MicrosoftMicrosoftHi, what if spf/dkim has temperror?
Microsoft has been experiencing issues for DKIM validation for years, and it appears these problems are causing even more issues now with the strengthened email ecosystem. Perhaps Microsoft should have resolved these technical challenges before introducing additional requirements. Below is a list of top email senders and their percentage of temperrors in the last 30 days from over 20k domains:
I have reported this issue to Microsoft multiple times, and in 2024 Puneeth acknowledged, "We are aware of the DNS issue and are actively working on several resolutions." Microsoft is clearly aware of the problem, but it seems they have not been able to resolve it.
freddieleeman Is there a way we can an official answer from the publishers of this article or someone from outlook.com on what are they doing with emails with temperror under this new rule?
Not that I’m aware of. Microsoft doesn’t have the best track record with these things — something breaks, the community reports it, Microsoft eventually acknowledges it, and maybe it gets fixed months or even years later.
I can totally relate to this table, i have not seen any issues with gmail/google generating temperrors. The question i still dont have answer of is if these emails will be rejected or not. Perhaps ill soon get the reports from our service to see bounce rates. But no one from MS is willing to give an answer. The outlook.com support is useless, they keep on asking for same things no matter what your issue description is.
Yes, they would be rejected, assuming they met Microsoft's bulk sender definition. It's also possible for emails that do not meet this criteria to be rejected due to the same problem, because with a strict policy of DMARC reject, SPF not passing, and DKIM returning temperror (which is not a pass result), it would not satisfy DMARC.
What Does “Temperror” Mean in SPF or DKIM?
If you're seeing temperror in SPF or DKIM results, it means the receiving email server couldn’t complete the authentication check because of a temporary DNS issue. This is not a permanent failure, but it can still impact email delivery.
What Causes It
SPF temperror may happen due to:
DKIM temperror may happen due to:
Why It Matters
How to Fix It
Summary
SPF and DKIM temperrors are temporary issues that stop email authentication from completing. They don’t cause immediate rejection, but they can reduce email deliverability and trust. Fixing them ensures reliable authentication and protects your domain’s reputation.
Let me know if you'd like a downloadable or shareable version.
Let me know if you'd like a downloadable or shareable version.
If you’re not familiar with the topic of email authentication, it’s best not to have AI generate a reply that includes incorrect information.
The “too many DNS lookups (limit is 10)” scenario your AI mentioned, as well as having more than two “void DNS lookups,” actually result in a permerror , not a temperror. Temperror is specifically for temporary issues, like timeouts, DNS servers being momentarily unreachable, or transient DNS failures. Permerror, on the other hand, covers permanent configuration problems, such as exceeding SPF lookup limits or having invalid or missing records.
So, if you see a temperror, it’s almost always a temporary DNS problem (for example, DNS timeout, DNS server not responding, or intermittent DNS failures). If you hit DNS lookup limits or have structurally invalid records, you’ll get a permerror instead, which means the issue must be fixed on the sender’s side.
Just wanted to help clarify, since this distinction can make a difference when troubleshooting email deliverability problems!
Not sure if this is the case, there are several reports by other people,
https://learn.microsoft.com/en-us/answers/questions/2278218/spf-dkim-failures-from-external-sender-to-ms-outlo
https://answers.microsoft.com/en-us/outlook_com/forum/all/dkim-timeout-in-the-mails-sent-to-hotmailcom-from/a5675f09-a143-45ad-9264-fde30849102b#:~:text=Here%20are%20some%20suggestions%20for%20you%20to%20consider%3A,and%20public%20keys%20match%202.%20Verify%20DNS%20Records
Also someone shared this mentioning outlook.com has acknowledge this in past but no referring article was attached.
https://www.uriports.com/blog/outlook-com-dkim-temperror-in-dmarc-reports/
People who are using 3rd party mail services like sendgrid might not even know unless someone looks into bounce rates or have dmarc aggregate reports that would uncover this issue. Randomly outlook.com is giving temperror for long time now.
And the question i have is, due to this temperror, and the new requirements, would they reject emails?
It seems that emails have been rejected so far in the case of temperror and this is typically a problem, because the sender is not fully responsible for such random errors. This could also occur for DMARC temperror.
