Sending emails from Microsoft managed email services like Outlook.com and Office 365 to our domain which has DNS hosted on Cloudflare has a terrible 8 hrs to 24 hrs delay. In some cases the mail is never received and a bounce email with the following error is received.
11/26/2021 2:53:45 AM - Server at abcde.com (0.0.0.0) returned '450 4.4.312 DNS query failed
Does Cloudflare block certain Microsoft email services? Why does this happen and is there anyway around it?
We have been experiencing this for a number of months and can’t seem to find a solution around it. Any help would be much appreciated. Thank you.
MX is pointed to a CNAME which in turn is pointed to an A record and this A record is unproxied. I do not believe it is an issue with the DNS configuration because other mail services like Gmail, Yahoo mail and other self hosted emails do not have issues sending us email.
Microsoft hosted emails like hotmail, outlook and O365 however constantly have severe delays e.g. 8 - 24 hours in sending us email and other times errors like the one mentioned in the initial post are encountered and the email never arrives. On incredibly rare occasions some emails take 5 - 10 minutes which I think is acceptable. This has been happening for almost 6 months now.
I do feel there is a possibility that traffic is being blocked somewhere between Microsoft and Cloudflare and I do notice that there are others that face the same issue Redirecting.
I can confirm its something on Cloudflare’s end that may be prohibiting DNS queries from Microsoft’s servers. If I divert the DNS queries to another DNS server it has no issue delivering emails to our domain.
Is there a way to whitelist IP ranges from being blocked in Cloudflare? Microsoft’s IP listing is available.
Ah, so your MX record points to a hostname in Cloudflare that’s a CNAME to to an “A” record in Domain B. So it’s the CNAME lookup that’s failing?
Would you happen to know if there’s an error message for this lookup by Microsoft? Or are you seeing a bunch of NXDOMAIN in DNS analytics for that domain here? Unfortunately, not until you get to Enterprise plan will you get detailed DNS analytics.
As far as I know, there’s no way to block or allow DNS queries. I don’t think Cloudflare really cares about general DNS usage until it’s attacked.
You can try opening a ticket to see if they can watch for requests for that CNAME (or the “A” record in Domain B). Maybe even try to skip a step and set Domain A’s hostname that the MX record points to be an “A” record to skip the Domain B lookup.