Hotmail.com SPF issue on August 18th

Hotmail.com SPF issue on August 18th

Looks like Microsoft has run into email authentication issues today. Specifically, the domain hotmail.com appears to have a broken SPF record wherein messages sent by Hotmail/Outlook.com/Microsoft OLC using a hotmail.com from address aren't passing SPF authentication. Here's a link to a KBXSCORE report I've run, showing the failure.

While hotmail.com is affected, the outlook.com domain doesn't appear troubled -- my test sends from an outlook.com from address seem to pass SPF. (Microsoft has many other domains; I've only checked these two.)

Looking at the SPF records for hotmail.com, here's what I see:

hotmail.com descriptive text "v=spf1 include:spf-a.outlook.com include:spf-b.outlook.com ip4:157.55.9.128/25 include:spf-a.hotmail.com include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com -all"

outlook.com descriptive text "v=spf1 include:spf-a.outlook.com include:spf-b.outlook.com ip4:157.55.9.128/25 include:spf-a.hotmail.com include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com include:spf.protection.outlook.com ~all"

The hotmail.com SPF record is missing "include:spf.protection.outlook.com" -- which is present in the outlook.com SPF record. And I see it present in a cached copy of Hotmail's SPF record that I collected last month. So, I suspect that to be the source of the issue. 


This issue appears to affect mail sending only users of Outlook.com who have email addresses in the hotmail.com domain. DKIM authentication IS passing, so if a recipient site isn't relying on SPF alone to determine accept/reject, little legitimate mail should be rejected as a result of this. (Though I do suspect somebody, somewhere out there could be rejecting mail as a result of this, because the SPF record in question ends in "-all.")

August 18, 2023 Update: Yay, looks like the SPF record is fixed! Outlook.com users with hotmail.com email addresses are again sending mail that passes SPF authentication. Glad to see Microsoft was able to fix it quickly.

[ H/T: Mark Alley and Reddit ]

by
Labels
Al Iverson
Writing about, guiding clients on, and building tools related to email technology, deliverability and DMARC. Blogging about spam since 2001. Based in Chicago.
1 Comments

Comments

  1. Anonymous10:36 AM, August 18, 2023

    Great, thanks for confirming! Having a lot of issues today!

    ReplyDelete

Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.