PEN Consultants Logo
Don’t Be a Victim: Find your weaknesses before the criminals do. PEN Consultants can help!

Troublesome: HostGator and Microsoft

This article is to inform you of the incompatibility that exists between HostGator and Microsoft-hosted email services, Microsoft’s inability to accurately distinguish good email from spam, and how unhelpful they both have been in resolving the issue. I hope this article will help inform two groups of people: (1) those currently using/those considering using any Microsoft hosted or managed email service (ex.,,,, O365, etc.), and (2) those currently using/those considering using HostGator’s hosting services.

I’ve owned and managed my own domains for use with the web and email since 1999. In that time, I’ve never sent bulk emails, had any of my emails marked as spam by a user (to my knowledge), been on any spam/black lists, etc. [The exception being, intentional spear phishing campaigns launched against clients]. I can prove my statement of, “I never send spam emails”.

Sometime between 03 Aug and 12 Aug, all email sent from my domains (ex. to recipients of Microsoft managed email services (ex., O365, etc.) started being labeled as “JunkMail” and were delivered to the Junk folders of my clients and vendors instead of their Inbox. I was confident I had not been black listed, as I have an automated process that monitors my domains to ensure they do not become listed. Additionally, no other domains (Gmail, Yahoo, etc.) were classifying my email as Junk or Spam.

My first action was to send test emails to a few Microsoft email accounts I had access to and carefully research the headers to determine what the spam filtering was flagging on. Here are the relevant headers…

HGandMS suck 1 | PEN Consultants
HGandMS suck 4 | PEN Consultants
HGandMS suck 2 1 | PEN Consultants
HGandMS suck 3 | PEN Consultants

As can be seen, the only thing that sticks out as being a potential problem is “EFV-NLI”. Unfortunately, I was unable to find what this meant on Microsoft’s website (I admit, I could be missing it). Microsoft is not doing that great of job at helping the end-user diagnose these types of issues, IMO. The only solution I saw was to white list the sender. Since I do not control the accounts of my clients, vendors, kid’s teachers, etc., and since having to ask each one to specifically white list my domain is burdensome and impractical, there was no actionable solution provided by Microsoft.

Next, just to be sure, I checked DMARC, DKIM, and SPF. All checked out as okay…

HGandMS suck 5 | PEN Consultants

I looked into a few troubleshooting tools that Microsoft provides, but they require the email server admin to perform tasks that I, as a leaser of said server, do not have permissions to perform. As a last resort, I submitted multiple support tickets to Microsoft’s email deliverability support team. No matter what level of detail I gave in the support ticket, and no matter what questions I asked (ex. “Please explain what EFV-NLI means?”), they always gave the same, totally worthless reply…

Errors are unlikely, however, if an error is indicated, please resubmit the specific IP or IP range.

This is where HostGator comes in…

Initially, HostGator support was very supportive. The first tech, “Judy Anne”, found a potential issue with my DMARC and DKIM entries and resolved them. She was very helpful! Unfortunately, after 8 hrs, my problem still persisted. Over the course of about 72 hrs, ~4 chat sessions, and ~3 emails, HostGator ended up messing up my SPF and other DNS records, fixed them back, and then tried troubleshooting the original email issues.

What was discovered, between a combination of my testing and their testing (kudos to Denise R’s extensive testing!), is that every major email provider (Yahoo, Gmail, etc.) could all send email to Microsoft domains without issue (delivered to the Inbox). However, ALL HostGator hosted domains were being classified as Junk. That is to say, all of HostGator’s customer domains (that Denise tested) could NOT successfully deliver an email to a Microsoft managed Inbox.

Based on the testing above, it was now firmly established that the issue was far bigger than my domains; rather, it was a global issue at HostGator. No doubt it is something as simple as a missing or poorly formatted header they have configured that Microsoft is expecting and other providers are ignoring. Unfortunately, HostGator is unwilling to own their share of the responsibility and work with Microsoft to resolve the issue.

I fault both Microsoft and HostGator equally on this:

  • I commend Microsoft for being aggressive against spam. But, they need to do a better job at showing WHY something is marked as spam or junk and how one can resolve it.
  • Microsoft support should consider actually reading what is submitted and respond accordingly, instead of simply responding with boilerplate statements, which prove they didn’t read the ticket.
  • HostGator needs to understand that only THEY can perform many of the troubleshooting tasks that Microsoft requires. Telling your customers there is nothing you can do, when ALL of your customers appear to be affected by this issue, is not good customer service.

As a provider of superior quality, standards-based information and cybersecurity testing and red teaming services offered at a guaranteed fair price, I do not have the capital to spend on costly solutions. But, given how this has impacted my ability to communicate with a subset of my clients/vendors/etc., I may have no choice but to ditch HostGator in favor of a provider that is willing to resolve issues with a 3rd party. Needless to say, Microsoft will not be on my list of go-to alternatives when I leave HostGator, as I want to actually be able to receive legitimate email.


  • 12-14 Aug 2019: Invested a significant amount of my time attempting to work with Microsoft and HostGator to resolve their differences
  • 17-20 Aug 2019: This article written, peer reviewed and updated
  • 22 Aug 2019: Last attempt to resolve privately with HostGator. I sent the email, “The attached article, which is a bit critical of HostGator, will be going public in the coming days.  Please let me know if HG would like to provide a statement in reference to this.  I will include any reasonable response you send with the article.”
  • 26 Aug @ 2100: After no response from HostGator, I published the article

Featured image is a derivative work from the following images: Geralt @, Clker-Free-Vector-Images @, Simon @, Clker-Free-Vector-Images @

If you are looking for a reliable and experienced offensive security service that provides Rock Solid Security, look no further than PEN Consultants for all your information and cybersecurity testing needs. Contact us: