> On 13 Aug 2025, at 07:45, Dan Malm via mailop <[email protected]> wrote: > > Hi, > > I've seen some chatter here about Microsofts rules for large senders and > DKIM, but that discussion has missed one perspective: forwarding. It appears > Microsoft have decided that for "large senders" spf AND dkim AND dmarc ALL > need to pass (for the domain in the from header). That means it's impossible > to forward mails from large senders to addresses hosted by Microsoft: > > 5.7.515 Access denied, sending domain JULA.COM doesn't meet the required > authentication level. The sender's domain in the 5322.From address doesn't > meet the authentication requirements defined for the sender. To learn how to > fix this see: https://go.microsoft.com/fwlink/p/?linkid=2319303 Spf= Fail , > Dkim= Pass , DMARC= Pass > > This seems like absolute madness to me.
While it is madness to expect every domain in a message to align that’s not what’s going on here. Microsoft are incorrectly marking mail as authentication failed when the authentication isn’t failing. Some folks think it might be related to DNS TTLs. Steve talked about it here: https://www.wordtothewise.com/2025/07/dont-make-your-dns-ttls-too-short/ laura -- The Delivery Expert Laura Atkins Word to the Wise [email protected] Delivery hints and commentary: http://www.wordtothewise.com/blog
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
