Forum Discussion
Received-SPF: TempError (protection.outlook.com: error in processing during lookup of "domain-name":
Are you perhaps able to tell me which TLD you are sending from ? Is it a .AU, COM.AU, .NET.AU or something else? SaadItani
.edu.lb Aslo I want to note that its happening at random times and not for every email. Its been months happening and I contacted TLD NS servers for support and yet no fix.
Also we know that emails getting spf fails are entiteled with email subject: [Warning Unauthenticted User] and again it happens at random times and our end users are getting frustrated...
we contacted Microsoft support and they said its from DNS side.We experience the same problem with all our servers. Mail goes to spam because of that 😞
- You could try removing DMARC restrictions. My mail gets delivered and never flagged as spam because I explicitly stated in my DMARC record that mail with bad SPF/DKIM shall not get flagged as spam. It's weird how DMARC records are accessible to Outlook - maybe they're just cached longer, but my mail never gets to spam.
Make sure to also enable dmarc-forensic reports so your postmaster will get an email when a mail is delivered into a spam folder.
More on that on https://dmarc.org/. I hope this issue gets resolved.
Same problem for a domain from the EU TLD with DNS servers hosted in Slovenia. I checked DNS logs and can confirm that Outlook did in fact query my domain servers.
19-Mar-2021 15:54:44.418 queries: info: client @0x7f54a470a200 127.0.0.1#58179 (eur05-db8-obe.outbound.protection.outlook.com): query: eur05-db8-obe.outbound.protection.outlook.com IN TXT + (127.0.0.1) 19-Mar-2021 15:54:44.591 queries: info: client @0x7f54b00d5d90 127.0.0.1#62160 (spf.protection.outlook.com): query: spf.protection.outlook.com IN TXT + (127.0.0.1) 19-Mar-2021 15:54:44.821 queries: info: client @0x7f54a405c090 127.0.0.1#56517 (spf.protection.outlook.com): query: spf.protection.outlook.com IN TXT + (127.0.0.1)
For some reason the timeout window is too short (which makes sense as you want the mail to get delivered quick - but 100 miliseconds is not a big deal). If I ping the outlook SPF protection server from my DNS server, no response is received - maybe pings are blocked by MS.
The other problem is that the PTR record of the SPF server are not resolvable, which is not allowed under applicable specification - maybe my DNS server rejects such queries because of that. Microsoft should fix their PTR records to actual hostnames as they are currently not resolvable.
I did some investigation and found out that the second email is SPF-verified. That's probably because Outlook's cache kicked in and used that previous cached query response as there was no additional request to my DNS server.
Authentication-Results: spf=pass (sender IP is 93.103.[censored].[censored]) smtp.mailfrom=[censored].eu; [censored].org; dkim=timeout (key query timeout) header.d=[censored].eu;[censored].org; dmarc=bestguesspass action=none header.from=[censored].eu;compauth=pass reason=109
Received-SPF: Pass (protection.outlook.com: domain of [censored].eu designates 93.103.[censored] as permitted sender) receiver=protection.outlook.com; client-ip=93.103.[censored]; helo=[censored].eu;
As you can see, DKIM failed, maybe because - again - Outlook did not get the key in time. Retrying ...
In the next couple mails I sent to Outlook, I experienced stranger issues. SPF failing randomly. So the issue is not about cache - there is no cache, as in the 300 second TTL I sent 4 messages with only the second one being SPF validated and NONE being DKIM validated.
Microsoft really doesn't sound like they are eager to fix issues, such a centralized email system as Outlook's can never work flawlessly, SMTP and IP itself was not designed for this.
