We configured a new email sending service and kept the DNS TTLs low on the TXT records for SPF, DKIM, and DMARC, in case we needed to change them. We saw a lot of mystery failures for emails going to Microsoft inboxes (M365 and Outlook.com). Changing the TTLs to be very long (86400 or more) caused a large improvement within a day to two.

The only way I can think to explain this is that some of their DNS lookups would time out if they had to follow recursion back to our DNS provider. Lengthening the TTL increased the chance the records would be cached locally to Microsoft’s systems and therefore served faster.

The only other explanation I can think of is that MS prefers longer TTLs as a matter of policy and downgrades based on that. But usually they publish policy preferences like that and I could not find one.

One of those is mine (I have SPF records but no DKIM or DMARC). I don't seem to have any issues. I'm not a "bulk sender" though, and my domain has existed since 2002.

Meanwhile a whole lot of the spam I'm seeing comes either through gmail/outlook.com, or from domains with valid DKIM setups (either because the domain got owned, or because it was just 'correctly' set up... for spamming)