Forum Discussion
Exchange Online Protection SPF record
Hi, I have received a message sent via Exchange Online host IPv6 "2603:10a6:20b:c0::31". The message was marked as spam because of SPF fail. Subnet "2603:10a6:20b:c0::/64" is not in the list of O365 ...
The issue is still there. Emails from our tenant are sent from 2603:10a6:800:16f::8 which is not listed in spf.protection.outlook.com.
FYI: It sounds like this is by design / due to those mails not exitting Outlook's infrastructure. There's more detail on this here: https://serverfault.com/a/1154098/137255
It's definitely frustating that the rules aren't consistent, especially as it relies on knowledge of custom MS mail headers if you're using a custom mail client to verify the received mails; but it seems to be legit.
- Thank you for reply.
The interesting thing that I've found is the X-MS-Exchange-CrossTenant-AuthAs: Internal despite the fact that the email was sent to another tenant. I believe it should be CrossTenant.- I'm not an Exchange guy so will duck out at this point, but these links add a bit more info on how these mail headers behave in various scenarios (the first is in German, but Google Translate does a decent job).
- https://www.msxfaq.de/cloud/exchangeonline/transport/x-ms-exchange-organization-authas.htm
- https://techcommunity.microsoft.com/t5/exchange-team-blog/demystifying-and-troubleshooting-hybrid-mail-flow-when-is-a/ba-p/1420838?WT.mc_id=M365-MVP-6771
