A so-called SPF error at Microsoft affected Hotmail users worldwide who send their emails through Outlook. The problem caused emails to be rejected from recipients.
Due to an error at Microsoft, Hotmail users were receiving “bounces” on their emails since Thursday, Aug. 18. These bounces were accompanied by a message indicating what’s known as Sender Policy Framework (SPF) errors.
SPF ensures that outbound e-mail messages receive authentication to prevent e-mail spoofing. This weeds out e-mails from mailboxes that use a fake e-mail address. Hackers use this form of impersonation to send phishing emails. Because of the flaw, receiving email services were unable to confirm that a message came from a trusted location.
Also read: EvilProxy phishing campaign hits thousands of Microsoft 365 accounts
Error due to two changes
End-user research revealed that the flaw caused two changes. First, the error removed ‘removing spf.protection.outlook.com’ from the DNS record. It also changed the so-called ‘SPF failure condition’ from soft to hard.
This resulted in suspicious messages from Hotmail having to be rejected and not banned to the spam box.
Resolved
Microsoft confirmed the error and immediately made a configuration change that was supposed to limit the impact of the problem. Later, however, the tech giant had to report that the problems were more severe than thought. Once again, configuration changes were made and the problem is now a thing of the past.