You or your customer is sending an email to a Microsoft emailservice (Outlook, Live, Hotmail, Office 365) but the Microsoftservers are refusing the email. We are assuming that you are not sending spam and thus that Microsoft should just have accepted that email.
The issue is that the sender gets something like this resoponse:
firstname.lastname@example.org: host hotmail-com.olc.protection.outlook.com [18.104.22.168] said:
550 5.7.1 Unfortunately, messages from [22.214.171.124] weren't sent.
Please contact your Internet service provider since part of their network
is on our block list (AS3150). You can also refer your provider to
[BN3NAM04FT035.eop-NAM04.prod.protection.outlook.com] (in reply to MAIL
What's so special about this situation is that Microsoft is refusing the email, and telling you to ask your provider why they did. I other words, they've ductaped the mailbox shut, and tell you to ask the mailman why they did that. To save everybody some time whilst working around Microsofts lack of competence, here are some tips that might
You can easily enable DKIM in Kerio. Go to the domain you want to enable it for. Check the box for DKIM and publish the DKIM public key in DNS. It can take some time before Kerio feels that DNS is in order before actually signing messages. So check again tomorrow. As of now, outgoing messages will be signed which enables the recipient to check if this server is allowed to send email for this domain.
SPF is a record in DNS which tells the rest of the world which IP addresses are allowed to send email for your domain. When you are using Kerio, you can usually point it at your Kerio mailserver like so:
v=spf1 mx a -all
You can generate your own SPF records at https://www.spfwizard.net/
DMARC is a TXT record dat defines what a receiving mailserver should do when DKIM and SPF fails.
An example of a valid DMARC TXT record for the domain tuxis.nl:
|alias||Type ||Value||Time to live|
|_dmarc.tuxis.nl. ||TXT||"v=DMARC1; p=quarantine; pct=100; rua=mailto:email@example.com" ||3600|
Don't send SPAM
Obviously, that helps.
Hotmail/Outlook.com/Office365 users can do something
Ask recipients to complain at Microsoft, the causer of this issue.
Report your mailserver at Microsoft
You can ask Microsoft to remove you of a list that they themselves cannot acknowledge it exists. You can do so via https://support.microsoft.com/nl-nl/getsupport?oaspworkflow=start_126.96.36.199&wfname=capsub&productkey=edfsmsbl3&locale=nl-NL
This might help, or it might not, and for some time, but nobody knows for how much time.
The first respond will be: You will not be mitigated. Just reply at that mail and ask why. Next you will receive an email that says you are mitigated.
And if all of that doesn't help?
If this all fails to enable you to send emails to a Microsoft service, there is nothing else you can do except advise the recipients to complain at Microsoft or make them buy emailservices elsewhere. And ofcourse, keep filling in the mentioned form. The email not arriving is not your fault, it is Microsofts. You are not the only one with this issue, lots of people are having this issue. Contacting Microsoft will most likely result in 'Please signup for Microsoft Junk Email Program' and 'Fill in this form', which is the form mentioned above.