Mar 15 2018 07:53 AM
Hi!
Since a few days ago, emails from domains with no SPF are ending up in recipients Junk folder.
I have tried to add the domains to Trusted Domains in the spam filter, but it wont work.
Has there been any changes to how missing SPF is handled?
How can i "Trust" these domains even tho they are missing SPF?
SPF Hard fail is active and we are using Office 365 with APT.
Best Regards
Michael
Mar 15 2018 11:39 AM
Few others have been complaining about this and fellow MVP @Steve Goodman has reached out to the Exchange PG to get some more info on this. I'll try to update this thread if we get any information, but you should consider opening a support case in the meantime.
You can also disable the SPF hard fail option as a workaround, at least temporary.
Mar 15 2018 03:30 PM - edited Mar 15 2018 03:33 PM
Hi,
There is certainly an issue somewhere, we've got around 100 Clients on 365 and the majority are reporting this. We've reported it to our MSP but they just blame SPF errors. Coming in one morning with a large queue of phonecalls all with the same issue points towards Microsoft changing something.
Even 365 to 365, when SPF's are in place and both 365's are perfectly happy domain/DNS wise are still getting the 'going to junk' issue.
Half the clients have the ATP turned on, whether that makes the difference?
Mar 15 2018 05:03 PM
I've been inundated with calls on this issue today, and created a support ticket. After spending a great deal of time on the phone with them, they're insisting that nothing has changed, and that domains without an SPF record have _always_ been sent to junk mail. Very frustrating....
Mar 15 2018 05:10 PM
Mar 15 2018 05:29 PM
One of the afflicted emails did have a valid SPF record, but the agent said that the issue was that the record was improperly formed (used include:xxx.xxx.xxx.xxx for an IP address instead of the proper ip4:xxx.xxx.xxx.xxx notation). Most of the issues that we're seeing today are with domains that don't have an SPF record at all.
I do have a separate O365 testing tenant - I should try sending email to/from that to see if anything is getting sent to junk...
Mar 15 2018 06:45 PM
This hit us too, and it seems like its ramped up through today. You can band-aid it by creating a rule which sets the SCL=-1 (Spam Confidence Level), but be sure to put a filter on that. This is definitely something in EOP. Domains without an SPF aren't a failed SPF check and shouldnt flag fraud protection.
I spammed myself tonight from various domains with and without SPF records and it didn't happen again, so if we're lucky they fixed it before the weekend.
Mar 15 2018 10:43 PM
We can now confirm that there were some changes server-side, a blog post with more details should be coming today from Microsoft. In the meantime, you can take a look at the following message on the Roadmap: https://products.office.com/en-us/business/office-365-roadmap?featureid=27049
Mar 16 2018 12:53 AM
Mar 16 2018 12:56 AM
Mar 16 2018 05:25 AM
Just wanted to share two blog posts from two very well know mvp here while we still wait from Microsoft for official statement.
https://practical365.com/blog/exchange-online-protection-anti-spoofing-false-positives/
Mar 16 2018 12:42 PM
David, I tried sending from another Office365 tenant last night (that does not have an SPF record in place), and got the same results as you - went right to junk mail with a spoofing alert. So inter-tenant mail appears to be affected if no SPF record is set.
Mar 16 2018 01:02 PM
Yes internal tenant if don't have their SFP record setup, you will notice that. One of the MVP has already called it out and product team is aware of that.
Mar 26 2018 06:05 PM
Just FYI, this has been pulled of for now and emails won't go to junk folder anymore but they are still being scanned. here is the video I posted about
https://www.youtube.com/watch?v=NTxQ0xN9bcI