Gmail generally works fine. Outlook works too most of the time.
"Outlook Enterprise" is a mess that refuses email for no good reason. Sometimes it's because Microsoft's DNS resolvers are broken (and can't validate SPF/DKIM), sometimes it's because the mail server rewrites message headers and then tries to validate the signature (which fails, obviously).
Set up an embassy. Register your domain for Outlook, but don't really update the DNS (just add Outlook to SPF and DKIM to pass the validation, but don't change the MX). Then tell your MTA to send through Outlook servers when the destination is there (detecting this is a bit tricky), otherwise route normally.
I haven't really implemented this in production, but it worked for me one time as a proof-of-concept when I had an issue with disappearing mail - my message went through that time. Later it worked without any tricks, so I haven't bothered.
Sorry, nope. It was my own idea (to best of my memory, I haven't seen this anywhere else, so I think it was an original one), I've tried it out, it worked, but I never finalized it, nor wrote anything about it.
It wasn't anything complicated, though. I've just did the documented steps to set up Outlook with my own domain (not sure if that's a free option, I have MS365 subscription for Office apps), except that I made no changes that would disrupt my existing mail system - I've added to SPF and DKIM instead of setting/replacing them, and I haven't touched any MX records at all. Then I've just grabbed Outlook's SMTP details and sent a test email to my other test Outlook account via SMTP and it got delivered with my email address, which gave me a confirmation that my idea had actually worked. I haven't really updated my MTA to do the routing thing, as I was about to replace it anyway (I did since then, replaced Postfix with Maddy).
Maybe your domain isn’t on blocklists, but what about your IP?
Assuming you don’t send spam, the question of whether or not your IP is on blocklists is primarily a function of both how long you’ve had your IP address, and how well-behaved its neighboring IPs are.
For example I just tried checking[^1] the public IPv4 address of a VPS I’ve been managing for about a year. It’s never sent or received any email for at least as long as I’ve been using it, but it’s showing up on two blocklists![^2]
Surprisingly, my home IP address (which is a dynamic IP, in a pool of other residential IPs) is only on two blocklists[^3] as well. I would have expected more, because in my experience IPs known to be residential are almost always blocklisted, just as a matter of fact!
Of course this doesn’t check the main blocklists used by Microsoft and Gmail. I’d expect my home IP to be on those (because I’d expect the entire pool to be), but maybe my VPS might not be!
Anyway, the point I’m trying to make is that whether or not the battle has been “lost,” it’s definitely stacked against anyone who doesn’t start out with essentially a known-good, static IP address that you can control the reverse DNS record for.
You could do absolutely everything else right, but if you can’t get ahold of an IP address from a reputable provider that isn’t known for spammers using their service, you’ll probably have a lot of trouble with delivery of outbound mail. And that’s not a battle that I want to fight right now…
Yeah... this tends to be the issue. Also, I wouldn't even bother trying to get removed from the UCEProtect blacklists, it's literally just extortion. (luckily I use a small hosting provider so they're not even on the UCEProtect lists)
You're naively ignoring the simplest solution: smarthost through a provider with a good reputation.
You still get to control your incoming email, your filtering, you get logs of everything, you control your email at rest, and you'll still get good logs for outgoing, but deliverability simply is no longer an issue.
So, what other objections do you have for email self-hosters?
Then either you didn’t configure your server correctly or you were trying to run a server on an IP address that’s part of a blacklisted netblock (e.g. residential).
I’ve had a mail server in colo for over a decade, and I even recently had to change IP addresses on that server, and I’ve had zero deliverability issues. Set up SPF, DKIM, and reverse DNS, and obviously don’t do anything stupid like send spam or leave an open relay, and you should be fine.
> Then either you didn’t configure your server correctly or you were trying to run a server on an IP address that’s part of a blacklisted netblock (e.g. residential).
This is frequently the case but not always. Sometimes you don't have any server issues, and originating IP is totally fine, but your messages are 250-accepted then somehow just disappear into the void without reaching the recipient mailbox (not even the "spam" folder).
Fortunately, it's rare (in my experience), but super annoying when this happens, because with FAANGs there's absolutely no way to reach out for any technical support (unless you know someone who works there and they can help you).
"Outlook Enterprise" is a mess that refuses email for no good reason. Sometimes it's because Microsoft's DNS resolvers are broken (and can't validate SPF/DKIM), sometimes it's because the mail server rewrites message headers and then tries to validate the signature (which fails, obviously).