-1

PROBLEM: Outlook.com web app (OWA), synchronized with my local server via IMAP and SMTP(STARTTLS), returns "Undeliverable message" for all messages sent.

PROPOSAL: (rejected) This returning message points the issue comes up with the SPF and sugests updating DNS entry with a dynamic IP xx.xxx.xx.xxx A dynamic IP??? Nope.

PROPOSAL: (not working) Mocosoft sugests updating SPF entry with this entry ip4:23.103.224.0/19 ip4:206.191.224.0/19 ip4:40.103.0.0/16 include:spf.protection.outlook.com Working? Nope.

This was the "undeliverable message" received.

Technical details InvalidRecipientsException: Invalid recipients were provided for the message: 'xxxxxxxx@gmail.com' (550 5.7.23 : Recipient address rejected: Message rejected due to: domain owner discourages use of this host. Please see http://www.openspf.net/Why?s=mfrom;id=tadeus@mylocaldomain.com;ip=40.101.102.85;r= ). --> Respuesta del servidor SMTP inesperada. Esperado: 250, real: 550, respuesta completa: 550 5.7.23 : Recipient address rejected: Message rejected due to: domain owner discourages use of this host. Please see http://www.openspf.net/Why?s=mfrom;id=tadeus@mylocaldomain.com;ip=40.101.102.85;r=

Failure code: 8f93

Pierre.Vriens
  • 1,159
  • 34
  • 15
  • 19
Daniel Ramos
  • 1
  • 2
  • For a resolution to your problem, please post the actual domain you are having the issue with. Note that your domain and its DNS records are already public information, so you are not revealing anything useful to an attacker. – Paul Dec 22 '18 at 21:29

1 Answers1

-3

SOLUTION: In my absolute despair, and watching that my entry with google was working include:_spf.google.com, I throw the dice and found the solution in an underline "_". Just include this into your DNS SPF entry:

include:_spf.protection.outlook.com

This worked for me perfectly! Hope works for you too.

Bonus1. A correct entry could be like this:

spf1: ip4:xxx.xxx.xxx.xxx include:_spf.protection.outlook.com ~all

Bonus2. Or this

spf1: include:example.com include:_spf.protection.outlook.com ~all

UPDATE MXtoolbox passed ok with _spf.protection.outlook.com and working perfectly in three different domains at the moment in my dedicated server, hosted by ionos (old 1and1). mxtoolbox report. Thank you for your comments.

Daniel Ramos
  • 1
  • 2
  • 2
    But looking on internet, spf.protection.outlook.com does have a txt resolution with spf settings. _spf.protection.outlook.com doesn't appear to exist. So whatever made it work should not be proposed as a good solution anyway. Perhaps you exceeded the maximum dns resolution allowed (10) ? There are online sites to check for anomalies. eg: https://www.kitterman.com/spf/validate.html or https://mxtoolbox.com/spf.aspx – A.B Dec 21 '18 at 22:52
  • 1
    `spf.protection.outlook.com` having an SPF `TXT` record and `_spf.protection.outlook.com` not, this is clearly a misguiding answer. – Esa Jokinen Dec 22 '18 at 04:56
  • 1
    With OP's domain obfuscated, it's not easy. spf.protection.outlook.com txt entry ends with "-all" thus probably forcing denial despite the subsequent "~all" on OP's dns. OP's server IP and actual domain would probably be needed. Currently OP just removed any strong protection (by having "~all" be evaluated and more often than not accepted for emails). – A.B Dec 22 '18 at 11:37
  • 1
    Are you understanding that the entry `include:_spf.protection.outlook.com` is doing completely nothing because there's nothing behind _spf.protection.outlook.com? This can't be an answer. – A.B Dec 23 '18 at 09:56