There’s been quite a bit of breakage and delivery failure to various Microsoft domains this month. It started with them changing the MX for hotmail.co.uk, then the MX for hotmail.fr… and both these things seem to have broken mail. I also saw a report this morning that some of the new MXs have TLS certificates that don’t match the hostnames.
What’s going on?
Historically, Microsoft had two completely separate commercial mail systems, their free webmail and a hosted enterprise solution. The free mail systems started when MS purchased Hotmail, evolved into Live and then eventually Outlook. The enterprise solution is currently Office365. It, too, started off when MS purchased a filtering company and then evolved it into Office365.
A few years ago Microsoft decided they no longer wanted two email systems. So they were going to migrate both to the same back end.
That was 2 years ago…
Yes. Much of the backend stuff has been moving around behind the scenes over the last 2 years. Recently, though, they’ve been deploying new MX records for some of the regional Hotmail domains.
Why should we care?
Well, all things being equal we shouldn’t. But, y’know, nothing about email can ever be easy. On Sept. 1, 2017 a number of people started reporting that all their mail to hotmail.co.uk was bouncing with user unknown messages. Even addresses that were known live. That’s when some folks noticed that the MX records had updated from mx[1-4].hotmail.com to *.olc.protection.outlook.com.
Based on some of the discussions surrounding the change, Hotmail intended to make this change quietly and let the old and new MXs run in parallel. But, spammers had to ruin it. There were so many senders that didn’t update their MX records MS decided to set the old mail servers to reject all mail to hotmail.co.uk. This broke a bunch of stuff with senders, particularly for those who cache MX records for a very long time.
They fixed it.
It appears most senders / ESPs got the message and updated their MX records. MS, to their credit, realized this wasn’t an ideal situation and adapted their transition process. It appears hotmail.fr is the next regional domain to move to the new MX. Instead of swapping out all of the records, MS has added *.olc.protection.outlook.com to the MX records for hotmail.fr. Mail to hotmail.fr is being handled by both the old mx[1-4].hotmail.com and the new *.olc.protection.outlook.com servers. I expect that they’ll phase out the old ones at some point.
Of course, the only reason I know the changes have happened at hotmail.fr is because I’ve seen some folks mentioning problems with sending to those domains. So not everything is wonderful here. I don’t have many details on what the symptoms are, but if you’re seeing some level of problems to hotmail.fr it’s possible it’s them and not you.
There was also a report on the mailop list today that there is an issue with the TLS certificates on the new MX domains – the server names don’t match. This is minor, but may cause TLS to fail until they fix it.
Microsoft is undertaking a major infrastructure upgrade, without taking down any services. It’s not going to happen as smoothly or as transparently as anyone wants it to. The issues we’ve seen so far are all pretty minor given the scope of the project. If we can get through the rest of this changeover with this level of hiccups we should all be thankful.
Do be aware that things might change and delivery might be erratic until the changeover is finished. Just keep sending good mail and give them the space to work things out on their end. Even though in the short term this might drive up the consumption of antacids, I think long term, this is going to be a win.