IPv6 addresses for Microsoft Office 365 hosted domains?
visser at terena.org
Thu Nov 27 20:02:00 CET 2014
On a related note, I'm in the process of setting up mail for our new
domain, and Office365 was one of the options.
I was surprised to see that Office 365 hosted domains have only one
MX, which resolves to only two IPv4 addresses:
visser at cajones:~$ host geant-org.mail.protection.outlook.com.
geant-org.mail.protection.outlook.com has address 220.127.116.11
geant-org.mail.protection.outlook.com has address 18.104.22.168
Both sit in the same network, which seems like a bad idea.
Unless this is anycast? Can't tell from here.
However, MS seems to have changed things recently:
Better late than never.
The alternative for e-mail is Google Apps, which has IPv6 for years.
On 27 November 2014 at 03:00, Frank Bulk <frnkblk at iname.com> wrote:
> This afternoon I saw several log messages in our email server's logs in
> relation to emails our local business customer (who uses our ISP email
> server) was trying to send to a Microsoft Office 365 hosted domain:
> "[::ffff:12.43.166.xx] Site <target domain redacted>
> (2a01:111:f400:7c0c::11) said after data sent: 554 5.7.1 Service
> unavailable, message sent over IPv6 [2607:fe28:0:4000::10] must pass SPF or
> DKIM validation (message not signed)"
> The PTR for 2a01:111:f400:7c0c::11 is
> But when I check the MX record of the target domain I see there's no AAAA
> for the <redacted>.mail.eo.outlook.com, just three A's.
> Fortunately we control our local business customer's DNS and I've added in
> our email server's DKIM so that future emails, if they were sent over IPv6,
> should be accepted by Microsoft. Our customer has no SPF record.
> I also saw two log messages for two Microsoft Office 365 hosted domains:
> 26 13:30:59.00  Failed ::ffff:22.214.171.124
> <notification+kyg2kgex at facebookmail.com> <target domain1 email redacted>
> 9259 <1502549920004098-1497189607206796 at groups.facebook.com>
> "[::ffff:126.96.36.199] ubad=0, Site (target domain1
> redacted/2a01:111:f400:7c10::1:10) said: 550 5.2.1 Service Unavailable,
> [target domain1 redacted] does not accept email over IPv6"
> 26 19:04:52.00  Failed ::ffff:188.8.131.52 <from redacted> <target
> domain2 email redacted> 6546 <0EBCBB96763E41B2A4CD9A4CD3DD94BE at sp.local>
> "[::ffff:184.108.40.206] ubad=1, Site (target domain2 email
> redacted/2a01:111:f400:7c0c::11) said: 550 5.2.1 Service Unavailable,
> [target domain2 email redacted] does not accept email over IPv6"
> There's no PTR for 2a01:111:f400:7c10::1:10. I checked the last 7 days of
> logs I only saw these today.
> It's like Microsoft published some AAAA's for some MX records, but then
> withdrew them, but not before there were a few failures.
Sr. System & Networking Engineer
GÉANT Association, Amsterdam Office (formerly TERENA)
Singel 468D, 1017 AW Amsterdam, the Netherlands
Tel: +31 (0) 20 530 4488
Networking. Services. People.
Learn more at: http://www.géant.org
More information about the ipv6-ops