@The_Exchange_Team @Scott Johnson 

We set up journaling with the mandatory external mail address, but are facing problems with the hoster's spf/dkim rules.

O365 will send all in- and outgoing mail to journaling@[external_mailhoster], but most ingoing mail (>70 %) will get rejected, when the original sender has a spf/dkim rule configured.

Original error message:

"[external_mailhoster_domain] couldn't confirm that your message was sent from a trusted location.

This error occurs when Sender Policy Framework (SPF) validation for the sender's domain fails. If you're the sender's email admin, make sure the SPF records for your domain at your domain registrar are set up correctly. Office 365 supports only one SPF record (a TXT record that defines SPF) for your domain. Include the following domain name: spf.protection.outlook.com. If you have a hybrid configuration (some mailboxes in the cloud, and some mailboxes on premises) or if you're an Exchange Online Protection standalone customer, add the outbound IP address of your on-premises servers to the TXT record.

For more information and instructions about configuring SPF records see Customize an SPF record to validate outbound mail sent from your domain and also External Domain Name System records for Office 365."

We thought setting an SPF record for our o365 domain would be sufficient (like v=spf1 include:spf.protection.outlook.com -all) but what I understand now is the following:

Journaling:

Outgoing mail: o365-domain --> external_mailhoster

works fine

Incoming mail: e.g. "siemens.com" --> o365-domain --> external_mailhoster

SPF rule classifies journaling as spoofing, because external_mailhoster thinks, we are sending mails as "siemens.com".

Any idea anyone?