Blog Post

Exchange Team Blog
3 MIN READ

Announcing New DMARC Policy Handling Defaults for Enhanced Email Security

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Jul 19, 2023
Domain-based Message Authentication, Reporting & Conformance (DMARC) is a standard that helps prevent spoofing by verifying the sender’s identity. If an email fails DMARC validation, it often means t...
Updated Jul 26, 2023
Version 3.0
announcements
exchange online
security
transport
Patrick_Ding's avatar
Patrick_Ding
Copper Contributor
Sep 29, 2023

When our external member (domain BBB) emails to a distribution group of our company (domain AAA in MS365), the user would get bounce back for external members in the group: Remote server returned '550 5.7.509 Access denied, sending domain <SenderDomain BBB>.com does not pass DMARC verification and has a DMARC policy of reject.'

 

This is from original message headers: 

Authentication-Results: spf=fail (sender IP is XXhttps://protect-us.mimecast.com/s/TcerCBBRjPuPA2EMfoaC2U?domain=40.95.48.73) smtp.mailfrom=BBB.com; dkim=pass (signature was verified) header.d=AAA.onmicrosoft.com;dmarc=fail action=oreject header.from=BBB.com;compauth=fail reason=000Received-SPF: Fail (protection.outlook.com: domain of BBB.com does not designate XX.XX.XX.XX(https://protect-us.mimecast.com/s/TcerCBBRjPuPA2EMfoaC2U?domain=40.95.48.73) as permitted sender) 

 

Not sure if it is related to the change. How do we resolve this? The distribution group accepts the email then expands to send out to members. Then bounce back happens at recipient's server. Create a new connector for the member to forward email to member's domain?

Thanks a lot!

Patrick