BLOG

Microsoft changes

There’s been quite a bit of breakage and delivery failure to various Microsoft domains this month. It started with them changing the MX for hotmail.co.uk, then the MX for hotmail.fr… and both these things seem to have broken mail. I also saw a report this morning that some of the new MXs have TLS certificates that don’t match the hostnames.

What’s going on?

Historically, Microsoft had two completely separate commercial mail systems, their free webmail and a hosted enterprise solution. The free mail systems started when MS purchased Hotmail, evolved into Live and then eventually Outlook. The enterprise solution is currently Office365. It, too, started off when MS purchased a filtering company and then evolved it into Office365.

A few years ago Microsoft decided they no longer wanted two email systems. So they were going to migrate both to the same back end.

That was 2 years ago…

Yes. Much of the backend stuff has been moving around behind the scenes over the last 2 years. Recently, though, they’ve been deploying new MX records for some of the regional Hotmail domains.

Why should we care?

Well, all things being equal we shouldn’t. But, y’know, nothing about email can ever be easy. On Sept. 1, 2017 a number of people started reporting that all their mail to hotmail.co.uk was bouncing with user unknown messages. Even addresses that were known live. That’s when some folks noticed that the MX records had updated from mx[1-4].hotmail.com to *.olc.protection.outlook.com.

Based on some of the discussions surrounding the change, Hotmail intended to make this change quietly and let the old and new MXs run in parallel. But, spammers had to ruin it. There were so many senders that didn’t update their MX records MS decided to set the old mail servers to reject all mail to hotmail.co.uk. This broke a bunch of stuff with senders, particularly for those who cache MX records for a very long time.

They fixed it.

It appears most senders / ESPs got the message and updated their MX records. MS, to their credit, realized this wasn’t an ideal situation and adapted their transition process. It appears hotmail.fr is the next regional domain to move to the new MX. Instead of swapping out all of the records, MS has added *.olc.protection.outlook.com to the MX records for hotmail.fr. Mail to hotmail.fr is being handled by both the old mx[1-4].hotmail.com and the new *.olc.protection.outlook.com servers. I expect that they’ll phase out the old ones at some point.

Mostly.

Of course, the only reason I know the changes have happened at hotmail.fr is because I’ve seen some folks mentioning problems with sending to those domains. So not everything is wonderful here. I don’t have many details on what the symptoms are, but if you’re seeing some level of problems to hotmail.fr it’s possible it’s them and not you.

There was also a report on the mailop list today that there is an issue with the TLS certificates on the new MX domains – the server names don’t match. This is minor, but may cause TLS to fail until they fix it.

What now?

Microsoft is undertaking a major infrastructure upgrade, without taking down any services. It’s not going to happen as smoothly or as transparently as anyone wants it to. The issues we’ve seen so far are all pretty minor given the scope of the project. If we can get through the rest of this changeover with this level of hiccups we should all be thankful.

Do be aware that things might change and delivery might be erratic until the changeover is finished. Just keep sending good mail and give them the space to work things out on their end. Even though in the short term this might drive up the consumption of antacids, I think long term, this is going to be a win.

 

3 comments

  1. ed says

    The UK change first happened on June the 7th, and the new MX record was included along with the Hotmail legacy ones (just as it’s currently been done in FR). If they follow the same path, we should see the Hotmail MXs in FR being removed in 3 months or so.

  2. Benjamin says

    Good luck to MS’s engineers in this, then when it’s over, they’ll have to make SNDS colors match the filter results of this new system 😉

  3. ed says

    Additional MS domains have now added the protection.outlook.com MX, such as hotmail.com, msn.com and live.com

Comment:

Your email address will not be published. Required fields are marked *



  • OTA joins the ISOC

    The Online Trust Alliance (OTA) announced today they were joining forces with the Internet Society (ISOC). Starting in May, they will operate as an initiative under the ISOC umbrella. “The Internet Society and OTA share the belief that trust is the key issue in defining the future value of the Internet,” said Internet Society President and CEO, Kathryn Brown. “Now is the right time for these two organizations to come together to help build user trust in the Internet. At a time when cyber-attacks and identity theft are on the rise, this partnership will help improve security and data privacy for users,” added Brown.No Comments


  • Friday blogging... or lack of it

    It seems the last few Friday's I've been lax on posting. Some of that is just by Friday I'm frantically trying to complete all my client deliverables before the weekend. The rest of it is by Friday I'm just tired. Today had the added complication of watching the Trumpcare debate and following how (and how soon) it would affect my company if it passed. That's been a bit distracting, along with the other stuff I posted about yesterday. I wish everyone a great weekend.1 Comment


Archives