>> I just wanted to alert anyone on this list at MS. We're seeing SPF failures >> from Microsoft systems again. All of these IPs are logged as attempting to >> send mail from outlook.com, which appear to all be legitimate, but they are >> not included in the domain's SPF record. I know, nothing new here. But I get >> complaints, I send a smoke signal.
I’m not sure this is related to your observations, but we have seen similar issues in the past. They do indeed publish these IP addresses in their required ranges, as per https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide#exchange-online And indeed, many of those addresses do not appear in their SPF record. MS has pools for the delivery of various categories of emails, as described in https://learn.microsoft.com/en-us/defender-office-365/outbound-spam-high-risk-delivery-pool-about The interesting note is this: under relay pools (which I'm also thinking may apply to the high-risk pool) "Similar to the high-risk delivery pool, a separate IP address pool is used for relayed mail. This address pool isn't published because it can change often, and it's not part of published SPF record for Microsoft 365." The part that reminded me of their various outbound pools was your reference to "appear to be legitimate" - is that 100% certainty? That said, I've also seen IP addresses from new M365 regions in APAC not appearing in their SPF records for a while. Graeme _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
