How to confirm if your IP address is blocked by Exchange Online Protection (EOP)

Wednesday, January 11, 2017
Exchange Online Protection uses several mechanisms to protect the service and its customers from receiving spam from known bad or suspicious IP addresses. This article explains how to check if the public IP address used by your messaging server is on the EOP Anti-Spam IP List, and how to remove it if it is.

This is especially important to do for Office 365 hybrid customers, since the on-premises Exchange servers will need to send SMTP emails to cloud users via EOP. I always do this before I begin a hybrid deployment.

From a web browser go to the Office 365 Anti-Spam IP Delist Portal (https://sender.office.com).

Step 1: Enter a valid email address to receive a verification email to complete the check, and enter the public IP address of the messaging server you want to check. You can use a service like WhatIsMyIPAddress.com from the messaging server to determine your public IP. Enter the captcha characters and then click Submit.

Office 365 AntiSpam IP Delist Portal

You will receive an email with the subject Microsoft Office 365 Delisting Service where you need to click a link to confirm your email address. This link is valid for about 10 minutes. If you wait longer than that, you'll need to start over. The email is sent almost immediately, so if you don't see it in your Inbox within a minute, check your junk mail.

Click to confirm your email address


Step 2: A new browser window will open to allow you to delist the IP address you entered in step 1. Click the Delist IP Address button.

Step 2: Delist IP Address



If the IP address is not on the blocked list, you'll see a message similar to the one below:

Step 3: The IP address is not currently blocked by EOP

If the IP address is blocked it will be submitted to be automatically delisted. The website says this takes about 30 minutes, but in practice I've seen it take up to 24 hours. You will not get a confirmation email when the IP address has been delisted. You'll need to re-run the test occasionally until you see that it's not blocked.

Step 3: The IP address is blocked, but will be delisted


The quick geek way to test if your IP address is blocked is to use the telnet client. From the messaging server, telnet to the EOP endpoint using port 25 and try to send an SMTP email. You can find your EOP endpoint using www.mxtoolbox.com. If your IP address is on the EOP block list you will see it after the RCPT TO command .  Here's an example of the telnet output:

Access denied
Here, you can see that the IP address is banned by EOP and instructions for removal.

550 5.7.606 Access denied, banned sending IP [x.x.x.x]. To request removal from this list please visit https://sender.office.com/ and follow the directions. For more information please go to http://go.microsoft.com/fwlink/?LinkID=526655 (AS16012609)


by at
Tags , , , , ,

No comments:

Post a Comment

Thank you for your comment! It is my hope that you find the information here useful. Let others know if this post helped you out, or if you have a comment or further information.

Subscribe to: Post Comments (Atom)