Hotmail e mail supply fails after Microsoft misconfigures DNS


Microsoft DNS

Hotmail customers worldwide have issues sending emails, with messages flagged as spam or not delivered after Microsoft misconfigured the area’s DNS SPF file.

The e-mail points started late final evening, with customers and admins reporting on Reddit, Twitter, and Microsoft boards that their Hotmail emails have been failing as a result of SPF validation errors.

A Hotmail person defined in a publish on Microsoft’s discussion board that their Microsoft Outlook Hotmail accounts have been failing to ship with the next error:

For Electronic mail Directors
This error is said to the Sender Coverage Framework (SPF). The vacation spot e mail system’s analysis of the SPF file for the message resulted in an error. Please work together with your area registrar to make sure your SPF data are accurately configured.

exhprdmxe26 gave this error:
Message rejected as a result of SPF coverage – Please examine coverage for hotmail.com”

The Sender Coverage Framework (SPF) is an e mail safety function that reduces spam and prevents risk actors from spoofing domains in phishing assaults.

To configure SPF, admins create a particular DNS TXT (textual content) file for a website that specifies the precise hostnames and IP addresses allowed to ship emails beneath that area.

When a mail server receives an e mail, it is going to confirm that the hostname/IP tackle for the sending e mail servers is a part of a website’s SPF file, and whether it is, permits the e-mail to be delivered as traditional.

Nonetheless, if the IP tackle or area of the sending mail server is just not listed within the sender area’s SPF file, it is going to both bounce the e-mail again to the sender with an error or put it within the recipient’s SPAM folder.

After analyzing what should be blamed for e mail supply errors, admins famous that Microsoft eliminated the ‘embody:spf.safety.outlook.com‘ file from hotmail.com’s SPF file.

As an example the problem, the earlier SPF file for hotmail.com was:


v=spf1 ip4:157.55.9.128/25 embody:spf.safety.outlook.com embody:spf-a.outlook.com embody:spf-b.outlook.com embody:spf-a.hotmail.com embody:_spf-ssg-b.microsoft.com embody:_spf-ssg-c.microsoft.com ~all

Hotmail’s present SPF file with spf.safety.outlook.com eliminated is now:


v=spf1 ip4:157.55.9.128/25 embody:spf-a.outlook.com embody:spf-b.outlook.com embody:spf-a.hotmail.com embody:_spf-ssg-b.microsoft.com embody:_spf-ssg-c.microsoft.com -all

The spf.safety.outlook.com SPF file comprises a big listing of hosts allowed to ship an e mail for the hotmail.com area, and with that file lacking, any e mail from these senders will fail SPF checks.

BleepingComputer examined sending an e mail from an Outlook.com Hotmail account and replicated the issue, with our e mail going to Gmail’s SPAM folder as an alternative as a result of its SPF file failing.


Authentication-Outcomes: mx.google.com;
       dkim=go header.i=@hotmail.com header.s=selector1 header.b=Aoix6uEm;
       arc=go (i=1);
       spf=fail (google.com: area of ###@hotmail.com doesn't designate 2a01:111:f400:fe5b::808 as permitted sender) smtp.mailfrom=###@hotmail.com;
       dmarc=go (p=NONE sp=NONE dis=NONE) header.from=hotmail.com

It’s because the allowed IPv6 tackle (2a01:111:f400) related to Outlook.com that was used to ship my e mail is designated within the spf.safety.outlook.com file and, with its removing, is not accepted as legitimate.

Different hosts that may now fail SPF checks because of the removing of spf.safety.outlook.com are:


40.92.0.0/15
40.107.0.0/16
52.100.0.0/14
104.47.0.0/17
2a01:111:f400::/48
2a01:111:f403::/49
2a01:111:f403:8000::/50
2a01:111:f403:c000::/51
2a01:111:f403:f000::/52

Sadly, there may be nothing that Hotmail customers can do to repair this drawback on their very own, and so they must watch for Microsoft to repair the DNS entry.

Replace 8/18/23: Microsoft has instructed BleepingComputer that they’ve fastened the problem and Hotmail ought to not fail SPF checks.

Checking a few of the SPF embody statements for Hotmail.com, BleepingComputer has seen that they added a few of the lacking IP ranges to different contains, now permitting all of them to correctly go SPF.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles