When sending to Microsoft OLC (Outlook Consumer - i.e. hotmail.com, outlook.com, msn.com, live.com, etc.) domains, are you seeing this bounce message?
All of those domains have an MX record that points to outlook-com.olc.protection.outlook.com. And when you look up the IP addresses for that server mentioned in the MX record, what do you get? Well, when I do it from here, I get just two IPs: 104.47.58.33 and 104.47.55.33.
But other folks showed me examples where they were receiving 25+ IP addresses in response. I can't reproduce it, so I don't know if it's geo-specific, intermittent, or if overall, the whole thing has been addressed. I suspect some combination of all of that. But anyway, I'm told that when the results contain a whole bunch of IPs, the DNS response (actually, EDNS response) is actually so large that some DNS resolvers can't parse it.
The fix? It'll vary based on your sending platform. For PowerMTA, adding "edns-udp-length 2048" to PMTA's global config seems to take care of the issue. For others, you could try manually overriding DNS to point mail for all MSFT OLC domains at just a couple of specific IP addresses. (And if you're a customer of an ESP or CRM tool, NOT the entity with the root password to the outbound MTAs, you're not the person who can fix this -- the server administrators are.) As long as you're not waiting on your DNS resolve to try to resolve DNS from a response too large
This is a tricky one! And I never would have figured it out in a million years, so I'm glad to know smart folks who were kind enough to pass this one along for sharing.
thanks Al for sharing too as always !
ReplyDeleteSuper helpful! Thank you!
ReplyDelete