Resources / Sender Requirements
Orange & Wanadoo Sender Requirements
Orange runs the mailboxes behind orange.fr and wanadoo.fr and now requires SPF, DKIM and DMARC to all pass on every message. This page covers Orange's published delivery guidelines, its rules for senders above 1,000 messages a day, the per-connection and size limits, and the complete Orange error-code table with fixes.
Last checked: June 22, 2026
Orange is the largest mailbox operator in France, and its postmaster guidance covers both orange.fr and the legacy wanadoo.fr domains. The headline change for senders: Orange “does now require all the following mechanism to pass” - SPF, DKIM and DMARC. This is stricter than the “SPF or DKIM” floor most US providers publish, and a missing DKIM signature alone is enough to get a message rejected. Orange last updated its postmaster page on May 15th 2026.
This page is built entirely from Orange’s published postmaster documentation. Where the page is silent on something (TLS versions, a static-IP mandate, M3AAWG membership), that is called out rather than filled in from assumption.
The 60-second version
- SPF, DKIM and DMARC must all pass. Not “one of”; all three. A message without a DKIM signature “may be rejected” (error
535). - ARC sealing is strongly recommended for forwarded mail.
- Valid PTR / FCrDNS required. The sending IP must match the IP of the hostname in its PTR record (error
107). - Valid HELO/EHLO FQDN that resolves in DNS (error
20x). - Connection limits: Orange recommends 100 messages per connection, 2 simultaneous connections per sending IP, 100 recipients per message. Message size limit 45MB.
- Large senders (more than 1,000 messages/day): join SignalSpam (the only way to receive Orange’s Feedback Loop), host a real website behind your
Fromdomain, and keep complaints low. The complaint trigger is 0.6% today, moving toward 0.3%. - Abuse reports:
abuse@orange.fr.
Email delivery guidelines
Orange lists these as the baseline for being accepted and not tagged as spam:
| Area | Orange’s rule |
|---|---|
| SMTP standards | Mandatory headers per RFC 5321 (SMTP) and RFC 5322 (Internet Message Format) |
| Blocklist hygiene | Monitor your IP and domain on real-time blocklists (RBLs). Orange names Abusix, Spamhaus and Cloudmark |
| Reverse DNS | Your IP “needs a valid reverse dns record (PTR)“ |
| Forward DNS | Your domain “must have valid A or MX records” |
| Authentication | ”Orange does now require all the following mechanism to pass” - see below |
Authentication: all three, all passing
This is the part that trips up senders coming from a Gmail/Yahoo mindset:
- SPF is required. Configure it as a TXT record on the sending domain.
- DKIM signing is required. “Message without signature may be rejected.”
- DMARC configuration is required.
- ARC sealing is strongly recommended for forwarded messages.
Because Orange requires all three to pass (rather than the more common “SPF or DKIM” minimum), alignment matters: your SPF and DKIM have to validate and tie back to the From domain so DMARC evaluates clean. If you only publish SPF, or only sign with DKIM, you are not meeting Orange’s stated bar. For the mechanics of how SPF, DKIM and DMARC interact, see the DMARC in 2026 reference.
Reverse DNS / FCrDNS
Orange requires a valid PTR record, and its error guidance is explicit that this is forward-confirmed: “the sending IP address must match the IP address of the hostname defined in the PTR record.” A PTR that points to a hostname which does not resolve back to the same IP fails this check (error 107).
Sending limits
| Limit | Orange’s recommended value |
|---|---|
| Messages per connection | 100 |
| Simultaneous connections per sending IP | 2 |
| Recipients per message | 100 |
| Maximum message size | 45MB |
Orange notes that “different limits may apply based on your current reputation” - these are the published defaults, not a ceiling you are guaranteed. Exceeding them surfaces as concrete errors: too many concurrent connections returns 104, too many messages on one connection returns 109.
Notes for large senders (more than 1,000 messages/day)
Orange publishes an extra checklist for senders above 1,000 messages per day:
- SignalSpam membership. Orange is a sponsor member of SignalSpam, the French public-private spam-reporting partnership. You should follow the SignalSpam charter, and critically: “Only SignalSpam authorized members may receive Orange Feedback Loop.” Orange’s complaint feedback loop is delivered through SignalSpam, not a standalone Orange portal.
- A real website behind your
Fromdomain. Orange wants the domain in yourHeader Fromto host a website that contains: a page with your company address and identity, text explaining how you obtained the recipient’s consent, and the service’s legal notices. - Keep complaints low. “Spam reports rate at 0.6% or above might trigger some protection mechanisms.” Orange then states its direction of travel: “Orange intends to align with industry standards and will gradually adopt a 0.3% spam-report rate before triggering protection mechanisms.” Design to the stricter 0.3% now so a future tightening does not catch you out.
Orange error codes
Orange embeds a numeric code at the end of its SMTP responses. For example: Trop de connexions, veuillez verifier votre configuration. Too many connections, slow down. OFR002_104 - the code there is 104. The full published table:
| Code | Meaning | Resolution |
|---|---|---|
99 | Sending IP blacklisted by Orange | Open an Orange deliverability ticket via the contact form |
100 | Sending IP listed on Abusix RBL | Check and delist at Abusix |
101 | Sending IP listed on Spamhaus RBL | Check and delist at Spamhaus |
102 | Sending IP listed on Cloudmark RBL | Request reset at Cloudmark CSI |
103 | Sending IP blacklisted by Orange | Open an Orange deliverability ticket via the contact form |
104 | Too many simultaneous connections | Reduce concurrency (recommended: 2 connections per IP) |
107 | Missing PTR / reverse DNS, or PTR does not match the sending IP | Set a valid PTR for the IP; the sending IP must match the PTR hostname’s IP |
109 | Too many messages per SMTP connection | Reduce messages per connection (recommended: 100) |
20x | Invalid HELO/EHLO | Use a valid FQDN HELO that resolves, e.g. mail.yourdomain.com |
397 / 398 | Sender domain SPF error | Verify the sending domain’s SPF TXT record; allow for DNS TTL (up to 24h) after changes |
405 | Sender domain DNS error | Ensure the MAIL FROM domain has valid A or MX records |
406 | Sender rejected | Open an Orange deliverability ticket via the contact form |
416 | Recipient does not exist | Remove the address from your list |
425 | Sender domain blacklisted | Delist the domain at Abusix and Spamhaus |
506 | Message blocked, suspected spam | Open an Orange deliverability ticket via the contact form |
515 | DMARC authentication failed; rejected per your DMARC policy | Fix SPF/DKIM/DMARC so the message authenticates and aligns |
519 | Sending IP not authorized for the domain in SPF | Add the sending IP to the domain’s SPF record |
535 | DKIM signature missing; message rejected | Add a valid DKIM signature - DKIM is mandatory |
988 | Message rate-limited due to low IP reputation | Retry later; improve reputation |
989 / 990 | Sending domain rate-limited due to low reputation | Retry later; improve domain reputation |
99x | Rate-limited due to poor sending behavior | Review what you are sending; retry later |
Codes 100/101/102/425 map directly onto the three blocklists Orange consults. If you are hitting these, the fix is upstream at the blocklist, not at Orange - see the DNSBL directory for delisting paths. For how to read these enhanced replies in general, see enhanced status codes.
Feedback loop and abuse contact
- Feedback loop: delivered through SignalSpam. Only SignalSpam authorized members receive it; there is no separate Orange-hosted FBL enrollment described on the postmaster page.
- Abuse reports: email
abuse@orange.fr. - Deliverability escalation: Orange’s contact form, choosing the option for an Orange/Wanadoo deliverability issue.
What Orange’s page does not state
To stay honest about the source, the following were not found on Orange’s postmaster page and should not be presented as Orange requirements:
- No explicit TLS version requirement. Orange’s guidelines do not name TLS 1.2+ or any transport-security floor. (Transport security is still good practice - see encryption in transit - but Orange does not state it here.)
- No explicit “static IP” mandate. Orange requires a valid, forward-confirmed PTR, which in practice implies stable addressing, but the word “static” is not used.
- No M3AAWG membership requirement. Orange’s large-sender checklist names SignalSpam, not M3AAWG.
- No Feedback-ID header requirement. Orange does not mention a
Feedback-IDheader.
“Not stated” means absent from Orange’s guidance, not “safe to skip.”
What Egressif does
We send to Orange and Wanadoo from owned, static IP space with forward-confirmed reverse DNS (the sending IP resolves to a hostname that resolves back to the same IP), exactly what error 107 checks for. Every message carries SPF, a DKIM signature, and a DMARC policy that all pass and align - meeting Orange’s “all three must pass” bar rather than the looser “SPF or DKIM” floor - and we ARC-seal forwarded mail. We monitor the same blocklists Orange consults (Abusix, Spamhaus, Cloudmark) so a listing surfaces before it becomes a 100/101/102/425, we hold concurrency to two connections and around 100 messages per connection per IP, and we manage large-sender hygiene (SignalSpam participation for the feedback loop, a real website behind the From domain, complaint rate held under the 0.3% Orange is moving toward). We do not promise placement; these are Orange’s entry requirements, and reputation decides the rest.
Related references
- Bulk Sender Requirements: Gmail, Yahoo, Microsoft, Apple A side-by-side tracker of what Gmail, Yahoo, Microsoft Outlook.com, and Apple iCloud actually require of senders - with the exact thresholds, the effective dates, and an honest note on where each provider stays silent.
- Gmail Sender Guidelines & Bulk Sender Rules What Google actually requires to deliver to personal Gmail accounts - every sender authenticates, bulk senders (5,000+/day) clear a higher bar, and the spam-complaint rate is the number that decides your fate. Quoted directly from Google's published guidelines.
- Yahoo & AOL Sender Requirements Yahoo's requirements - which also cover AOL and other Yahoo-hosted brands - rolled out alongside Gmail's in early 2024. Yahoo authenticates the same way but deliberately publishes no volume threshold and runs its own Complaint Feedback Loop through Sender Hub.
- Microsoft Outlook.com Sender Requirements Microsoft brought Outlook.com into line with Gmail and Yahoo in May 2025 - SPF, DKIM, and aligned DMARC for senders of 5,000+ messages a day. The published post is internally contradictory about whether non-compliant mail is junked or rejected; here is exactly what it says.
- Apple iCloud Mail Sender Guidance Apple's iCloud Mail guidance is the quiet one - no volume threshold, no spam-rate number, no feedback loop, and no allow list. It is a list of hard requirements whose failure means rejection, and an honest map of what Apple chooses not to tell you.
- GMX & WEB.DE Sender Requirements GMX and WEB.DE are both run by United Internet on one mail platform. Their postmaster guidance makes a valid, aligned DKIM signature mandatory - SPF and DMARC are recommended, but DKIM is the floor - and layers consent, M3AAWG/CSA standards, and RFC 8058 unsubscribe on top for bulk senders.
Tell us what you run today.
Domains, rough volume, current providers, and what hurts. You will get a straight answer on fit, and a real number, in one conversation.