Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
408
Views
0
Helpful
0
Replies

SPF Check > Mailfrom PERMERROR for incomming mail from O365?

mailsecurity
Level 1
Level 1

‎11-21-2023 10:01 AM

Hi we are currently activating SPF for incoming traffic

Enabled SPF in mail flow policy default Policy  parameters(Conformance Level-SPF > SPF, optional HELO Test-ON)

We receive a PERMERROR from O365 domains for the identity mailfrom... But the HELO identity is ok

Can anyone tell me what is wrong with that senders? They explain everything is correct and HELO works.... which is not the main point of the Cisco Check...

Example

Received-SPF: PermError (mail.receiverdomainxyz.de: cannot correctly
  interpret sender authenticity information from domain of
  Mail@senderdomain.de) identity=mailfrom;
  client-ip=W.X.Y.Z; receiver=mail.receiverdomainxyz.de;
  envelope-from="Mail@senderdomain.de";
  x-sender="Mail@senderdomain.de";
  x-conformance=spf_only
Received-SPF: Pass (mail.receiverdomainxyz.de: domain of
  postmaster@EUR04-DB3-obe.outbound.protection.outlook.com
  designates W.X.Y.Z as permitted sender) identity=helo;

Do you consider the HELO check to be important or rather optional and optional instead of mandatory?

What do you think about the conformance level of SPF "Downgrade PRA verification-NO" or is SPF simply enough?

Does anyone also have a TIP on how to check the SPF results (not the entries) for a sending domain from the receiving side? On the ESA I only see it as a result in the LOG.

Thanks a lot fpr reply!!

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents