"Blocked for Bot-like Behavior"
An ESP asked about this error message from Hotmail and what to do about it.
“Bot-like” behaviour usually means the sending server is doing something that bots also do. It’s not always that they’re spamming, often it’s a technical issue. But the technical problems make the sending server look like a bot, so the ISP is not taking any chances and they’re going to stop accepting mail from that server.
If you’re an ESP what should you look for when tracking down what the problem is?
First make sure your server isn’t infected with anything and that you’re not running an open relay or proxy. Second, make sure your customers aren’t compromised or have had their accounts hijacked.
Then start looking at your configuration.
- are you using a consistent one for each IP or are the values changing?
- are you using a FQDN (fully qualified domain name, i.e., a.example.com) for the HELO?
- are you using a bare IP for the HELO/EHLO?
- does that FQDN match the rDNS of the IP?
- does your IP have rDNS?
- does that rDNS in any way look like it might be dynamic?
- how many IPs are you using to send the same message?
- are you using a consistent hostname in the envelope From?
- is that hostname similar to the hostname in the IP address?
- are you sending a MessageID?
- are you authenticating?
- is that authentication correct?
- are you sending small amounts of the same content over different IP addresses?
- is the content you’re sending being sent by other entities?
- are any of the URLs you’re linking to infected with anything?
- are any of the URLs you’re linking to serving ads that might be spreading viruses?
- are you closing connections promptly or are you holding them open?
- are you opening connections from different IPs and sending the same content at the same time?
The major bot-like behaviours are sending small numbers of messages from many different IP addresses, and using bad HELO/EHLO values. Even small senders using shared pools can trigger this filter at Hotmail. Try not to split small volumes of mail over multiple IPs whenever possible and particularly when you are getting this error message.