First, let me state that I have no problem forwarding mail to MOST external contacts by simply setting up a "Mail Contact" via ECP. Further, it appears that 100% of mail from internal addresses goes through properly to all external contacts. Where I run into problems is that for some mail originating at external sites, some users' ISPs reject the forwarded mail as spam. This happens often enough that I suspect I have not set up everything properly.

I don't have a problem forwarding to gmail.com, outlook.com, or other big e-mail systems. The e-mail may end up in the recipient's junk mail, but at least it gets through and users can add us to their Safe lists to prevent this problem. But with several ISPs, the mail is blocked completely. Nothing reaches the contact at all, nor does the sender get a message back with any kind of support information (because these are forwarded messages, even if there were a reply, it wouldn't come to us). Example ISPs that reject forward messages at the SMTP level include EarthLink and FairPoint.

We are not on any DNS blacklists. Whatever the reason for the blocking, we assume (don't know for sure) that they are exceeding some spam score threshold and triggering the block. Supporting this hypothesis: test mail I send from my own gmail or yahoo accounts to their address on our Exchange Server does reach some of the problematic external contacts, but automated mail from other sources (like invites to complete registration for third party tools, like a RingCentral phone account) never reach these users.

These are completely legitimate individual e-mails that are being rejected outright by the external recipients' ISPs.

A few questions on this problem:

1. Everything I see on the Internet says to create a user account and a mail contact, and then forward the user's mail to the mail contact. This has always seemed like a waste of time for me -- I just create a mail contact John Doe in ECP, with an internal address of John.Doe@MyCompany.com, and then set it to forward to John's external SMTP gmail account at jdoe@gmail.com. Am I missing something? Is there any benefit to also creating the user account? If all mail is only going to the person's external mail address, is there any problem with only creating the mail Contact as I have been doing? Could this be related to the spam blocking problem with the forwards?
2. Are there any rDNS or other settings I should make either on the Exchange server, our on-site DNS server, or with our external DNS to make our mail appear more legitimate and less likely to be flagged as spam? Maybe we've failed to follow some best practices on setting everything up, which increases our spam score, explaining both the rejections and the frequent junk mail filing.
3. Any suggestions on how to better research this to find out WHY the messages are being blocked? The ISPs don't respond to questions on this. Their support personnel are unaware and claim they don't block e-mail. But obviously they do.

Thanks for any help or suggestions to troubleshoot and work toward a resolution to this problem,

A possible cause of this symptom is the recipient side checks SPF and reject softfail.

If the forwarded mail carries the original sender address in the envelop header, while it was sent out from your IP which does not match the SPF, the recipient side may reject it.

I suggest you enable SMTP protocol log on the Internet send connector. It will give you more accurate info about this problem.

Thanks, Li Zhen. I'll check on that.

I also recently added SPF tags to our DNS. Might that increase our chances at properly forwarding messages too (because we're more full registered)?

Where will the SMTP log end up (Exchange 2013 in default install location)?

Thanks again,
Colin

1) To find protocol log location,

Get-TransportService <server> | fl sendprotocollogpath

2) If the redirected message carries the original sender in the mail from: command, adding SPF of your own domain will not help.