Why does this particular message get delivered to the Junk mail of hotmail users?

Question

I manage various servers that send and receive email at various levels. Mostly I use Sendmail on FreeBSD machines.

I'm having problems in delivering to Hotmail users and apparently more in general anyone that makes use of microsoft based antispam filters (I could be wrong here... it's my feeling).

Here are the headers of an email that was delivered to the Junk mail folder of a hotmail user. It was sent from a server of mine.

Received: from BL2NAM02HT013.eop-nam02.prod.protection.outlook.com
 (10.172.93.15) by MWHPR11MB1775.namprd11.prod.outlook.com with HTTPS via
 MWHPR1601CA0005.NAMPRD16.PROD.OUTLOOK.COM; Thu, 8 Feb 2018 10:09:59 +0000
Received: from BL2NAM02FT033.eop-nam02.prod.protection.outlook.com
 (10.152.76.55) by BL2NAM02HT013.eop-nam02.prod.protection.outlook.com
 (10.152.77.51) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.444.13; Thu, 8
 Feb 2018 10:09:59 +0000
Authentication-Results: spf=pass (sender IP is 148.251.12.94)
 smtp.mailfrom=gmartandmusic.com; hotmail.com; dkim=pass (signature was
 verified) header.d=gmartandmusic.com;hotmail.com; dmarc=pass action=none
 header.from=gmartandmusic.com;
Received-SPF: Pass (protection.outlook.com: domain of gmartandmusic.com
 designates 148.251.12.94 as permitted sender)
 receiver=protection.outlook.com; client-ip=148.251.12.94;
 helo=mail.europa.tuorlo.net;
Received: from mail.europa.tuorlo.net (148.251.12.94) by
 BL2NAM02FT033.mail.protection.outlook.com (10.152.77.163) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.20.444.13 via Frontend Transport; Thu, 8 Feb 2018 10:09:57 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:3155FEC5C9D2530E959B4E07187F7D85EAB207E86B21DBD388EE2E71D188C39C;UpperCasedChecksum:68C64367B668FDE28564CAAC7801A9DF0B763468DCDE2B54A67FCFB40608C4EF;SizeAsReceived:1418;Count:12
Received: from auth (mail.europa.tuorlo.net [148.251.12.111]) by mail.europa.tuorlo.net (8.15.2/8.15.2) with ESMTPSA id w18A9qi2063516
        (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
        for <yyyyyyyy@hotmail.com>; Thu, 8 Feb 2018 11:09:56 +0100 (CET)
(envelope-from xxxxxx@gmartandmusic.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmartandmusic.com;
s=europa; t=1518084596;
bh=Fw4LmErhAxOi/F7NxHoWyOX/LBhnx8rr2vjP9sF8wgs=;
h=From:Date:Subject:References:To;
b=smkwjTavx8NlQhBXyLGXWpLdYuPXc9qSqbkZ1DZJrnyLkNqUgfVkXmOtVGoC+Qzn9
Asn9V/Sb7EmPj6XJfnuXgTMtzz2pHb2J8oVY8t3A5ffO8k6V27k9yo/utNvmt8wuJX
Ozhyfn8CTmP6o1/Ak40QA5uwGuKSbEBWy/IyBYp+yPiyoWZ4r+LDTDGPwWUSVDrOD1
LjTCIwOtVvECw1OejxAe5aY+tluKjnEZIYEqawv8pSr3yznZJpdaDhuJF+3EtjtEBm
2iRsmG/tKzmZjQm5FQk66gZX4iwShAVgRPpxTmQ8bUR7qFR0sJ58F5iaOiXBi16bNc
ZU5m+VRtusqSQ==
From: AAAAAA BBBBBB <xxxxxx@gmartandmusic.com>
Content-Type: multipart/alternative;
boundary="Apple-Mail-89D34B6A-7702-4FBE-BCCD-41CBE90A98B6"
Content-Transfer-Encoding: 7bit
Date: Thu, 8 Feb 2018 04:09:52 -0600
Subject: Fwd: XXXXXX/XXXXXX/ MENORCA/ MAYO 2.021
Message-ID: <C8E45C6B-C6F6-43E9-A89F-511837A7ECFB@gmartandmusic.com>
References: <00A74997-678C-430C-89E0-F86081C7EF4D@infotelecom.es>
To: XXXX YYYY <yyyyyyyy@hotmail.com>
X-Mailer: iPhone Mail (15D60)
X-IncomingHeaderCount: 12
Return-Path: xxxxxx@gmartandmusic.com
X-MS-Exchange-Organization-Network-Message-Id: 35b1621c-5d7f-40d4-4ff6-08d56edc1ba6
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Microsoft-Exchange-Diagnostics: 1;BL2NAM02FT033;1:hnTtkDvat2snlgurDQUVhYHckuMJhexw7rK/nMMILQql/P1hj3ZYszrvHlCTQ+cJV7wsMPwXfvp32kBc7HmUnj25fk1jbqqyJBW31tz9XQUHomlZtr7nZ+WhdGFNNRb8
X-Forefront-Antispam-Report: EFV:NLI;SFV:NSPM;SFS:(98901004);DIR:INB;SFP:;SCL:1;SRVR:BL2NAM02HT013;H:mail.europa.tuorlo.net;FPR:;SPF:None;LANG:;
X-MS-Exchange-Organization-AuthSource: BL2NAM02FT033.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 35b1621c-5d7f-40d4-4ff6-08d56edc1ba6
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(5000109)(4604075)(4605076)(610169)(650170)(651021)(8291501071);SRVR:BL2NAM02HT013;
X-Microsoft-Exchange-Diagnostics: 1;BL2NAM02HT013;3:HFLkOvxb6v1otyVU+/4qGCI+fmLt/Wqog/HK8GHBqXEB3WB2/axCWD1jjLiZlE296Z8SYck6EVAxyuGrHKGKu1B4EME0OZmUxUyS5U8ekffZJkZPm02+XFw8rfWUEuJPbIKflo2V4k+kWwO9/pzmcZDyrTjVFNWzB7iqTt8fu3MFWaW0RBm+6+7xyqJPHnPjtvmvUer4Xgxr+GRqSrKS5rFeO5IV9HSY2oWsRz6VinE2HszPcTQnbjb1/fjxhwzDuZiKL2NFVi87Dngdx0jXBHTGyXnpi0LePdGJ6fKBRMrdCdrLT1C+IpB1N1A9iOGQ;25:vJ1cwnGFHXqKn2cvh2C4FZrvStWj3EMpztnpfl/Tjx4Qsa1NTyDBv3qV32gAKugMv61j+otmiaBwBt0bmOfZ03rGRrX7UcQ+rc7XTnyxkAJc0i8RoyrGn8AR8JeQ1mjXyWP1HXokKfC7yox6CzMk3JBjwYZMIA2tCOFf2XWDJcUKZa6j0qFX3SFJ0TzOU0zwh2M6o0l654csfZeRuacFF13XhDQjqtAVjhfquxN9zPuC/sHjNB/lG58SAcaQnPVdAGxmSaACqMy1PwpWNHog9db2n5d7Im8god9zgt46Js3HHOs5tYTQgapWXGqMB9542DS5MXeROtL3nKDJ0lZUQg==;31:xL0KY+h7mitOtfy4JrR1Ev3FihJLs0zekK/ska3dJvgZ2hENcSzd2szV5kYYrxOL0dDfHoUtWLwMdXQkICx5/TyUts4vNo1ZjX19LJEehfZLrJNIZ/aCw4Ay2U2BkVNFiOYsFAlTUfFUdfMFFI/Z8/SSkG5lP0sKEfMBgTBN/uvJ6NDqogj+3Wj2rTVw0xE5v36Lt+BhqEp7elVOFAsIEL5XT6lDuPrOM96JNLL5Lu8=
X-MS-TrafficTypeDiagnostic: BL2NAM02HT013:
X-MS-Exchange-EOPDirect: true
X-Sender-IP: 148.251.12.94
X-SID-PRA: xxxxxx@GMARTANDMUSIC.COM
X-SID-Result: PASS
X-MS-Exchange-Organization-PCL: 2
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(444111557)(2400082)(82015058);SRVR:BL2NAM02HT013;BCL:0;PCL:0;RULEID:;SRVR:BL2NAM02HT013;
X-Microsoft-Exchange-Diagnostics: 1;BL2NAM02HT013;4:Bc5X2fSq55q6XMZsvCFLE4oHXKXL5AZAhAZGBUeXJfY75ES2dSXErxmc7xoNzyLA16U6a91wm46mrzllh+DwD6td0a7B+FqqTkZLMfw1UxZf35JsXmDdyLpU63rwjc/T0E/8hyY0Uinuu/zpC269Zae7IhV06dz4dMG1ZUdQmLVCwcJfsYsuF1ycgLsaeea9rfe5VJ0vzJRF5Kjwsp6/45sIzfAvjaM1NRWN28XIqgeC9KzjkrGCDHNBssMNPHEC6ARImdxUfWfPCa7TGhaxDA==;23:9ce9ZtosrYf8R0AWrHrwrH6nHRFGA0RUmqVTj/4SCDE5RgcC0sMp0bKixp8n2AgXIuRTV0ZTuKiqzKOA4i1mY4GkGMtuv0WAzOfbRDl5bkTbY5gp6dkZeqxu3/4xTP+zGc4GK5P1di8jaB231YLNUMBN9aUczu5IbOzyc6vBd8o=;6:+MLQPaxRIfraFLgoX3JjZbUA7ZFjMzePdr6IsDt9SCRZq2vdH/0bYZjMD5UEXCaw1+3fuJ8BQ/hFtJ69ZDoqmJc+4N7GWBYUN5sbbUg24PDa1W9hTzCAr1Av9O0LjBN1E/cvgX+9prrdUy1eD2HRtHNzkP+WIQrsIq+KjxZPhT9ysksd1ZuGHwwyFq3aK4RUsIDdhPr7LXiMsJJpmfxRgWxdXWu7adqzd72kPr09ldQ72iQ+fTWazynvogcTifDSElpLyysFQOMTGRKp4udakmsMOzpPp20YFMC0lTmHX0oScTk5OH4w0i7UdFJCAo/ehU4/re8J9GE5InXHWHsCoV0ZpJUg5jNDKFw0u30Gesg=
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Antispam-Message-Info: OuQazSvupgp80LHlw+czkqj2YXRxJ0QBIScl742vWOMdG2wzIGCcvnjwKv0mn6syMbpUBIwG+3E6FEILAAZOWcoHrSb+2pS/S97ZcRjDKt4=
X-Microsoft-Exchange-Diagnostics: 1;BL2NAM02HT013;5:1vihEbjfm4w0pm8T51O74gHVNQvaejj6rpVyRG4bmX78g6gAUqueSkb52YX+h4H2briNVccbLvBzptKLfqWtiYr1MZhMdfhigOtMyzM/76B73XZSirNN/wko+wf6Ba2iWqJVDIL10irMj1ege5KuK7y4jgPRa/6Nos1NBF3CWg8=;24:y257repAHT3J5K+9FAz+ju5GwAeDT9Dy7y1za4bcm8wV0fE1SQxow6DM6Sjt9r8iP68AD+/kbyR1Yc704J/7b5Ed3XTILDAseHK2XJu96JQ=;7:ua5Dt7PMVmi84xiS1h9BtzyLl7QLi6JC+r1rU5YjsN1Gw1plKnJMMYZ2V/xYZc9/rG34Dima4cYTl/BjfzSz73BlnAwL31YsfOPIAIiZPGP3Xb24QluF+Ev2B1dXWk8ytql7skz5beXvN237wl4qxzhaZ1hZJrnr33llGEfjl6PN0PIvoJhO2WSwMZze7j46rMHzB2qDCkzcieGNXhpnIr1r/WCNt35vKz6wJHfhi+cfOfSCnjoU7Wgzdwr8U6bp
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Feb 2018 10:09:57.5256 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 35b1621c-5d7f-40d4-4ff6-08d56edc1ba6
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2NAM02HT013
X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.3696719
X-MS-Exchange-Processed-By-BccFoldering: 15.20.0485.002
X-Microsoft-Exchange-Diagnostics:
1;MWHPR11MB1775;27:44NdIk2HdVv/O8NpcZyQqTL8z9aaX2OM2n4+LxMT5Q/uFhT/kCDKFStN8D8BLF/slFIj5EQ4/+9TvCPMYrTSKknMgF0+VemHMyOmLboDCpjpHk+zI560m6NBXQT67cXm
X-Microsoft-Antispam-Mailbox-Delivery:
abwl:0;wl:0;pcwl:0;kl:0;iwl:0;dwl:0;dkl:0;rwl:0;ex:0;auth:1;dest:J;ENG:(400001000128)(400125000095)(5062000261)(5061607266)(5061608174)(4900095)(4920089)(6375004)(4950112)(4990090)(9140004);RF:JunkEmail;OFR:SpamFilterAuthJ;
X-Message-Info:
qoGN4b5S4yqCYaZhtdu4NotjTtV6S6AUSGN/bf9Z/EfhTJpB27DEs1qs/hyLYqvd0CepaM1Ig9vcfI2L/B8Bai8XajbnHGTRD8TogVmsnOlWHhYWUSIS0wwn4Z3RT9HkA8e0vBCZIU8qxvJhm98JrVDf7Gkw7ed4IoPDieNlaxJfZDCjjhDFl5D+iKF+xXIqqcoCHVTkN+834BwEpSP77Q==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Microsoft-Antispam-Message-Info:
Gjr7XNMmetzm1UAGg1+Q9ehieT3vn0z2N0AU3dtWtm1mapC5BN5/JpGtYnXwraRTPJQMhcwfeGXo7c/siYVtn9Ad0UkyNK53c1ho1uodzSzNv1wbnO4Pkw2skBfmrL8EXmNeSUggm/xsOVszQBGzH9IJQN4NMiaU+TXIDhno4YfqPtWEwKEhN0KKPSuJO2CTQXzieUWvBISGYTraBBqu03Pn3HF8yJMbzCCsXWsNrQtiy7JVGQeImnie9ShGYtTn2dgp5H641SfGwEaB9WRCVQ==
MIME-Version: 1.0

--Apple-Mail-89D34B6A-7702-4FBE-BCCD-41CBE90A98B6
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Microsoft-Exchange-Diagnostics:
1;MWHPR11MB1775;27:44NdIk2HdVv/O8NpcZyQqTL8z9aaX2OM2n4+LxMT5Q/uFhT/kCDKFStN8D8BLF/slFIj5EQ4/+9TvCPMYrTSKknMgF0+VemHMyOmLboDCpjpHk+zI560m6NBXQT67cXm
X-Microsoft-Antispam-Mailbox-Delivery:
abwl:0;wl:0;pcwl:0;kl:0;iwl:0;dwl:0;dkl:0;rwl:0;ex:0;auth:1;dest:J;ENG:(400001000128)(400125000095)(5062000261)(5061607266)(5061608174)(4900095)(4920089)(6375004)(4950112)(4990090)(9140004);RF:JunkEmail;OFR:SpamFilterAuthJ;
X-Message-Info:
qoGN4b5S4yqCYaZhtdu4NotjTtV6S6AUSGN/bf9Z/EfhTJpB27DEs1qs/hyLYqvd0CepaM1Ig9vcfI2L/B8Bai8XajbnHGTRD8TogVmsnOlWHhYWUSIS0wwn4Z3RT9HkA8e0vBCZIU8qxvJhm98JrVDf7Gkw7ed4IoPDieNlaxJfZDCjjhDFl5D+iKF+xXIqqcoCHVTkN+834BwEpSP77Q==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Microsoft-Antispam-Message-Info:
Gjr7XNMmetzm1UAGg1+Q9ehieT3vn0z2N0AU3dtWtm1mapC5BN5/JpGtYnXwraRTPJQMhcwfeGXo7c/siYVtn9Ad0UkyNK53c1ho1uodzSzNv1wbnO4Pkw2skBfmrL8EXmNeSUggm/xsOVszQBGzH9IJQN4NMiaU+TXIDhno4YfqPtWEwKEhN0KKPSuJO2CTQXzieUWvBISGYTraBBqu03Pn3HF8yJMbzCCsXWsNrQtiy7JVGQeImnie9ShGYtTn2dgp5H641SfGwEaB9WRCVQ==

The server is not blacklisted.

There are no reputation issues that I'm aware of.

The email just contained a simple threaded discussion between users.

We use SPF, DKIM and DMARC and they clearly all passed their respective checks from what I see in the headers.

Still it get's delivered in the Junk mail folder.

The email seems to be originated from an iphone and delivered to my sendmail based server. Then, on the hotmail side, it was apparently passed through an endless series of spam checks (judging by the redundancy of ms oriented antispam headers). They all agree it's not spam.

SFV:NSPM
SCL=1  
BCL:0
PCL:0
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM

The only one that seems to disagree is this last "X-Microsoft-Antispam-Mailbox-Delivery" that shows a cryptic:

RF:JunkEmail
OFR:SpamFilterAuthJ

I was not able to find any documentation pertaining these codes. OFR could be "Offending Rule"? I don't know but the simple lack of documentation and answers is very annoying. What am I supposed to do? Tell my corporate clients "I'm sorry you can't deliver to microsoft based users?".

Any clues? Any ideas?

Answer 1

Have you checked the current ip status with postmaster SNDS of hotmail ?

There you could see 3 colours for ur ip. Red/Yellow/Green. Try to see the current status and build your reputation.