Am 13.08.25 um 08:45 schrieb Dan Malm via mailop:
Hi,
I've seen some chatter here about Microsofts rules for large senders and DKIM, but that discussion has missed one
perspective: forwarding. It appears Microsoft have decided that for "large senders" spf AND dkim AND dmarc ALL need to
pass (for the domain in the from header). That means it's impossible to forward mails from large senders to addresses
hosted by Microsoft:
5.7.515 Access denied, sending domain JULA.COM doesn't meet the required authentication level. The sender's domain in
the 5322.From address doesn't meet the authentication requirements defined for the sender. To learn how to fix this
see: https://go.microsoft.com/fwlink/p/?linkid=2319303 Spf= Fail , Dkim= Pass , DMARC= Pass
This seems like absolute madness to me.
Yes it is.
There are "simple" solutions:
* Don't forward. Use the mailbox provided by your mail account. I find that
every MUA that I use is able to support
multiple mail accounts easily. This works often, but you may be
organizationally restricted to not be able to do this.
* Don't use Microsoft for mail. It's not hard to set up and operate a mail
server. This works often, but you may be
organizationally restricted to not be able to do this. If you depend on the
Office365 integration including calendar
etc. well, tough, that's what you get for accepting vendor lock-in.
* Use a "mailing list style" forwarder which wraps forwarded messages in a way
that the forwarder is seen as the
SPF/DKIM sender. I don't have much experience with that except I know that
it mostly works for mailing lists, and it
should work for single forwards, too.
If you can't implement one of these, you're basically out of luck. In the long term, do whatever makes you independent
of the business decisions of a corporation that won't discuss them with their users.
Cheers,
Hans-Martin
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
