This issue was fixed by the Office 365 support (the escalated/backend team) as it has nothing to do with our settings. How do we stop external emails from being marked as junk by EOP during coexistence stage of a Hybrid Deployment? Note: 23.1.4.9 is the public IP address of the on-premises hybrid Exchange 2010 server connector to Exchange Online. discourages use of 23.1.4.9 as permitted sender)įor message headers with X-Forefront-Antispam-Report, refer to Received-SPF: SoftFail (: domain of transitioning Smtp.mailfrom= ĭkim=fail (signature did not verify) header.d= (: hp.com does not designate permitted sender hosts)Įxample 3: from Gmail to O365 Authentication-Results: spf=softfail (sender IP is 23.1.4.9) (message not signed) header.d=none Received-SPF: None Helo= X-MS-Exchange-Organization-SCL: 5Įxample 2: from HP to O365 Authentication-Results: spf=none (sender IP is 23.1.4.9) Received-SPF: Fail (: domain of does not designateĢ3.1.4.9 as permitted sender) receiver= client-ip=23.1.4.9 Smtp.mailfrom= ĭkim=none (message not signed) header.d=none (On-premises mailboxes do not show this problem only mailboxes migrated to Office 365 do.)Įxample 1: from Microsoft to O365 Authentication-Results: spf=fail (sender IP is 23.1.4.9) The problem is when external users sends emails to an Office 365 mailbox in the organization (mail flow: External -> Mail Gateway -> on-premises mail servers -> EOP -> Office 365), EOP performs an SPF lookup and hard/soft failing messages with the external facing IP address of the Mail Gateway from which it received the mail. MX records are pointing at the on-premises as we haven't completed migrating all mailboxes from on-premises to Exchange Online.Off-Premises = Office 365 (Exchange Online).On-Premises = Exchange 2003 (Legacy) & 2010 (Installed for Hybrid Deployment).This is a Hybrid Deployment/Rich-Coexistence configuration, where: We are at the beginning of migrating mailboxes to Office 365 (Exchange Online). This happens with all external domains (e.g. In short: legitimate emails are landing in Junk folders as EOP (Exchange Online Protection) stamps email messages as junk (SCL5) and SPF-failed.
0 kommentar(er)
