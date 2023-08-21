Hotmail users worldwide have been encountering problems when sending emails, as their messages are either flagged as spam or not delivered altogether. The issue arose when Microsoft misconfigured the domain’s DNS SPF (Sender Policy Framework) record.

The email problems emerged late last night, with affected users and administrators taking to platforms like Reddit, Twitter, and Microsoft forums to report SPF validation errors, which caused their Hotmail emails to fail.

One user explained on Microsoft’s forum that their Microsoft Outlook Hotmail accounts were unable to send emails, receiving the following error message: “Message rejected due to SPF policy – Please check policy for hotmail.com”.

SPF is an email security feature designed to combat spam and prevent domain spoofing in phishing attacks. Administrators can configure SPF by creating a DNS TXT record for a domain, specifying the authorized hostnames and IP addresses permitted to send emails on behalf of that domain.

When a mail server receives an email, it verifies whether the sending server’s hostname/IP address is listed in the domain’s SPF record. If it is, the email is delivered as usual. However, if the IP address or domain is not included, the server may either bounce the email back to the sender or classify it as spam.

Administrators investigating the email delivery issues discovered that Microsoft had removed the “include:spf.protection.outlook.com” record from hotmail.com’s SPF record. As a result, any email sent by hosts listed in this record would fail SPF checks.

For example, the previous SPF record for hotmail.com included several authorized hosts, such as “spf.protection.outlook.com”. However, the current SPF record excludes this entry.

Hotmail users affected by this issue cannot resolve it on their own. They will have to wait for Microsoft to rectify the DNS entry.

Update 8/18/23: Microsoft informed BleepingComputer that they have resolved the problem, and Hotmail should no longer fail SPF checks. Upon further analysis of the SPF include statements for Hotmail.com, it was observed that missing IP ranges were added to other includes, ensuring proper SPF verification for all.