Recently our mail server's reputation has been down rated by Hotmail, according to postmaster/live SNDS-service (from green to yellow and a single day in red). Therefore, me and my colleagues are now running a check of everything send from the mail server to see if all is in order: DKIM, SPF, DMARC, rDNS and so forth. Our mail server is not new, and have over the last 1,5 years had a fine reputation at Hotmail, and is still having a fine score by senderscore.org, ndswl.org and Gmail.

The mail server is sending e-mails on behalf of somewhat 20 different companies, which are using our customer relation system, as a part of our service. As I am now checking up on all the different companies’ domain reputation to figure out what is going on at Hotmail, I can see some of the domains are suffering.

Even though the SPFs, DKIMs and DMARCs mostly are set correctly for our specific mail server in the domains, some of the companies' DNS records are not set right for other mail servers, they use in their communication. (I believe it is not spammers who are abusing our customers’ domains, but probably a lack of attention to the importance of setting up the relevant DNS-records and certificates, by our customers).

Now my question is: Can the lower reputation of some of the companies' domains hurt our mail server's IP-reputation? - Taken that the DKIMs, SPFs, DMARCs and so on are set up correctly at the domains for our mail server? Generally, can a lower domain reputation hurt an IP reputation? - And does Hotmail use this in the calculation of an IP's reputation?

I sincerely hope not, since it will be a major issue to fix and very up the hill, with a dozen of companies' domains and different levels of attention to email delivery by the customers. But after all it is better to know, and then take some action to set it all up in a different way.

Thanks for reading.

  • Is your IP flagged, or is a domain flagged? – jrtapsell Sep 11 '17 at 10:51
  • At Hotmail I can only see the server level rank, and the IP are getting a warning there toward low score. Every other check I have done of the IPs reputation has been very high. But there is something about to be wrong, since Hotmail given us this warning. Some of the domains are ranked lower on Gmail, and I found errors i some of the SPF's regaring other mail servers. And one domain has a very low score and having one of their other mail servers blacklisted. – Anne hansen Sep 11 '17 at 11:02
  • 1
    Is this is the situation [Link](https://imgur.com/a/3p2Ft), with `Bad IP` having sent spam as `Bad Domain`? – jrtapsell Sep 11 '17 at 11:03
  • jrtapsell, yes, I think, that could be the image of it: Our mail server sends email on behalf of a domain with a correct DKIM, SPF og DMARC, but another mail server also sends from that domain with errors in DKIM and SPF, and are blacklisted. That is one of the error scenarios. – Anne hansen Sep 11 '17 at 11:12

1 Answers1


Based on the comments, it would seem the situation is like this:


As such, you should be ok, most providers would flag the IP, some may also flag the bad domain, but I haven't heard of a provider blocking other mailservers listed for a domain, otherwise the following attack would work:

  • Setup a fake domain
  • Setup a bad email server
  • Add bad server to your SPF record
  • Add the victim server to your SPF record
  • Send spam from the malicious server
  • Get the victim server blacklisted
  • 986
  • 1
  • 9
  • 15
  • jrtapsell, thank you very much for clearing that up, and for the illustation as well. That is a great help. I can see now, that this behavior of the recieving mail servers could be used to damage somebody, and in general would be horrible to maintain. We continue to look into our setting to determine what it is Hotmail don't like about our mail server at the moment. – Anne hansen Sep 11 '17 at 12:56