Hi we are currently activating SPF for incoming traffic
Enabled SPF in mail flow policy default Policy parameters(Conformance Level-SPF > SPF, optional HELO Test-ON)
We receive a PERMERROR from O365 domains for the identity mailfrom... But the HELO identity is ok
Can anyone tell me what is wrong with that senders? They explain everything is correct and HELO works.... which is not the main point of the Cisco Check...
Received-SPF: PermError (mail.receiverdomainxyz.de: cannot correctly interpret sender authenticity information from domain of Mail@senderdomain.de) identity=mailfrom; client-ip=W.X.Y.Z; receiver=mail.receiverdomainxyz.de; envelope-from="Mail@senderdomain.de"; x-sender="Mail@senderdomain.de"; x-conformance=spf_onlyReceived-SPF: Pass (mail.receiverdomainxyz.de: domain of postmaster@EUR04-DB3-obe.outbound.protection.outlook.com designates W.X.Y.Z as permitted sender) identity=helo;
Do you consider the HELO check to be important or rather optional and optional instead of mandatory?
What do you think about the conformance level of SPF "Downgrade PRA verification-NO" or is SPF simply enough?
Does anyone also have a TIP on how to check the SPF results (not the entries) for a sending domain from the receiving side? On the ESA I only see it as a result in the LOG.
Thanks a lot fpr reply!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: