allanwallace.uk : Blog

Microsoft Office 365 mailservers with no DNS / no rDNS

AM0PR01MB5282.eurprd01.prod.exchangelabs.com (IP TBC) | 15/01/2019 @ 10:37 GMT

AM0PR01MB4162.eurprd01.prod.exchangelabs.com (52.135.144.159) | 16/02/2019 @ 10:31 GMT


EUR01-DB5.obe.outbound.protection.outlook.com (213.199.154.175 (TBC)) | 09/07/2019 @ 11:52 BST



Why the RED?

1 - the FQDN for the server does not exist in DNS
(See RFC2821 Section 3.6 Domains)

2 - the IP address does not have any rDNS
(See RFC2821 Section 3.6 Domains)

3 - the IP address is not permitted by the recommended SPF record
("A simple oversight" I am sure...)


i.e.
The Microsoft Office 365 recommended SPF record* does NOT allow all relevant servers.

This seems to be a bit of a fail by Microsoft, I'm not sure why they do this other than to make life difficult for 3rd party MX.

*As of 16/01/2019 @ 10:35 this is the chain of SPF records:
Source:
https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-spf-in-office-365-to-help-prevent-spoofing

Which essentially states:
If you're using Exchange Online (which is Common for Office 365 customers) then Add this...
include:spf.protection.outlook.com

So, here you go:
spf.protection.outlook.com:
v=spf1 ip4:207.46.100.0/24 ip4:207.46.163.0/24 ip4:65.55.169.0/24 ip4:157.56.110.0/23 ip4:157.55.234.0/24 ip4:213.199.154.0/24 ip4:213.199.180.128/26 ip4:52.100.0.0/14 include:spfa.protection.outlook.com -all

spfa.protection.outlook.com
v=spf1 ip4:157.56.112.0/24 ip4:207.46.51.64/26 ip4:64.4.22.64/26 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:134.170.140.0/24 include:spfb.protection.outlook.com ip6:2001:489a:2202::/48 -all

include:spfb.protection.outlook.com
v=spf1 ip6:2a01:111:f400::/48 ip4:23.103.128.0/19 ip4:23.103.198.0/23 ip4:65.55.88.0/24 ip4:104.47.0.0/17 ip4:23.103.200.0/21 ip4:23.103.208.0/21 ip4:23.103.191.0/24 ip4:216.32.180.0/23 ip4:94.245.120.64/26 -all



I may be mistaken - but I cannot see how any of the servers listed above are permitted by the CORRECT SPF RECORD published by Microsoft.

I also wonder why the servers have "exchangelabs.com" domains in their FQDNs (FQDNs that typically are NXDomain)...
- surely labs are not for PRODUCTION use?...


Here (.csv) is a partial list of FQDNs given by Office 365 servers when they try to deliver genuine emails to one or more mx I manage:

I think this is something requiring further investigation, more news soon.

Last Updated2019/07/09 12:52 CET.

Cookie Policy
Privacy Policy
Security Policy
Terms & Conditions

© 2019 Allan Wallace