IPv6 addresses for Microsoft Office 365 hosted domains?

Frank Bulk frnkblk at iname.com
Thu Nov 27 21:49:05 CET 2014


Thanks, Dick and Franck, that URL has some great information.

I'm 99% sure that neither Office365 customer turned IPv6 on and off, especially in the same afternoon (that MSDN blog entry notes that the customer has to specifically request it), so I'm guessing that something happened at MSFT that it accidentally turned on for a while for some customers.

Frank

-----Original Message-----
From: Dick Visser [mailto:visser at terena.org] 
Sent: Thursday, November 27, 2014 1:02 PM
To: Frank Bulk
Cc: mailop at mailop.org; IPv6 operators forum
Subject: Re: IPv6 addresses for Microsoft Office 365 hosted domains?

On a related note, I'm in the process of setting up mail for our new
domain, and Office365 was one of the options.
I was surprised to see that Office 365 hosted domains have only one
MX, which resolves to only two IPv4 addresses:

visser at cajones:~$ host geant-org.mail.protection.outlook.com.
geant-org.mail.protection.outlook.com has address 213.199.154.87
geant-org.mail.protection.outlook.com has address 213.199.154.23

Both sit in the same network, which seems like a bad idea.
Unless this is anycast? Can't tell from here.

However, MS seems to have changed things recently:

http://blogs.msdn.com/b/tzink/archive/2014/10/28/support-for-anonymous-inbound-email-over-ipv6-in-office-365.aspx

Better late than never.

The alternative for e-mail is Google Apps, which has IPv6 for years.


Dick




On 27 November 2014 at 03:00, Frank Bulk <frnkblk at iname.com> wrote:
> This afternoon I saw several log messages in our email server's logs in
> relation to emails our local business customer (who uses our ISP email
> server) was trying to send to a Microsoft Office 365 hosted domain:
>
> "[::ffff:12.43.166.xx] Site <target domain redacted>
> (2a01:111:f400:7c0c::11) said after data sent: 554 5.7.1 Service
> unavailable, message sent over IPv6 [2607:fe28:0:4000::10] must pass SPF or
> DKIM validation (message not signed)"
>
> The PTR for 2a01:111:f400:7c0c::11 is
> mail-by26c0c.inbound.protection.outlook.com.
>
> But when I check the MX record of the target domain I see there's no AAAA
> for the <redacted>.mail.eo.outlook.com, just three A's.
>
> Fortunately we control our local business customer's DNS and I've added in
> our email server's DKIM so that future emails, if they were sent over IPv6,
> should be accepted by Microsoft.  Our customer has no SPF record.
>
>
> I also saw two log messages for two Microsoft Office 365 hosted domains:
> 26 13:30:59.00 [56882563] Failed ::ffff:199.120.69.25
> <notification+kyg2kgex at facebookmail.com> <target domain1 email redacted>
> 9259 <1502549920004098-1497189607206796 at groups.facebook.com>
> "[::ffff:199.120.69.25] ubad=0, Site (target domain1
> redacted/2a01:111:f400:7c10::1:10) said: 550 5.2.1 Service Unavailable,
> [target domain1 redacted] does not accept email over IPv6"
> 26 19:04:52.00 [83985160] Failed ::ffff:12.43.166.20 <from redacted> <target
> domain2 email redacted> 6546 <0EBCBB96763E41B2A4CD9A4CD3DD94BE at sp.local>
> "[::ffff:12.43.166.20] ubad=1, Site (target domain2 email
> redacted/2a01:111:f400:7c0c::11) said: 550 5.2.1 Service Unavailable,
> [target domain2 email redacted] does not accept email over IPv6"
>
> There's no PTR for 2a01:111:f400:7c10::1:10.  I checked the last 7 days of
> logs I only saw these today.
>
> It's like Microsoft published some AAAA's for some MX records, but then
> withdrew them, but not before there were a few failures.
>
> Frank
>
>
>



-- 
Dick Visser
Sr. System & Networking Engineer
GÉANT Association, Amsterdam Office (formerly TERENA)
Singel 468D, 1017 AW Amsterdam, the Netherlands
Tel: +31 (0) 20 530 4488

GÉANT Association
Networking. Services. People.

Learn more at: http://www.géant.org




More information about the ipv6-ops mailing list