When @hotmail.com mail is blocked with SPFBL check blocked, the issue is usually transport path reputation, not sender legitimacy.
1) Evidence collection in Exim logs
H=gateway-out.servidor-antispam.com [45.xx.xx.x] rejected RCPT <user@target.com>: SPFBL check blocked.Commands used:
tail -f /var/log/exim_mainlog | egrep -i "spfbl|rejected RCPT|hotmail|outlook"
grep -i "gateway-out.servidor-antispam.com" /var/log/exim_mainlog | tail -n 2002) Validate destination routing
exim -bt user@target.comIf it resolves locally, the problem is inbound relay reputation rather than local route configuration.
3) Why Hotmail can still arrive from a third-party relay
Common production patterns:
- corporate outbound smarthost
- anti-spam relay layer
- custom SMTP policy routing
- shared relay pool with variable reputation
4) Root cause
The final delivery hop had poor SPFBL reputation, so RCPT rejection happened before local delivery.
5) Remediation applied
In WHM Exim access lists, allow trusted relay hostname pattern:
*.servidor-antispam.comValidate DNS policy path:
dig +short MX target.com
dig +short TXT hotmail.comPost-fix checks:
grep -i "spfbl" /var/log/exim_mainlog | tail -n 200
exim -bp | head -n 506) Why I avoided simplistic IP-only allowlist
Relay pools rotate IPs. Hostname-based scoped trust is more durable than single-IP exceptions in this operational model.
7) Recurrence controls
- daily SPFBL log watch
- periodic whitelist review
- relay provider reputation governance
- ticketed exception documentation
SPFBL check blocked in Hotmail/Outlook scenarios often reflects relay-path reputation. Route-aware troubleshooting and controlled hostname allowlisting provide stable remediation.
This post is licensed under CC BY-NC.
Comments
Join the discussion below.
Comments are not configured yet. Add Cusdis settings in /assets/json/config/blog-comments-config.json.