Hi we are currently activating SPF for incoming traffic
Enabled SPF in mail flow policy default Policy parameters(Conformance Level-SPF > SPF, optional HELO Test-ON)
We receive a PERMERROR from O365 domains for the identity mailfrom... But the HELO identity is ok
Can anyone tell me what is wrong with that senders? They explain everything is correct and HELO works.... which is not the main point of the Cisco Check...
Example
Received-SPF: PermError (mail.receiverdomainxyz.de: cannot correctly
interpret sender authenticity information from domain of
Mail@senderdomain.de) identity=mailfrom;
client-ip=W.X.Y.Z; receiver=mail.receiverdomainxyz.de;
envelope-from="Mail@senderdomain.de";
x-sender="Mail@senderdomain.de";
x-conformance=spf_only
Received-SPF: Pass (mail.receiverdomainxyz.de: domain of
postmaster@EUR04-DB3-obe.outbound.protection.outlook.com
designates W.X.Y.Z as permitted sender) identity=helo;
Do you consider the HELO check to be important or rather optional and optional instead of mandatory?
What do you think about the conformance level of SPF "Downgrade PRA verification-NO" or is SPF simply enough?
Does anyone also have a TIP on how to check the SPF results (not the entries) for a sending domain from the receiving side? On the ESA I only see it as a result in the LOG.
Thanks a lot fpr reply!!