In the spirit of the FIFA Women’s World Cup, Microsoft scored an own goal this month when it failed to configure the SPF for Outlook.com correctly.
Bleeping Computer reported ‘Hotmail email delivery fails after Microsoft misconfigures DNS’, as users and admins across the globe were posting on social media and commenting about the problems.
The erroneous DNS record caused emails sent from Microsoft's Outlook Hotmail accounts to be rejected and dumped into spam folders. There are reportedly over 400 million Hotmail users globally, and many experienced issues with emails being returned due to errors relating to its Sender Policy Framework (SPF). That is, the recipient email service was unable "to confirm that [a] message came from a trusted location."
The Sender Policy Framework (SPF) is an outbound email authentication check that the sending mail server is authorised to originate mail from the email sender's domain.
It is used to assist in the detection of spoofing and phishing attacks. The authentication only applies to the email sender listed in the "envelope from" field during the initial SMTP connection, and the list of authorised sending hosts and IP addresses for a domain is published in the DNS records for that domain.
Two changes were noticed by users in social media forums:
- Removal of spf.protection.outlook.com from the record, and
- A change to the SPF failure condition from soft to hard.
Those changes caused messages from Hotmail to be rejected instead of going to a spam folder.
Bleeping Computer reported that “To configure SPF, admins create a special DNS TXT (text) record for a domain that specifies the specific hostnames and IP addresses allowed to send emails under that domain.
When a mail server receives an email, it will verify that the hostname/IP address for the sending email servers is part of a domain's SPF record, and if it is, allows the email to be delivered as usual.
However, if the IP address or domain of the sending mail server is not listed in the sender domain's SPF record, it will either bounce the email back to the sender with an error or put it in the recipient's SPAM folder.'
Microsoft posted at the time that: "Some users may receive non-delivery reports when attempting to send emails from hotmail.com."
On 18 August, they provided an update confirming that the problem was resolved; however, it is possible that some customers and their email users were impacted and is therefore useful to note for any inbound calls, or upcoming meetings and engagements.
Keeping Businesses Safe and Secure
Prevention is always better than a cure, and one of the best defences is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all email threats, so it’s crucial to remind customers that if they are using Microsoft 365, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a third-party cloud email solution like MailGuard.
MailGuard provides a range of solutions to keep businesses safe, from email filtering to email continuity and archiving solutions. Speak to your customers today to ensure they’re prepared, and get in touch with our team to discuss strengthening your customer’s Microsoft 365 security.
Talk to us
MailGuard's partner blog is a forum to share information; we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
