Re: [mailop] SPF fragility vs. utility

Mon, 11 Nov 2024 06:21:14 -0800

+1 - I've also heard second-hand that allegedly improvements are in the works Microsoft has made through the month of October on this, and a tentative fix is slated for Nov. 18. I don't have any reason to not believe this source - but like most others here, I'll believe it when I see it reflected in the data. 


This issue is apparently related to a bug with Windows DNS (that the 
Microsoft antispam/defender services use) in certain situations that 
cause these DNS retry errors, which affects SPF, as well as DKIM 
evaluation. It's a very odd issue, even highly elevated TTLs don't 
improve it all.



- Mark Alley


On 11/11/2024 8:01 AM, Vladimir Gabrielescu via mailop wrote:

They are definitely working on it,  if not very fast, we have been 
working with their engineering team on this for some time, and they 
 know they have a problem but the problem is not in the hands of their 
exchange team, the problem is on the side of the DNS servers software 
stack so I suspect priorities are mixed.


Vlad c/o postmas...@rutgers.edu
------------------------------------------------------------------------

*From:* mailop <mailop-boun...@mailop.org> on behalf of Gellner, 
Oliver via mailop <mailop@mailop.org>

*Sent:* Monday, November 11, 2024 8:48 AM
*To:* mailop <mailop@mailop.org>
*Subject:* Re: [mailop] SPF fragility vs. utility
On 21.10.2024 at 11:32 Gellner, Oliver via mailop wrote


> On 17.10.2024 at 19:43 L. Mark Stone via mailop <mailop@mailop.org> 
wrote:



>> Back in May at the InboxExpo conference in Atlanta, I was told by a 
consultant to very large senders that they advise customers to set 
their DMARC to "p=quarantine" because they had been observing that 
Microsoft's processing of some emails was causing DKIM failures - in 
as much as 30% of their customers' email campaigns traffic.
>> We didn't discuss the technical details (other than Microsoft's 
processing altered the emails in such a way as to cause the DKIM 
fails), but thought that might be helpful to share (possibly related?) 
as regards the OP's issue with Mimecast, with whom we had numerous 
difficulties, and whose Partnership we elected not to renew a while back.



> I cannot confirm 30%, but when I grep Microsoft DMARC reports for 
temperror, there are hundreds of hits. Nevertheless I don't see why 
you should change your policy because one recipients is unable to 
reliably operate a DNS client.



To update my own post, in the meantime Uriports published a blog post 
about the reoccurring problem of temperrors in DMARC reports sent by 
Microsoft: 
https://www.uriports.com/blog/outlook-com-dkim-temperror-in-dmarc-reports/ 
According to their statistics 0,6% of all the DMARC reports which they 
receive from Hotmail / Outlook contain a DKIM result of "temperror". 
That's 600 times (or 60000%) more than the average of other providers. 
Uriports runs a DMARC monitoring service and receives reports from 
many different companies, so the issue does not seem to be restricted 
to our DNS servers. They claim: "The primary cause is Microsoft’s 
ongoing DNS resolution issues, which the company is actively working 
to resolve." I'm unsure if that's true and and when Microsoft started 
working on those DNS resolution issues, as I mentioned this problem on 
this list already in the beginning of 2023 and it is still ongoing.


--
BR Oliver
________________________________

dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777

dmt...@dm.de<mailto:dmt...@dm.de <mailto:dmt...@dm.de>> * 
www.dmTECH.de<http://www.dmtech.de>

GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher
________________________________
Datenschutzrechtliche Informationen

Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen 
oder sich bei uns bewerben, verarbeiten wir personenbezogene Daten. 
Informationen unter anderem zu den konkreten Datenverarbeitungen, 
Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer 
Datenschutzbeauftragten finden Sie 
hier<https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832>.

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

























					Reply via email to