Hi, On Wed, 13 Aug 2025 08:45:39 +0200 Dan Malm via mailop <mailop@mailop.org> wrote:
> I've seen some chatter here about Microsofts rules for large senders > and DKIM, but that discussion has missed one perspective: forwarding. > It appears Microsoft have decided that for "large senders" spf AND > dkim AND dmarc ALL need to pass (for the domain in the from header). > That means it's impossible to forward mails from large senders to > addresses hosted by Microsoft: The question is what exactly they mean by passing SPF. Note that it is not impossible to pass SPF for forwarded mails. It is only impossible to pass and have DMARC alignment for SPF. SPF only covers the hostname in the Envelope-From and the HELO name. This is why forwarding mails requires rewriting the Envelope-From address (but not the visible From header), e.g., by using SRS. Are you doing that and have you checked that your HELO name also has a valid SPF record? DMARC introduces the concept of alignment, however, that only says that *either* the SPF hostname *or* the DKIM hostname needs to match the From hostname, *not both*. If it'd require both to match, that would truly make forwarding impossible. Whether it's wise to require all three to pass is another question, but with mails that have a valid DKIM signature, forwarding with having all three (spf/dkim/dmarc) pass should be possible. -- Hanno Böck https://hboeck.de/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
