Forum Discussion

niaccarino1981's avatar
niaccarino1981
Copper Contributor
Oct 20, 2020

Received-SPF: TempError (protection.outlook.com: error in processing during lookup of "domain-name":

I have encountered an issue I believe is extremely widespread (albeit intermittent) affecting deliverability to hotmail.com / outlook.com from .AU Domains.

 

During the past few days, I have performed extensive testing to validate the issue which initially I thought was isolated to a single one of our .com.au domains.

 

I have since managed to replicate the issue across >5 different domains ending in .au such as .com.au, .net.au, and .edu.au. I have tested this across multiple Mail platforms such as Amazon accounts (SES), G Suite for business web interface, an internal SMTP relay which outbounds via Proofpoint and also from an O365 tenant.

 

I have tested a single email with multiple recipients to platforms such as Gmail, Yahoo and Hotmail in which Hotmail is the only recipient which reports an SPF TempError, DNS Timeout.

 

I have posted a portion of the email headers received in hotmail, being sent via multiple platforms, servers, subnets which have all failed. I have obfuscated the domain name for privacy reasons. 

 

This is a huge issue, not only for us, but for anyone sending mail to Hotmail from an .AU domain. I have not been able to make any other TLD fail as of yet.

 

How does one make Microsoft aware of a fairly significant and widespread issue affecting multiple end users?

 

Having spoken with AWS regarding this issue (I initially thought the issue was isolated to domains hosted in Route53, they concur that the issue lies solely with the receiving mail platform being hotmail.com/outlook.live.com) At a guess I would say Microsoft is intermittently having an issue performing DNS lookups of TLD's ending in .AU

 

Authentication-Results: spf=temperror (sender IP is 180.189.28.115) smtp.mailfrom=domainname; hotmail.com; dkim=pass (signature was verified) header.d=domainname;hotmail.com; dmarc=pass action=none header.from=domainname;compauth=pass reason=100 Received-SPF: TempError (protection.outlook.com: error in processing during lookup of domainname  DNS Timeout) Received: from au-smtp-delivery-115.mimecast.com (180.189.28.115) by BN3NAM01FT032.mail.protection.outlook.com (10.152.67.233) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.23 via Frontend Transport; Thu, 15 Oct 2020 07:07:36 +0000 X-IncomingTopHeaderMarker: 

 

Authentication-Results: spf=temperror (sender IP is 23.251.230.203) smtp.mailfrom=domainname; hotmail.com; dkim=pass (signature was verified) header.d=domainname;hotmail.com; dmarc=pass action=none header.from=domainname;compauth=pass reason=100 Received-SPF: TempError (protection.outlook.com: error in processing during lookup of domainname  DNS Timeout) Received: from e230-203.smtp-out.amazonses.com (23.251.230.203) by DM6NAM12FT050.mail.protection.outlook.com (10.13.178.215) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3499.7 via Frontend Transport; Thu, 15 Oct 2020 06:43:30 +0000 X-IncomingTopHeaderMarker: 

 

Authentication-Results: spf=temperror (sender IP is 69.169.232.10) smtp.mailfrom=domainname; hotmail.com; dkim=pass (signature was verified) header.d=domainname;hotmail.com; dmarc=temperror action=none header.from=domainname; Received-SPF: TempError (protection.outlook.com: error in processing during lookup of domainname  DNS Timeout) Received: from b232-10.smtp-out.ap-southeast-2.amazonses.com (69.169.232.10) by VI1EUR06FT050.mail.protection.outlook.com (10.13.7.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3477.21 via Frontend Transport; Wed, 14 Oct 2020 02:10:39 +0000 X-IncomingTopHeaderMarker: 

 

Authentication-Results: spf=temperror (sender IP is 148.163.148.88) smtp.mailfrom=domainname; hotmail.com; dkim=pass (signature was verified) header.d=domainname;hotmail.com; dmarc=bestguesspass action=none header.from=domainname;compauth=pass reason=109 Received-SPF: TempError (protection.outlook.com: error in processing during lookup of domainname  DNS Timeout) Received: from mx0a-0020df01.pphosted.com (148.163.148.88) by VI1EUR06FT044.mail.protection.outlook.com (10.13.6.117) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.23 via Frontend Transport; Fri, 9 Oct 2020 00:54:44 +0000 X-IncomingTopHeaderMarker: 

 

Authentication-Results: spf=temperror (sender IP is 209.85.166.48) smtp.mailfrom=domainname; hotmail.com; dkim=timeout (key query timeout) header.d=domainname;hotmail.com; dmarc=temperror action=none header.from=domainname; Received-SPF: TempError (protection.outlook.com: error in processing during lookup of domainname  DNS Timeout) Received: from mail-io1-f48.google.com (209.85.166.48) by BN7NAM10FT037.mail.protection.outlook.com (10.13.157.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.25 via Frontend Transport; Fri, 9 Oct 2020 01:01:58 +0000 X-IncomingTopHeaderMarker: 

 

Any help or insight here would be much appreciated.

  • SaadItani's avatar
    SaadItani
    Copper Contributor
    Same problem here, RECIEVED-SPF DNS TIMEOUT for my domain any ideas??
    • niaccarino1981's avatar
      niaccarino1981
      Copper Contributor

      Hi SaadItani,

       

      From the testing I have done, this issue appears to lie on the Outlook.com/Hotmail side.  This can only be fixed by Microsoft.

       

      As I mentioned in my initial post, I am able to send a single email with multiple recipients and the email will only fail SPF arriving at Outlook.com/Hotmail due to a DNS Timeout. This would suggest the issue lies with how Microsoft are processing the message.

       

      Hopefully someone will take notice of this thread soon and investigate. 

    • niaccarino1981's avatar
      niaccarino1981
      Copper Contributor

      Are you perhaps able to tell me which TLD you are sending from ? Is it a .AU, COM.AU, .NET.AU or something else? SaadItani 

      • SaadItani's avatar
        SaadItani
        Copper Contributor

        .edu.lb Aslo I want to note that its happening at random times and not for every email. Its been months happening and I contacted TLD NS servers for support and yet no fix.

        Also we know that emails getting spf fails are entiteled with email subject: [Warning Unauthenticted User] and again it happens at random times and our end users are getting frustrated... 
        we contacted Microsoft support and they said its from DNS side.

  • MAPnl's avatar
    MAPnl
    Copper Contributor

    niaccarino1981 

    Your not the only one who has this problem.
    I use a .com domain,  with a german mail server and having the same problem.
    This fix (https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_exchon-mso_o365b/spf-temperror-during-dns-lookup-persistant/6c8b37f5-16e6-451e-8cfd-1d97b6cf4916) is not working for me

    Seems like a microsoft problem, but as always, they don't give a damm about small companies outside of the US. They only care about themselfs.

  • nutty21's avatar
    nutty21
    Copper Contributor

    Can confirm, still an issue on three domains of ours. 
    This is pretty sad.  Everything gets marked as spam due to this.
    Lots of emails will be missed.

    • Hoang_Thanh_Minh's avatar
      Hoang_Thanh_Minh
      Copper Contributor

      We are facing this problem now (01-Nov-21) event that we are relaying through Sophos central.

      It seems that Microsoft wants us to use their Office365 ;(

  • Technodude's avatar
    Technodude
    Iron Contributor

    I am getting this as well with delivery to .ph domains in the Philippines. Unfortunately it's the Banks and Legal firms that have followed strict process in how they setup DMARC (set to reject), and so DNS timeouts on the SPF lookup result in email being bounced back as undeliverable/rejected.

     

    We don't relay our outbound mail... all goes through O365.  DNS for our sending domain is sat on Cloudflare.

    • karn_n's avatar
      karn_n
      Copper Contributor
      Hello All,
      Any of you get the above issue working?
      We are having same issue, emails sent to gmail gets rejected due to SPF and DKIM fail but both the records looks good.

Resources