question

StefanBauer-7174 avatar image
0 Votes"
StefanBauer-7174 asked LucasLiu-MSFT commented

Howto change exchange online journal mailboxses sender domain - SPF issue

Hi,

we use an external journal mailbox with a transport rule for all outgoing/incoming mails - setup in exchange admin center onilne.

However the SENDER address of all that mails is not configurable. It's something@tenant.onmicrosoft.com

As the SPF-policy for onmicrosoft.com is strict (-all), problems arise if mail is forwarded, as it breaks SPF.

How can we set the real domain as sender address (@customer.com). These domain is the primary mail domain, that is routed to exchange online.

Thank you.

office-exchange-online-itpro
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LucasLiu-MSFT avatar image
0 Votes"
LucasLiu-MSFT answered LucasLiu-MSFT commented

Hi @StefanBauer-7174 ,
Beased on my knowledge and test, Journal mail is sent by the system mailbox on behalf of your Exchange online mailbox with the "SendonBehalf" permission. We could not change the this email address. And the address mailbox is a specific address.
Please following the steps in this official atricle to create a safe sender lists for this specific email address, then try to send an test email and see if the journal email breaks SPF.
Please refer to: Create safe sender lists in EOP
94262-inkedcapture-li.jpg


Or change the SPF record and add the domain of the address that sends the journal mail to the SPF record.
Please refer to: Form your SPF TXT record for Microsoft 365



If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




inkedcapture-li.jpg (822.1 KiB)
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Unfortunately you did not understand my questions, hence your answer are not of any help.

1, Safe sender list is some microsoft stuff, the mails are LEAVING microsoft infrastructure - during forward - so a whitelist at SENDER site, does not make any sense.

2, as mails are sent by a onmicrosoft.com-Domain, there is no way to change the SPF for this domain to allow forwarding.

Can you please raise a ticket or something, that somone will take care and make the sender address configurable?

Thank you.

0 Votes 0 ·

Hi @StefanBauer-7174 ,
Sorry for my misunderstanding, in order to better solve this issue, I want to confirm the following points with you:
1.Does the "Transport rule" you mentioned refer to the "Journal rules"? If not, what Transport rule did you created?

2.Regarding what you said "if mail is forwarded, as it breaks SPF", if mail is forwarded, SPF will indeed be broken. So what if your forwarding behavior happened? For example, after receiving a journal mail in your journal mailbox, to whom should it be forwarded?

3."How can we set the real domain as sender address (@customer.com). " , Which sender address do you specifically want to modify here? According to my previous understanding, I think you want to modify the sender of Journal mail. If not, please correct me in time.

In addition, are there any specific errors?

0 Votes 0 ·

If you want to open a ticket to Microsoft, you could find your region in the link below and contact Microsoft.
Please refer to: Global Customer Service phone numbers


0 Votes 0 ·

Hi @StefanBauer-7174 ,
I am writing here to confirm with you how thing going now?



If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



0 Votes 0 ·

Hi @StefanBauer-7174 ,
I am writing here to confirm with you how thing going now?



If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 Votes 0 ·
cheong00 avatar image
0 Votes"
cheong00 answered StefanBauer-7174 commented

Check what SPF is again. The TXT record is to be added to DNS of customer.com, not onmicrosoft.com.

When adding the TXT record, the content should look something like this for Exchange Online.

 v=spf1 include:spf.protection.outlook.com -all


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Cheong00, I'm well aware of SPF.

Again, the SPF issue exists, because there is a mail sent by a onmicrosoft.com-Domain, and I can not touch the SPF-entry, that is present for onmicrosoft.com

As written earlier, as the mail is forwarding on the way to the recipient mailbox, SPF is broken due to the strict SPF policy for onmicrosoft.com.

0 Votes 0 ·