cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
386
Views
0
Helpful
0
Replies

SPF Check > Mailfrom PERMERROR for incomming mail from O365?

mailsecurity
Level 1
Level 1

Hi we are currently activating SPF for incoming traffic

Enabled SPF in mail flow policy default Policy  parameters(Conformance Level-SPF > SPF, optional HELO Test-ON)

We receive a PERMERROR from O365 domains for the identity mailfrom... But the HELO identity is ok

Can anyone tell me what is wrong with that senders? They explain everything is correct and HELO works.... which is not the main point of the Cisco Check...

Example

Received-SPF: PermError (mail.receiverdomainxyz.de: cannot correctly
  interpret sender authenticity information from domain of
  Mail@senderdomain.de) identity=mailfrom;
  client-ip=W.X.Y.Z; receiver=mail.receiverdomainxyz.de;
  envelope-from="Mail@senderdomain.de";
  x-sender="Mail@senderdomain.de";
  x-conformance=spf_only
Received-SPF: Pass (mail.receiverdomainxyz.de: domain of
  postmaster@EUR04-DB3-obe.outbound.protection.outlook.com
  designates W.X.Y.Z as permitted sender) identity=helo;

Do you consider the HELO check to be important or rather optional and optional instead of mandatory?

What do you think about the conformance level of SPF "Downgrade PRA verification-NO" or is SPF simply enough?

Does anyone also have a TIP on how to check the SPF results (not the entries) for a sending domain from the receiving side? On the ESA I only see it as a result in the LOG.

Thanks a lot fpr reply!!

 

 

0 Replies 0