Forum Discussion

Eagle3386's avatar
Eagle3386
Copper Contributor
Nov 06, 2023

Enterprise Outlook: SPF passes, DKIM fails, but _any_ other mail provider passes both!?

Hey, guys!

 

I'm the owner & operator of a server which is also used for sending e-mails.

While each & every other e-mail provider I know off succeeds in receiving mails, Enterprise Outlook customers fail to do so, moving mails from my server into their spam folders (or "Junk E-Mail" as Microsoft calls it) - which happens, because SPF validation succeeds, but DKIM fails.

 

However, all my relevant DNS records (SPF, DKIM & DMARC) are not only valid, but any other provider (GMail, Yahoo, etc.) report that valid state back to me everytime.

Additionally, online DKIM validators & even tools suites like mailhardener.com, report 100% conformity of my DNS records as well as my mail server's configuration with SPF, DKIM & DMARC configuration rules.

 

Now, while Microsoft sends out "DMARC Aggregate Report" mails, the mentioned feedback address, dmarcreportfeedback [-AT-] microsoft [-DOT-] com, neither accepts mails (always reports "550 5.4.1 Recipient address rejected: Access denied.") nor does feedback every get a reply.

Furthermore, the mentioned DMARC report from Microsoft fails to comply with yet another DMARC standard's request for providing a reason upon validation failure.

 

All I got was this XML, contained within the report's attached GZ archive:

<?xml version="1.0"?>
<feedback xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <version>1.0</version>
  <report_metadata>
    <org_name>Enterprise Outlook</org_name>
    <email>email address removed for privacy reasons</email>
    <report_id>75a8c8cfaf9845c38eb6f1f1a726121e</report_id>
    <date_range>
      <begin>1698796800</begin>
      <end>1698883200</end>
    </date_range>
  </report_metadata>
  <policy_published>
    <domain>REMOVED4PRIVACY</domain>
    <adkim>r</adkim>
    <aspf>r</aspf>
    <p>reject</p>
    <sp>reject</sp>
    <pct>100</pct>
    <fo>1</fo>
  </policy_published>
  <record>
    <row>
      <source_ip>REMOVED4PRIVACY</source_ip>
      <count>1</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>fail</dkim>
        <spf>pass</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <envelope_to>REMOVED4PRIVACY</envelope_to>
      <envelope_from>REMOVED4PRIVACY</envelope_from>
      <header_from>REMOVED4PRIVACY</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>REMOVED4PRIVACY</domain>
        <selector>REMOVED4PRIVACY</selector>
        <result>fail</result>
      </dkim>
      <spf>
        <domain>REMOVED4PRIVACY</domain>
        <scope>mfrom</scope>
        <result>pass</result>
      </spf>
    </auth_results>
  </record>
</feedback>

 

Please, any help for resolving this issue would be greatly appreciated!

  • Tube76's avatar
    Tube76
    Copper Contributor
    Have you found the reason? I'm having the exact same issue at the moment, no idea what is causing this to happen.
    • Eagle3386's avatar
      Eagle3386
      Copper Contributor

      hortos152Sorry for the late reply, didn't receive that email.. 😅
      Nope, after I received this email:

       


      Hello,
      Thank you for contacting the Outlook.com Deliverability Support Team.
      As mentioned in the error, were you able to delist your IP address by going to https://sender.office.com and following the on-screen instructions?
      Also. I do not see anything offhand with the IP’s (xxx.xxx.xxx.xxx) that would be preventing your mail from reaching our customers.
      […]

      the error "magically" disappeared.. 🤔🙈

Resources