IPv6 addresses for Microsoft Office 365 hosted domains?

Dick Visser visser at terena.org
Thu Nov 27 20:02:00 CET 2014 

On a related note, I'm in the process of setting up mail for our new
domain, and Office365 was one of the options.
I was surprised to see that Office 365 hosted domains have only one
MX, which resolves to only two IPv4 addresses:

visser at cajones:~$ host geant-org.mail.protection.outlook.com.
geant-org.mail.protection.outlook.com has address 213.199.154.87
geant-org.mail.protection.outlook.com has address 213.199.154.23

Both sit in the same network, which seems like a bad idea.
Unless this is anycast? Can't tell from here.

However, MS seems to have changed things recently:

http://blogs.msdn.com/b/tzink/archive/2014/10/28/support-for-anonymous-inbound-email-over-ipv6-in-office-365.aspx

Better late than never.

The alternative for e-mail is Google Apps, which has IPv6 for years.


Dick




On 27 November 2014 at 03:00, Frank Bulk <frnkblk at iname.com> wrote:
> This afternoon I saw several log messages in our email server's logs in
> relation to emails our local business customer (who uses our ISP email
> server) was trying to send to a Microsoft Office 365 hosted domain:
>
> "[::ffff:12.43.166.xx] Site <target domain redacted>
> (2a01:111:f400:7c0c::11) said after data sent: 554 5.7.1 Service
> unavailable, message sent over IPv6 [2607:fe28:0:4000::10] must pass SPF or
> DKIM validation (message not signed)"
>
> The PTR for 2a01:111:f400:7c0c::11 is
> mail-by26c0c.inbound.protection.outlook.com.
>
> But when I check the MX record of the target domain I see there's no AAAA
> for the <redacted>.mail.eo.outlook.com, just three A's.
>
> Fortunately we control our local business customer's DNS and I've added in
> our email server's DKIM so that future emails, if they were sent over IPv6,
> should be accepted by Microsoft.  Our customer has no SPF record.
>
>
> I also saw two log messages for two Microsoft Office 365 hosted domains:
> 26 13:30:59.00 [56882563] Failed ::ffff:199.120.69.25
> <notification+kyg2kgex at facebookmail.com> <target domain1 email redacted>
> 9259 <1502549920004098-1497189607206796 at groups.facebook.com>
> "[::ffff:199.120.69.25] ubad=0, Site (target domain1
> redacted/2a01:111:f400:7c10::1:10) said: 550 5.2.1 Service Unavailable,
> [target domain1 redacted] does not accept email over IPv6"
> 26 19:04:52.00 [83985160] Failed ::ffff:12.43.166.20 <from redacted> <target
> domain2 email redacted> 6546 <0EBCBB96763E41B2A4CD9A4CD3DD94BE at sp.local>
> "[::ffff:12.43.166.20] ubad=1, Site (target domain2 email
> redacted/2a01:111:f400:7c0c::11) said: 550 5.2.1 Service Unavailable,
> [target domain2 email redacted] does not accept email over IPv6"
>
> There's no PTR for 2a01:111:f400:7c10::1:10.  I checked the last 7 days of
> logs I only saw these today.
>
> It's like Microsoft published some AAAA's for some MX records, but then
> withdrew them, but not before there were a few failures.
>
> Frank
>
>
>



-- 
Dick Visser
Sr. System & Networking Engineer
GÉANT Association, Amsterdam Office (formerly TERENA)
Singel 468D, 1017 AW Amsterdam, the Netherlands
Tel: +31 (0) 20 530 4488

GÉANT Association
Networking. Services. People.

Learn more at: http://www.géant.org

More information about the ipv6-ops mailing list