SOLVED

Jornalizing using Exchange Online

%3CLINGO-SUB%20id%3D%22lingo-sub-38519%22%20slang%3D%22en-US%22%3EJornalizing%20using%20Exchange%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-38519%22%20slang%3D%22en-US%22%3E%3CP%3EI%20understand%20that%20you%20can%20not%20utilize%20a%20EO%20email%20alias%20for%20Jornalizing%2C%20however%20TechNet%20says%20you%20canuse%20an%20alternate%20like%26nbsp%3BAzure%2C%20does%26nbsp%3Banyone%20have%20any%20good%26nbsp%3Bsupport%20docs%20that%26nbsp%3Bmight%20direct%20me%20how%20to%20do%20that%3F%20Also%20can%20the%20reports%20be%20sent%20to%20another%20%22internet%22email%20like%20gmail%3F%26nbsp%3B%20Thank%26nbsp%3Byou%20in%20advance%20for%20your%20help.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-38519%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-38561%22%20slang%3D%22en-US%22%3ERe%3A%20Jornalizing%20using%20Exchange%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-38561%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3BTill%20we%20can%20get%26nbsp%3Bthe%20clearence%20to%20upgrade%20to%20E-3%2FEO-2%20I'm%20looking%20for%20ways%20to%20help%20mitigate%20liability%20regarding%20HIPPA%2C%20and%20PII.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-38546%22%20slang%3D%22en-US%22%3ERe%3A%20Jornalizing%20using%20Exchange%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-38546%22%20slang%3D%22en-US%22%3E%3CP%3EExchange%20hosted%20in%20Azure%20is%20what%20they%20mean%20I%20guess.%20You%20can%20send%20it%20to%20any%20location%2C%20internet%20email%20services%20included%2C%20as%20long%20as%20it's%20OK%20with%20their%20license%20agreement%2Frules.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUnless%20you%20have%20specific%20requirements%20to%20use%20Journaling%2C%20In-place%2Flegal%20hold%20is%20the%20preferred%20method%20for%20preserving%20data%20in%20Exchange%20Online%20though.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-817378%22%20slang%3D%22en-US%22%3ERe%3A%20Journaling%20using%20Exchange%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-817378%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F35146%22%20target%3D%22_blank%22%3E%40Scott%20Johnson%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20set%20up%20journaling%20with%20the%20mandatory%20external%20mail%20address%2C%20but%20are%20facing%20problems%20with%20the%20hosters%20spf%2Fdkim%20rules.%3C%2FP%3E%3CP%3EO365%20will%20send%20all%20in-%20and%20outgoing%20mail%20to%20journaling%40%5Bexternal_mailhoster%5D%2C%20but%20most%20ingoing%20mail%20(%26gt%3B70%20%25)%20will%20get%20rejected%2C%20when%20the%20original%20sender%20has%20a%20spf%2Fdkim%20rule%20configured.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOriginal%20error%20message%3A%3C%2FP%3E%3CP%3E%22%5Bexternal_mailhoster_domain%5D%26nbsp%3Bcouldn't%20confirm%20that%20your%20message%20was%20sent%20from%20a%20trusted%20location.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3EThis%20error%20occurs%20when%20Sender%20Policy%20Framework%20(SPF)%20validation%20for%20the%20sender's%20domain%20fails.%20If%20you're%20the%20sender's%20email%20admin%2C%20make%20sure%20the%20SPF%20records%20for%20your%20domain%20at%20your%20domain%20registrar%20are%20set%20up%20correctly.%20Office%20365%20supports%20only%20one%20SPF%20record%20(a%20TXT%20record%20that%20defines%20SPF)%20for%20your%20domain.%20Include%20the%20following%20domain%20name%3A%20%3CSTRONG%3Espf.protection.outlook.com%3C%2FSTRONG%3E.%20If%20you%20have%20a%20hybrid%20configuration%20(some%20mailboxes%20in%20the%20cloud%2C%20and%20some%20mailboxes%20on%20premises)%20or%20if%20you're%20an%20Exchange%20Online%20Protection%20standalone%20customer%2C%20add%20the%20outbound%20IP%20address%20of%20your%20on-premises%20servers%20to%20the%20TXT%20record.%3CBR%20%2F%3E%3CBR%20%2F%3EFor%20more%20information%20and%20instructions%20about%20configuring%20SPF%20records%20see%20%3CA%20href%3D%22https%3A%2F%2Ftechnet.microsoft.com%2Flibrary%2Fdn789058(v%3Dexchg.150).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ECustomize%20an%20SPF%20record%20to%20validate%20outbound%20mail%20sent%20from%20your%20domain%3C%2FA%3Eand%20also%20%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Farticle%2FExternal-Domain-Name-System-records-for-Office-365-c0531a6f-9e25-4f2d-ad0e-a70bfef09ac0%23BKMK_SPFrecords%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EExternal%20Domain%20Name%20System%20records%20for%20Office%20365%3C%2FA%3E.%22%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20thought%20setting%20an%20SPF%20record%20for%20our%20o365%20domain%20would%20be%20sufficient%20(like%26nbsp%3B%3CEM%3E%3CSPAN%3Ev%3Dspf1%20include%3Aspf.protection.outlook.com%20-all%3C%2FSPAN%3E%3C%2FEM%3E)%20but%20what%20I%20understand%20now%2C%20is%20the%20following%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJournaling%3A%3C%2FP%3E%3CP%3EOutgoing%20mail%3A%20o365-domain%20--%26gt%3B%20external_mailhoster%3C%2FP%3E%3CP%3Eworks%20fine%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIncoming%20mail%3A%20e.g.%20%22siemens.com%22%20--%26gt%3B%20o365-domain%20--%26gt%3B%20external_mailhoster%3C%2FP%3E%3CP%3ESPF%20rule%20classifies%20journaling%20as%20spoofing%2C%20because%20external_mailhoster%20thinks%2C%20we%20are%20sending%20mails%20as%20%22siemens.com%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20idea%20anyone%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-817384%22%20slang%3D%22en-US%22%3ERe%3A%20Jornalizing%20using%20Exchange%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-817384%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F35146%22%20target%3D%22_blank%22%3E%40Scott%20Johnson%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20set%20up%20journaling%20with%20the%20mandatory%20external%20mail%20address%2C%20but%20are%20facing%20problems%20with%20the%20hoster's%20spf%2Fdkim%20rules.%3C%2FP%3E%3CP%3EO365%20will%20send%20all%20in-%20and%20outgoing%20mail%20to%20journaling%40%5Bexternal_mailhoster%5D%2C%20but%20most%20ingoing%20mail%20(%26gt%3B70%20%25)%20will%20get%20rejected%2C%20when%20the%20original%20sender%20has%20a%20spf%2Fdkim%20rule%20configured.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOriginal%20error%20message%3A%3C%2FP%3E%3CP%3E%22%5Bexternal_mailhoster_domain%5D%26nbsp%3Bcouldn't%20confirm%20that%20your%20message%20was%20sent%20from%20a%20trusted%20location.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3EThis%20error%20occurs%20when%20Sender%20Policy%20Framework%20(SPF)%20validation%20for%20the%20sender's%20domain%20fails.%20If%20you're%20the%20sender's%20email%20admin%2C%20make%20sure%20the%20SPF%20records%20for%20your%20domain%20at%20your%20domain%20registrar%20are%20set%20up%20correctly.%20Office%20365%20supports%20only%20one%20SPF%20record%20(a%20TXT%20record%20that%20defines%20SPF)%20for%20your%20domain.%20Include%20the%20following%20domain%20name%3A%20%3CSTRONG%3Espf.protection.outlook.com%3C%2FSTRONG%3E.%20If%20you%20have%20a%20hybrid%20configuration%20(some%20mailboxes%20in%20the%20cloud%2C%20and%20some%20mailboxes%20on%20premises)%20or%20if%20you're%20an%20Exchange%20Online%20Protection%20standalone%20customer%2C%20add%20the%20outbound%20IP%20address%20of%20your%20on-premises%20servers%20to%20the%20TXT%20record.%3CBR%20%2F%3E%3CBR%20%2F%3EFor%20more%20information%20and%20instructions%20about%20configuring%20SPF%20records%20see%20%3CA%20href%3D%22https%3A%2F%2Ftechnet.microsoft.com%2Flibrary%2Fdn789058(v%3Dexchg.150).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3ECustomize%20an%20SPF%20record%20to%20validate%20outbound%20mail%20sent%20from%20your%20domain%3C%2FA%3Eand%20also%20%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Farticle%2FExternal-Domain-Name-System-records-for-Office-365-c0531a6f-9e25-4f2d-ad0e-a70bfef09ac0%23BKMK_SPFrecords%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EExternal%20Domain%20Name%20System%20records%20for%20Office%20365%3C%2FA%3E.%22%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20thought%20setting%20an%20SPF%20record%20for%20our%20o365%20domain%20would%20be%20sufficient%20(like%26nbsp%3B%3CEM%3E%3CSPAN%3Ev%3Dspf1%20include%3Aspf.protection.outlook.com%20-all%3C%2FSPAN%3E%3C%2FEM%3E)%20but%20what%20I%20understand%20now%20is%20the%20following%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJournaling%3A%3C%2FP%3E%3CP%3EOutgoing%20mail%3A%20o365-domain%20--%26gt%3B%20external_mailhoster%3C%2FP%3E%3CP%3Eworks%20fine%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIncoming%20mail%3A%20e.g.%20%22siemens.com%22%20--%26gt%3B%20o365-domain%20--%26gt%3B%20external_mailhoster%3C%2FP%3E%3CP%3ESPF%20rule%20classifies%20journaling%20as%20spoofing%2C%20because%20external_mailhoster%20thinks%2C%20we%20are%20sending%20mails%20as%20%22siemens.com%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20idea%20anyone%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPS%3A%20can%20anyone%20fix%20spelling%20in%20the%20topic%20heading%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

I understand that you can not utilize a EO email alias for Jornalizing, however TechNet says you canuse an alternate like Azure, does anyone have any good support docs that might direct me how to do that? Also can the reports be sent to another "internet"email like gmail?  Thank you in advance for your help.

4 Replies
Highlighted
Best Response confirmed by Scott Johnson (Contributor)
Solution

Exchange hosted in Azure is what they mean I guess. You can send it to any location, internet email services included, as long as it's OK with their license agreement/rules.

 

Unless you have specific requirements to use Journaling, In-place/legal hold is the preferred method for preserving data in Exchange Online though.

Highlighted

Thank you @Vasil Michev Till we can get the clearence to upgrade to E-3/EO-2 I'm looking for ways to help mitigate liability regarding HIPPA, and PII.

Highlighted

@The_Exchange_Team @Scott Johnson 

We set up journaling with the mandatory external mail address, but are facing problems with the hoster's spf/dkim rules.

O365 will send all in- and outgoing mail to journaling@[external_mailhoster], but most ingoing mail (>70 %) will get rejected, when the original sender has a spf/dkim rule configured.

 

Original error message:

"[external_mailhoster_domain] couldn't confirm that your message was sent from a trusted location.

 

This error occurs when Sender Policy Framework (SPF) validation for the sender's domain fails. If you're the sender's email admin, make sure the SPF records for your domain at your domain registrar are set up correctly. Office 365 supports only one SPF record (a TXT record that defines SPF) for your domain. Include the following domain name: spf.protection.outlook.com. If you have a hybrid configuration (some mailboxes in the cloud, and some mailboxes on premises) or if you're an Exchange Online Protection standalone customer, add the outbound IP address of your on-premises servers to the TXT record.

For more information and instructions about configuring SPF records see Customize an SPF record to validate outbound mail sent from your domain and also External Domain Name System records for Office 365."

 

We thought setting an SPF record for our o365 domain would be sufficient (like v=spf1 include:spf.protection.outlook.com -all) but what I understand now is the following:

 

Journaling:

Outgoing mail: o365-domain --> external_mailhoster

works fine

 

Incoming mail: e.g. "siemens.com" --> o365-domain --> external_mailhoster

SPF rule classifies journaling as spoofing, because external_mailhoster thinks, we are sending mails as "siemens.com".

 

Any idea anyone?

 

Highlighted

Bump.

spf/dkim rules vs. journaling

 

We still have no idea, how to get journaling done for every mail and without flooded admin mailboxes.

 

Any idea? @The_Exchange_Team