cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
296
Views
0
Helpful
0
Replies

SPF Check > Mailfrom PERMERROR for incomming mail from O365?

mailsecurity
Beginner
Beginner

Hi we are currently activating SPF for incoming traffic

Enabled SPF in mail flow policy default Policy  parameters(Conformance Level-SPF > SPF, optional HELO Test-ON)

We receive a PERMERROR from O365 domains for the identity mailfrom... But the HELO identity is ok

Can anyone tell me what is wrong with that senders? They explain everything is correct and HELO works.... which is not the main point of the Cisco Check...

Example

Received-SPF: PermError (mail.receiverdomainxyz.de: cannot correctly
  interpret sender authenticity information from domain of
  Mail@senderdomain.de) identity=mailfrom;
  client-ip=W.X.Y.Z; receiver=mail.receiverdomainxyz.de;
  envelope-from="Mail@senderdomain.de";
  x-sender="Mail@senderdomain.de";
  x-conformance=spf_only
Received-SPF: Pass (mail.receiverdomainxyz.de: domain of
  postmaster@EUR04-DB3-obe.outbound.protection.outlook.com
  designates W.X.Y.Z as permitted sender) identity=helo;

Do you consider the HELO check to be important or rather optional and optional instead of mandatory?

What do you think about the conformance level of SPF "Downgrade PRA verification-NO" or is SPF simply enough?

Does anyone also have a TIP on how to check the SPF results (not the entries) for a sending domain from the receiving side? On the ESA I only see it as a result in the LOG.

Thanks a lot fpr reply!!

 

 

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: