I’m seeing mail get bounced by cloudflare for the reason:
mx.cloudflare.net gave this error:
2a01:111:f403:7004::80d isn't allowed to send email for <user>@hotmail.com.
Initially I assumed this was related to the recent hotmail SPF changes, however I continued checking and found that the given IP is in fact included in their records.
Checking the records, spf-b.hotmail.com includes 2a01:111:f403::/49
(2a01:0111:f403:0:0:0:0:0 - 2a01:0111:f403:7fff:ffff:ffff:ffff:ffff)
mxtoolkit gives it the greenlight for that reason (https://mxtoolbox.com/SuperTool.aspx?action=spf%3ahotmail.com%3a2a01%3a111%3af403%3a7004%3a%3a80d&run=toolpage)
So it seems the SPF records are valid, but cloudflare is rejecting the mails anyway? Possibly cloudflare is using cached records, or isn’t doing the IPV6 netmask parsing correctly?
Anyone able to verify what I’m seeing?
It’s been a few hours since your post though, - but:
spf-b.hotmail.com, as you mention, has a DNS TTL of 3600 seconds (1 hour), if Microsoft changed their SPF again shortly before the message you saw, there is obviously a chance that it would have been cached for a little while after the change.
To rule out any kind of suspicion here, I have just tested IPv6 (and subnet) parsing through Cloudflare Email Routing, and it seems to work perfectly fine:
I’m passing SPF just fine with an ip6: mechanism holding a /56 subnet.
I can at least verify that according to your explanation, the IPv6 address mentioned should indeed be passing for deliveries from @hotmail.com now.
Are you seeing any difference, … or is it still appearing to be the same from your end?
1 Like
I’ve got my hotmail friends to send some test messages, but so far none have come through from IPV6 addresses, so can’t say for sure.
I’ll keep an eye on it, and post here if anything happens.
1 Like