I've an odd email SPF issue.  I'm receiving email from an organisation with O365 hosted mailboxes to an organisation not hosted in O365.  The non-O365 organisation is correctly rejecting quite a lot of the O365 organisations email due to an SPF fail.  The SPF record for the O365 organisation correctly references spf.protection.outlook.com but the emails being rejected are coming from Microsoft owned IP addresses that are outside the range of the addresses listed for spf.protection.outlook.com.  The common theme is the SPF rejected emails all appear to be affecting O365 mailboxes that have an auto-forward to the non-O365 organisation.  I initially thought it was an issue with Sender Rewriting Scheme, but the fact remains that email is coming from a Microsoft ip address outside the range defined by spf.protection.outlook.com.  An example of one of the ip addresses that suffers the SPF fail  is 40.95.64.60 (mail-vi1eur05rlyn2067.outbound.protection.outlook.com).  Other email, not autoforwarded but just sent from the O365 organisation, is accepted as it is sent from MS ip addresses inside the range defined by spf.protection.outlook.com.

From what I can tell, this means the O365 SPF range is not covering the full range of IP addresses that O365 sends email from, which ought to be corrected by Microsoft.  

Any thoughts welcome.

Regards, V.