Not to justify the failure to adhere to the specification, but would the same problem happen if the exists was changed to include?
Kirk From: mailop <[email protected]> On Behalf Of Chris Spencer via mailop Sent: Thursday, February 6, 2025 11:18 AM To: [email protected] Subject: [mailop] M365 SPF Validation issue where "exists" mechanism is used CAUTION: EXTERNAL MAIL. DO NOT CLICK ON LINKS OR OPEN ATTACHMENTS YOU DO NOT TRUST. I'm a Technical Product Manager at Fortra (Agari) and we are having issues with M365 SPF processing which is significantly impacting many customers who use our hosted SPF service. This will also be a wider issue for many other senders. We have noticed a change in behavior during M365 receipt where SPF records with "exists" mechanisms are not being observed properly - causing rejections and failed DMARC-SPF outcomes. If I have an SPF record where an IP6 is defined before an "exists", SPF authentication works OK. "v=spf1 ip6:2a0d:7c40:3000:3d9::2 exists:%{i}._i.%{d}._d.espf.agari-dns.net include:%{d}.fb.spf-protect.agari-dns.net -all" <- 250 2.6.0 [email protected]<mailto:[email protected]> [InternalId=35072702972535, Hostname=CWLP123MB4322.GBRP123.PROD.OUTLOOK.COM] 9514 bytes in 0.108, 86.011 KB/sec Queued mail for delivery However, if an SPF record first lists an "exists", SPF fails to validate which is not expected behaviour and other receivers do not have similar issues. Eg: v=spf1 exists:%{i}._i.%{d}._d.espf.agari-dns.net include:%{d}.fb.spf-protect.agari-dns.net -all -or- v=spf1 exists:%{i}._i.%{d}._d.espf.agari-dns.net include:%{d}.fb.spf-protect.agari-dns.net ip6:2a0d:7c40:3000:3d9::2 -all <** 450 4.7.26 Service does not accept messages sent over IPv6 [2a0d:7c40:3000:3d9::2] unless they pass either SPF or DKIM validation (message not signed) (S825). [CW2PEPF000056BD.GBRP265.PROD.OUTLOOK.COM 2025-02-06T09:40:07.649Z 08DD403C4BFB3BA6] Really trying this mailop list as an avenue to get my voice heard by Microsoft as I don't believe they are processing SPF correctly at the moment. Chris. Chris Spencer (he/him) Principal Technical Product Manager +44 (0)118 228 0733 [cid:[email protected]] fortra.com<https://www.fortra.com/> [cid:[email protected]] meetcspencer<https://outlook.office.com/bookwithme/user/[email protected]?anonymous&ep=plink> [Fortra]<https://www.fortra.com/> Fortra International Limited. Registered in England and Wales. Registered number: 4172068. Registered Office: 3rd Floor 1 Ashley Road, Altrincham, Cheshire, United Kingdom, WA14 2DT
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
