Hotmail users across the globe encountered difficulties in sending emails, as their messages were either marked as spam or not delivered at all. This issue arose after Microsoft incorrectly configured the domain’s DNS SPF record.
User Reports and the Technical Reason
The email delivery problems started recently, with numerous users and administrators voicing their concerns on platforms like Reddit, Twitter, and the Microsoft Community forums. They highlighted that their Hotmail emails were not being sent due to SPF validation errors.
A Hotmail user shared on Microsoft’s Community forums, “Both of our family MS Outlook hotmail accounts are failing to send with the following error message: For Email Administrators This error is related to the Sender Policy Framework (SPF). The destination email system’s evaluation of the SPF record for the message resulted in an error. Please work with your domain registrar to ensure your SPF records are correctly configured.” exhprdmxe26 gave this error: “Message rejected due to SPF policy – Please check policy for Microsoft Outlook Personal Email and Calendar”.
Several users on the Microsoft Community forum shared similar concerns. “Fuad Laguda” mentioned that he was made aware of the issue when trying to communicate via email. He stated, “We have spoken with support, and they say their engineers are working on it.” Another user, Thomas McBurney, pointed out that every inbound email from Hotmail was being rejected due to SPF. He noted that Microsoft seemed to have changed their SPF record, excluding a range of IP addresses used by Hotmail. Another user, identified as “just-some-guy-900” said that his emails were being sent from an IP address not listed in any of the SPF records for Microsoft Outlook Personal Email and Calendar, resulting in rejected sends.
Upon investigation, it was discovered that Microsoft had removed the ‘include:spf.protection.outlook.com’ rule from the Microsoft Outlook Personal Email and Calendar SPF record. This SPF record contained a comprehensive list of hosts authorized to send emails for the Microsoft Outlook Personal Email and Calendar Microsoft 365 domain. With its absence, emails from these hosts were failing the SPF checks. In a recent update, Microsoft informed BleepingComputer that they have addressed the problem, and emails sent from Hotmail addresses should now pass SPF checks without any hitches.
Understanding SPF and its Role
The Sender Policy Framework (SPF) acts as an email security mechanism that aims to reduce spam and deter threat actors from imitating domains during phishing attempts. To set up SPF, administrators establish a unique DNS TXT record for a domain, which lists the specific hostnames and IP addresses permitted to send emails under that domain. When an email server receives a message, it checks if the sending email server’s hostname/IP address is part of the domain’s SPF record. If it matches, the email is delivered as usual. However, if there’s no match, the email is either returned to the sender with an error or redirected to the recipient’s SPAM folder.
