If you’ve been pulling your hair out this week because emails from Microsoft Outlook or Office 365 are bouncing back with a cryptic error message, you’re not alone. We just dealt with this exact issue for one of our clients, and we want to walk you through what happened, what caused it, and exactly how we fixed it, so you can do the same.
What the Error Looks Like
Here’s the scenario: someone tries to send you an email from their Outlook or Office 365 account, and instead of landing in your inbox, they get a bounce-back message that reads something like this:
“Security or policy settings at [yourdomain.com] have rejected your message.”
The bounce notification comes from Microsoft Outlook’s system and flags it as a “Security or policy violation.” If you dig into the email headers of the bounced message, you’ll find the specific error code:
554 5.7.1 ACL dns_rbl
That error code is the key to understanding the whole problem.
What Does “554 5.7.1 ACL dns_rbl” Actually Mean?
Let’s break it down in plain English.
554 means the email was permanently rejected, not delayed, not quarantined, just flat-out refused.
5.7.1 is the sub-code for a security or policy rejection. The receiving server decided the email wasn’t trustworthy.
ACL dns_rbl is the technical fingerprint. “ACL” stands for Access Control List, and “dns_rbl” stands for DNS Real-time Blackhole List. Put those together and it means: your email server checked the sender’s IP address against a blacklist, found a match, and blocked the email.
In short: Rackspace’s spam filter looked up the IP address that Microsoft used to send the email, found that IP on a blacklist, and said “nope.”
Why Is Microsoft on a Blacklist?
This is where it gets interesting, and frustrating.
Starting around late December 2025, a batch of Microsoft’s sending IP addresses got listed on Senderscore’s Real-time Blacklist (RTBL). Senderscore is a reputation monitoring service run by Validity, and their blacklist is used by email providers (including Rackspace) to filter out spam.
The problem? These aren’t spammer IPs. These are legitimate Microsoft Office 365 and Outlook infrastructure IPs, the same ones used by millions of businesses to send everyday email. But because of how shared IP infrastructure works, if enough spam originates from a range of IPs, the entire range can get flagged.
The specific blacklist Rackspace checks is: sa-ip4tset.blagr.emailsrvr.com
When Rackspace’s mail servers query that blacklist and get a hit on the sending IP, the email gets rejected with the 554 5.7.1 ACL dns_rbl error. Your senders see a bounce. You never see the email. And nobody knows what happened until someone picks up the phone.
Who’s Affected?
If you meet all three of these conditions, this issue likely applies to you:
- Your email is hosted on Rackspace (including through providers like Cloudways that use Rackspace Email or “Rackspace Email” branded as part of their hosting stack)
- People are trying to email you from Microsoft Outlook or Office 365
- The bounces started in late December 2025 or early January 2026
This isn’t limited to one domain or one mailbox. It affects any Rackspace-hosted email domain receiving mail from the affected Microsoft IP ranges.
How We Fixed It (Step by Step)
We worked directly with Cloudways technical support (shoutout to their team for the fast resolution) and here’s exactly what was done. If you’re managing your own Rackspace email, you can do this yourself:
Step 1: Confirm the Problem
Before making changes, verify that the issue is actually a Senderscore blacklist block. You can do this by:
- Getting the full email headers from the bounced message (your sender can usually forward the bounce-back notification)
- Looking for the
554 5.7.1 ACL dns_rblerror and any reference tosa-ip4tset.blagr.emailsrvr.com
If you see that, you’ve confirmed the issue.
Step 2: Safelist Microsoft’s Sending IP Ranges
Log into your Rackspace Email admin panel and navigate to:
Domains → Spam Settings → Safelists
Select the affected domain, then add the following Microsoft IP ranges to the safelist:
52.101.%.%52.102.%.%52.103.%.%40.107.%.%
These wildcard entries cover the primary IP ranges that Microsoft Office 365 and Outlook use for outbound email delivery.
Step 3: Safelist Sender Addresses
While you’re in the safelist settings, also add the specific From email addresses that were getting blocked. This provides a second layer of protection in case Microsoft rotates to different IP ranges.
Step 4: Test and Verify
Have one of the previously blocked senders try emailing you again. With the safelist in place, emails should begin flowing immediately, no waiting period, no propagation delay.
Step 5: Monitor for the Long-Term Fix
The permanent solution requires Microsoft to request removal of their IPs from the Senderscore blacklist. You can check the status yourself at Senderscore’s RTBL lookup tool. Until Microsoft completes that process, the safelist entries are your safety net.
How to Prevent This From Happening Again
Email deliverability issues like this are a reminder that your email infrastructure needs regular checkups, just like any other part of your business technology. Here are a few things to keep on your radar:
Check your SPF, DKIM, and DMARC records. These are email authentication protocols that help receiving servers verify your emails are legitimate. If you don’t have these set up for your domain, you’re more vulnerable to deliverability issues on both the sending and receiving end.
Monitor blacklists proactively. Free tools like MXToolbox’s Blacklist Check let you see if your domain or your email provider’s IPs are listed on any major blacklists. A monthly check takes two minutes and can save you days of troubleshooting.
Know your email hosting stack. Many business owners don’t realize their email runs through Rackspace, especially if they signed up through a hosting provider like Cloudways. Understanding your stack helps you troubleshoot faster when something breaks.
Keep your hosting provider’s support number handy. When email goes down, speed matters. Don’t spend hours Googling when a 10-minute support chat can solve the problem.
The Bigger Picture
This incident highlights a growing tension in email infrastructure. Shared IP environments, where thousands of senders use the same pool of IP addresses, are efficient and cost-effective, but they create a “bad neighbor” problem. One wave of spam from a compromised account can tank the reputation of an entire IP range, taking legitimate businesses down with it.
It’s not Rackspace’s fault for checking blacklists (that’s responsible spam filtering). And it’s not entirely Microsoft’s fault either (managing IP reputation across millions of senders is genuinely hard). But when you’re the business owner whose emails stop working, the “why” matters a lot less than the “how do I fix it.”
That’s why we’re sharing this. Because when we searched for answers, there wasn’t a single clear guide covering this specific scenario from start to finish.
Need Help? That’s What We’re Here For.
If you’re dealing with email deliverability issues, whether it’s this specific Microsoft-Rackspace-Senderscore problem or something else entirely, we can help. At Helping Merchants, we provide hands-on technical support for small businesses who don’t have an IT department on speed dial.
Don’t let a technical glitch cost you clients, deals, or credibility.
📧 Reach out to us at helpingmerchants.com
📞 Or just give us a call, we’ll get your email working again.
Published: February 13, 2026
Author: Greg | Helping Merchants
Category: Email Deliverability, Tech Support, Small Business IT
Target Keywords: 554 5.7.1 ACL dns_rbl fix, Microsoft IP blacklisted Senderscore, Rackspace email not receiving Outlook, Outlook emails bouncing Rackspace, Senderscore blacklist removal, Rackspace email deliverability issues, Cloudways Rackspace email fix
