@abrizero.fr
X-OriginalArrivalTime: 28 Jun 2016 19:10:28.0942 (UTC) FILETIME=[BBE626E0:01D1D170]

test

This mail was sent from thunderbird but opened from outlook.com website (it says that SmartScreen marked it as spam).
thanks

Pete : and they won't expand on the specific reason?

Here is the mail

Dear My User

We have completed reviewing the IP(s) you submitted. The following table contains the results of our investigation.

Not qualified for mitigation
198.245.50.159
Our investigation has determined that the above IP(s) do not qualify for mitigation.

Please ensure your emails comply with the Outlook.com policies, practices and guidelines found here: http://mail.live.com/mail/policies.aspx.

To have Deliverability Support investigate further, please reply to this email with a detailed description of the problem you are having, including specific error messages, and an agent will contact you.


Regardless of the deliverability status, Outlook.com recommends that all senders join two free programs that provide visibility into the Outlook.com traffic on your sending IP(s), the sending IP reputation with Outlook.com and the Outlook.com user complaint rates.

Junk Email Reporting program (JMRP) When an Outlook.com user marks an email as "junk", senders enrolled in this program get a copy of the mail forwarded to the email address of their choice. It allows senders to see which mails are being marked as junk and to identify mail traffic you did not intend to send. To join, please visit http://support.msn.com/eform.aspx?productKey=edfsjmrpp&page=support_home_options_form_byemail&ct=eformts.

Smart Network Data Services program (SNDS). This program allows you to monitor the ‘health’ and reputation of your registered IPs by providing data about traffic such as mail volume and complaint rates seen originating from your IPs. To register, please visit http://postmaster.live.com/snds/.

There is no silver bullet to maintaining or improving good IP reputation, but these programs help you proactively manage your email eco-system to help better ensure deliverability to Outlook.com users.

Thank you,

Outlook.com Deliverability Support

I read this on SNDN website : Be aware that mail traffic and spam data may not be present for IPs which sent less than 100 messages on the given day.
We are 4 users at this time and maybe 15 when the server will finaly be on production environement so we will never send 100 mails a day to microsoft mailservers ...

Answer 1

Assuming that you have set up SPF, DKIM, rDNS and that you are not blacklisted, your only options is Microsoft Smart Network Data Services.

No kidding. That is official MS's program for registering responsible person (administrator) for IP address on which mail server runs. That way you can observe and review status of IP address of your mail server.

MS has a system of building and tracking IP reputation. Even if your IP address has never sent any spam message, it might be considered to have no reputation - and be sent to spam folder. The ones with bad reputation are being rejected within SMTP handshake level and they don't even get to spam folder. Yes, Microsoft is crazy rigid about what they consider and how they treat spam.

Answer 2

The headers you posted don't really look like Hotmail Headers. Can you log into hotmail online not through thunderbird and grab the headers from the actual email. They normally contain all the codes to tell you why it's going to spam. I did check your IP at Symantec and it was clean (sometimes that's the culprit for Hotmail issues).

You also might have a certificate issue, but I don't think this is the reason why, some online tools are showing their's an issue with the 3rd cert in your chain. You can use a more complete Mail Tester to get a better look at configuration issues, it also test for SSL issues too.

But post the hotmail headers from Outlook Online..

My Observations.

1. Your DKIM is signed twice, what's causing that?
2. Also sign it with relaxed/relaxed not simple/simple
3. Your FROM is signed twice (Just sign it once, no need to sign it twice), that causes problems with some DKIM Validators.
4. I don't see the ForeFront/exchange scans in your headers to hotmail - Every email I have in my outlook box has those scans in it.
5. You also don't have an abuse account set up.

Microsoft Specific Headers (That are missing from your post) - View Message Source (on outlook.live.com) - Why are these missing from your email? Something doesn't seem right.

X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(8291501002);SRVR:BL2NAM02HT243;
X-MS-Exchange-Organization-PCL: 2
X-Forefront-Antispam-Report: EFV:NLI;SFV:NSPM;SFS:(38900001);DIR:INB;SFP:;SCL:1;SRVR:BL2NAM02HT243;H:COL004-MC5F29.hotmail.com;FPR:;SPF:None;CAT:NONE;LANG:en;CAT:NONE;

Answer 3

Doing an ARIN lookup of your IP, it looks like it's coming from a provider that offers cloud hosting services.

It seems pretty standard for Cloud hosting providers to get blacklisted simply because of how often IP addresses can change hands and how easy it is for instances to send Spam. Mail services end up black listing the entire hosting provider's block.

I ran into something like this trying to host e-mail on AWS. I presume this is precisely why Amazon released SES https://aws.amazon.com/ses/.

You might need to try an SMTP service to send e-mail through.