MX records are one of the few records that can contain name compression. I think you'll find you're looking at the labels for "outlook-com.olc.protection" followed by a pointer to "outlook.com." earlier in the message.

EDIT: Yep, wireshark shows the byte sequence c00c following "protection". c00c is a compression pointer to "outlook.com." in the question section of the message.

I don't think you appreciate how old DNS is or why it uses the data structures it does.

DNS uses a binary format on the wire. MX records are defined as a 16-bit integer followed by a domain name. On the wire a domain name is a series of length prefixed octets or a pointer to another set of octets. IP addresses in A and AAAA are represented as a fixed length series of octets. It's apples and oranges.

> Oh, DNS is full of these kinds of “not in a RFC but needed to resolve names” corner cases.

What? It's in RFC 1035, and that's noted in the article. There is lots of corner cases in the DNS. This is not one.