Well I am not talking about mail sent TO a Office 365 tenant. It was sent FROM a Office 365 tenant to a @QQ.com address, and they bounced it for a SPF failure, even though the SPF record for the sending domain clearly includes the IP address they said failed SPF.
Jason Carter IT Manager Microsoft Enterprise Applications and Systems Information Technology Services | Florida State University p 850.645.8069 | w its.fsu.edu<https://its.fsu.edu/> ________________________________ From: mailop <mailop-boun...@mailop.org> on behalf of Michael Wise via mailop <mailop@mailop.org> Sent: Monday, December 2, 2019 7:02 PM To: mailop@mailop.org <mailop@mailop.org> Subject: Re: [mailop] QQ failing Office 365 emails for SPF? At Microsoft, be that either mail sent to an Office365 tenant or a Hotmail / Outlook customer, the DMARC p=reject will *NOT* generate a bounce. For many, many reasons. Primarily because the SPF/DKIM/DMARC checks are done *AFTER* the email has been received, and the port 25 connection has been closed. Secondarily because, in light of the above, it would make backscatter issues worse, and possibly result in a DDOS attack. Load concerns makes any other approach impractical. Aloha, Michael. -- Michael J Wise Microsoft Corporation| Spam Analysis "Your Spam Specimen Has Been Processed." Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ? From: mailop <mailop-boun...@mailop.org> On Behalf Of Jason Carter via mailop Sent: Monday, December 2, 2019 3:56 PM To: mailop@mailop.org Subject: [外部] [mailop] QQ failing Office 365 emails for SPF? Any using Office 365 that has a domain at DMARC=REJECT see any bounce backs for mail sent to QQ.com addresses for SPF failures, when they IP address they mentioned failed is clearly in the SPF record? Example: Reported error: 550 5.7.23 The message was rejected because of Sender Policy Framework violation -> 550 DMARC check failed [MTIzknf/jEeC0aTwbOXvrBiAcTvXxZqFXcru3oWyMZucp1BLJ8LQWCk= IP: 40.107.82.82]. http://service.mail.qq.com/cgi-bin/help?subtype=1&&no=1001508&&id=16<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fservice.mail.qq.com%2Fcgi-bin%2Fhelp%3Fsubtype%3D1%26%26no%3D1001508%26%26id%3D16&data=02%7C01%7Cmichael.wise%40microsoft.com%7C9ee681f75f064ffc0ec508d777837659%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637109278821033282&sdata=1ADZYuT3BnHLIlaJEhBPEIc1v61CfiuL5ymI6n%2F24Js%3D&reserved=0> DMARC指引_QQ邮箱帮助中心<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fservice.mail.qq.com%2Fcgi-bin%2Fhelp%3Fsubtype%3D1%26%26no%3D1001508%26%26id%3D16&data=02%7C01%7Cmichael.wise%40microsoft.com%7C9ee681f75f064ffc0ec508d777837659%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637109278821033282&sdata=1ADZYuT3BnHLIlaJEhBPEIc1v61CfiuL5ymI6n%2F24Js%3D&reserved=0> 一、DMARC(Domain-based Message Authentication,Reporting & Conformance)DMARC是一种基于现有的SPF和DKIM协议的可扩展电子邮件认证协议,在邮件收发双方建立了邮件反馈机制,便于邮件发送方和邮件接收方共同对域名的管理进行完善和监督... service.mail.qq.com . DSN generated by: BN6PR02MB2308.namprd02.prod.outlook.com Remote server: newxmmxszb50.qq.com 40.107.82.82 is within 40.107.0.0/16, which is in the SPF record they ask you to use: spf.protection.outlook.com Jason Carter IT Manager Microsoft Enterprise Applications and Systems Information Technology Services | Florida State University p 850.645.8069 | w its.fsu.edu<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fits.fsu.edu%2F&data=02%7C01%7Cmichael.wise%40microsoft.com%7C9ee681f75f064ffc0ec508d777837659%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637109278821043275&sdata=QTIHgdWehMnfjh6%2F6zQjNF8I4zR3DbXE3YCxIXWFv4g%3D&reserved=0>
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop