Hi, 

I have some issues with my Hybrid deployment with Office365. This is my current situation:

- MX record is pointing to my On-Prem Exchange

- No Edge server 

- The HCW was executed and finished without error

- Emails between on-prem and cloud users arrive without issues and the header indicates that are Internal

- Emails received from any external organizations to on-prem mailboxes are received in the Inbox folder

- Emails received from some external organization to cloud mailboxes are received in the Junk folder

What I had noticed is that if an external organization is using an Office365 as their mail system all emails sent to my cloud users are marked as Spam. When I verify the headers it says that the SPF record fails because their SPF record doesn't list our MX IP as an authorized server. 

I think the issue comes because the mail flow goes from their O365 tenant to my On-Prem and then back to our O365 tenant (our Exchange is personifying their domain for delivery to our O365).

If I perform this same test from hotmail.com, outlook.com or other mail systems the emails are received on the Inbox folder. 

I contact support for help but the O365 Helpdesk for the Latin America region, in my opinion, are low-level/tier 1 support. On previous experiences, they won't help much to resolve advance issues. 

Anyone of the community have an idea of what is happening?