AWS SES or SMTP Blocked or Flagged by Office365 Outlook Email Server

Problem statement

After proper configuration of AWS SES or SMTP as an email provider, some successfully sent emails do not get delivered to the intended recipient inbox or are flagged as spam when the email server for the recipient is an Office365 Outlook server.

Symptoms

The email is blocked as spam, and the header contains entries similar to the following:

smtp.mailfrom=eu-west-1.amazonses.com; dkim=fail (body hash did not verify)
header.d=apps.everstream.ai;dmarc=fail action=quarantine
header.from=apps.everstream.ai;compauth=none reason=454
Received-SPF: Pass (protection.outlook.com: domain of eu-west-1.amazonses.com

Steps to reproduce

  1. Configure AWS SES or SMTP as a custom email provider.
  2. Trigger an email such as the password reset email for a user with the Office365 Outlook email server.

Troubleshooting

  1. Ensure all custom email provider settings are correct in Auth0
  2. Check DKIM and DRMARC settings in AWS and follow the instructions on that service (Amazon SES):
  1. Trigger the same email directly from the AWS console and outside of it.
  2. Send the same email to other users with various email servers such as Gmail or Apple.

Cause

This is an Office365 Outlook server-specific issue based on their own spam filtering system. Please see DKIM fails to Outlook.com, but succeeds to Apple, Gmail, and Proton for more details.

Solution

Contact Outlook.com - Microsoft Support to assist with the problem.