> On 13 Aug 2025, at 09:34, Dan Malm <[email protected]> wrote: > > On 8/13/25 10:24, Laura Atkins wrote: >> MS says both SPF fail and DKIM fail in different cases - I’ve seen both >> happen. I missed the part where SPF was actually failing (as opposed to just >> MS being unable to do basic inbound mail authentication). >> If it really is SFP failing then you may want to try SRS? I dunno how well >> that will work but it might help. Microsoft makes some rather challenging >> and hard to understand decisions about how they filter mail but experience >> suggests they are resistant to changing those decisions. > > The error from MS indicates that it's SPF for the domain in the From header > that is failing (and that is true). SRS is specified as a solution to > "fixing" SPF for the envelope address, and we do in fact do SRS rewriting of > the envelope. I don't think we want to go down the path of having to SRS > rewrite From headers.
If you rewrote the SPF string, then SPF isn’t failing which brings us back to the original explanation I gave you. Microsoft is not handling inbound authentication correctly and none of us know why but one of the things that seems to reduce the frequency of the problem is increasing the TTL on DNS records. laura -- The Delivery Expert Laura Atkins Word to the Wise [email protected] Delivery hints and commentary: http://www.wordtothewise.com/blog
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
