Dnia 26.09.2025 o godz. 09:30:57 Sebastian Nielsen via mailop pisze: > You must see it from the point of view of the SECOND server (second microsoft > 365 that the tenant is hosted on). > Not the intermediate "smarthost" Microsoft 365 server that directly receives > your mail based on SPF. > > The second server has no way to know that the first server really validated > SPF on the incoming mail.
And that exactly is the MISconfiguration I'm talking about. The first server, after validating the SPF, should add a specific header to email (which may be signed with an internal Microsft cryptographic key), that all following servers would be able to validate and thus know the first server has already validated SPF. > And here is where DirectSend comes in, ALL Microsoft > Servers needs to be able to validate if the Tenant domain is valid as a > sender, either via SMTP Auth or via DirectSend configuration. Or the header mentioned above, or multitude of any other possible methids, if they only HAVE THOUGHT about such a scenario. Instead, they just require that any mail that has a sender domain being MS tenant to another MS tenant effectively MUST be sent FROM MS infrastructure. Which you confirm below, and which is simply wrong. > As I said, ask the council to create a account for you in their Microsoft 365 > Server. > Then send the invoices via that account. The ultimate solution is to discourage every organization from using MS, Google, and any other "big guys" as their mail hoster. -- Regards, Jaroslaw Rafa [email protected] -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
