Forum Discussion
Received-SPF: TempError (protection.outlook.com: error in processing during lookup of "domain-name":
I have encountered an issue I believe is extremely widespread (albeit intermittent) affecting deliverability to hotmail.com / outlook.com from .AU Domains. During the past few days, I have perfor...
.edu.lb Aslo I want to note that its happening at random times and not for every email. Its been months happening and I contacted TLD NS servers for support and yet no fix.
Also we know that emails getting spf fails are entiteled with email subject: [Warning Unauthenticted User] and again it happens at random times and our end users are getting frustrated...
we contacted Microsoft support and they said its from DNS side.
Same problem for a domain from the EU TLD with DNS servers hosted in Slovenia. I checked DNS logs and can confirm that Outlook did in fact query my domain servers.
19-Mar-2021 15:54:44.418 queries: info: client @0x7f54a470a200 127.0.0.1#58179 (eur05-db8-obe.outbound.protection.outlook.com): query: eur05-db8-obe.outbound.protection.outlook.com IN TXT + (127.0.0.1) 19-Mar-2021 15:54:44.591 queries: info: client @0x7f54b00d5d90 127.0.0.1#62160 (spf.protection.outlook.com): query: spf.protection.outlook.com IN TXT + (127.0.0.1) 19-Mar-2021 15:54:44.821 queries: info: client @0x7f54a405c090 127.0.0.1#56517 (spf.protection.outlook.com): query: spf.protection.outlook.com IN TXT + (127.0.0.1)
For some reason the timeout window is too short (which makes sense as you want the mail to get delivered quick - but 100 miliseconds is not a big deal). If I ping the outlook SPF protection server from my DNS server, no response is received - maybe pings are blocked by MS.
The other problem is that the PTR record of the SPF server are not resolvable, which is not allowed under applicable specification - maybe my DNS server rejects such queries because of that. Microsoft should fix their PTR records to actual hostnames as they are currently not resolvable.
I did some investigation and found out that the second email is SPF-verified. That's probably because Outlook's cache kicked in and used that previous cached query response as there was no additional request to my DNS server.
Authentication-Results: spf=pass (sender IP is 93.103.[censored].[censored]) smtp.mailfrom=[censored].eu; [censored].org; dkim=timeout (key query timeout) header.d=[censored].eu;[censored].org; dmarc=bestguesspass action=none header.from=[censored].eu;compauth=pass reason=109
Received-SPF: Pass (protection.outlook.com: domain of [censored].eu designates 93.103.[censored] as permitted sender) receiver=protection.outlook.com; client-ip=93.103.[censored]; helo=[censored].eu;
As you can see, DKIM failed, maybe because - again - Outlook did not get the key in time. Retrying ...
In the next couple mails I sent to Outlook, I experienced stranger issues. SPF failing randomly. So the issue is not about cache - there is no cache, as in the 300 second TTL I sent 4 messages with only the second one being SPF validated and NONE being DKIM validated.
Microsoft really doesn't sound like they are eager to fix issues, such a centralized email system as Outlook's can never work flawlessly, SMTP and IP itself was not designed for this.