Hotmail blackholing certain IP ranges ?

Some sites have recently reported problems mailing hotmail due to
inability to resolve the hotmail MX records. This appears to be due to
the hotmail DNS servers now blackholing DNS queries where the UDP source
port was < 1024.

I can reproduce this here and now, but don't know if it's new.


Yeah they and a few others started doing this not too long ago (few months). I thought perhaps something common got upgraded/patched but then I just thought that it was a rather odd configuration change…

It certainly is new. A chap I know (for some reason) set his source port for queries to be port 53 and his DNS queries started to fail.

A source port of 53 is permitted through (tested against all listed NSes from multiple locations). TCP queries are dropped, which is a slight worry as the 'any' response is sitting a mere 12 bytes short of the magic 512 byte truncation value.

It was the default source port for DNS queries in some versions of BIND. And
may well still be (I don't do those versions of BIND). The main reason for
changes was that you need root privilege to bind to those ports in
traditional Unix model, and people wanted to run DNS as a non-root user.

The more general bitbucketing of hotmail email is well known (try Google or
Yahoo! search engines to find out more).

In general people should be advising against using Hotmail until Hotmail fix
the bitbucketing issue, as encouraging it will undermine the reliability of

Presumably eventually (like AOL did) Hotmail will bitbucket some email
important enough to make them realise the error of their ways, meanwhile
Hotmail users get a service which is worth about what most of them pay for

Simon Waters wrote:

Tongue in cheek:

  Perhaps they upgraded to Vista on their servers and they are all waiting
  for someone to come around and answer the "Someone is trying to send
  mail through this server. Cancel or Allow?" prompts.


They can have remote desktop sessions to an Indian city somewhere and employ a few thousand people to click the OK buttons :wink:

Yeah but that's not really an option our customer wants to hear :wink:
He has several valid mailinglists which he moved to a new server, and it happens to have quite some hotmail addresses on it.

I would advise against using Hotmail anyway :wink: Of course the problem is that Hotmail never seem to get the flack from customers, it always ends up at the ISP (i.e. us) because of course it CAN'T be Hotmail's fault..


Met vriendelijke groet,

Jeroen Wunnink,
EasyHosting B.V. Systeembeheerder

telefoon:+31 (035) 6285455 Postbus 48
fax: +31 (035) 6838242 3755 ZG Eemnes

In addition to aligning A and PTR records with the outgoing banner try the

-Use the "Spam Database Lookup" tool to check the server's IP
against a ton of RBLs. If listed, get it delisted
-Ensure that the domain you are sending from has an SPF record allowing that
server to send
-If your SMTP server support domain keys, set that up
-Ensure that the sending domain has an MX record. This MX record should
point back to a server that will respond with a banner having a matching
domain name. Also, it would not hurt if it had an A record pointing
somewhere (I know some email servers will do loopback checks to ensure that
the sending domain actually has a email and/or webserver).
-Check the range to see if it is on any bogon list (as we all know, some
ISPs and bogon list operators tend not to update their block lists with the
current IP assignments).
-Lastly, change the IP of the email server. Don't move it to a new range,
just one IP over (incase it got itself on some internal hotmail blacklist).

Hope that helps,
Adam Stasiniewicz

Keep in mind...

To the best of my understanding, Hotmail isn't using any of the 200+
DNSBLs listed on DNSStuff. (And 99% of the DNSBLs listed on DNSStuff
aren't used by any major receiving sites.)

DomainKeys is not used by Hotmail.

Changing the IP address is likely to make the problem worse, not
better. A lot of this is Hotmail clamping down on IP addresses with no
history; switching to a new IP with no history starts the cycle over.