SPF = Fail but still delivered to inbox

%3CLINGO-SUB%20id%3D%22lingo-sub-189926%22%20slang%3D%22en-US%22%3ESPF%20%3D%20Fail%20but%20still%20delivered%20to%20inbox%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-189926%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3EA%20few%20weeks%20ago%20i%20wrote%20this%20post%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FOffice-365%2FEmail-from-domains-with-no-SPF-goin-to-junk%2Fm-p%2F172174%23M11705%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FOffice-365%2FEmail-from-domains-with-no-SPF-goin-to-junk%2Fm-p%2F172174%23M11705%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%26nbsp%3Bthis%20seems%20to%20have%20changed.%3C%2FP%3E%3CP%3ENow%20we%20have%20problem%20with%26nbsp%3BSPF%3DFail%20going%20to%20users%20inbox.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20has%20been%20a%20increasing%20amount%20of%20spoofing%20attempts%20and%20we%20are%20trying%20hard%20to%20keep%20our%20users%20secure%2C%20why%20is%20Failed%20SPF%20still%20going%20to%20users%20inbox%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ESPF%20Hard%20fail%20is%20active%20and%20we%20are%20using%20Office%20365%20with%20APT%20for%20all%20our%20users.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20Regards%3C%2FP%3E%3CP%3EMichael%26nbsp%3B%20%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-189926%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-190156%22%20slang%3D%22en-US%22%3ERe%3A%20SPF%20%3D%20Fail%20but%20still%20delivered%20to%20inbox%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-190156%22%20slang%3D%22en-US%22%3E%3CP%3EBest%20thing%20to%20do%20is%20report%20the%20message%20via%20the%20Junk%20add-in%20and%20open%20a%20support%20case%20to%20have%20it%20properly%20investigated.%20We%20can%20certainly%20give%20some%20hints%20based%20on%20the%20header%20information%20and%20such%2C%20but%20it%20might%20as%20well%20be%20something%20at%20the%20backend%20(like%20the%20changes%20which%20caused%20the%20previous%20%22incident%22).%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hi

A few weeks ago i wrote this post:

https://techcommunity.microsoft.com/t5/Office-365/Email-from-domains-with-no-SPF-goin-to-junk/m-p/17...

 

But this seems to have changed.

Now we have problem with SPF=Fail going to users inbox.

 

There has been a increasing amount of spoofing attempts and we are trying hard to keep our users secure, why is Failed SPF still going to users inbox?

 

SPF Hard fail is active and we are using Office 365 with APT for all our users.

 

Best Regards

Michael   

1 Reply
Highlighted

Best thing to do is report the message via the Junk add-in and open a support case to have it properly investigated. We can certainly give some hints based on the header information and such, but it might as well be something at the backend (like the changes which caused the previous "incident").