Okay, just resolved this from my end. My O365 emails were being DKIM signed but by our .onmicrosoft.com subdomain instead of the actual sending domain. Headers would show dkim=pass but the DKIM domain didn't match the FROM address in our envelopes.
Had to enable DKIM signing on the custom domain in O365 here https://security.microsoft.com/authentication?viewid=DKIM and setup CNAMEs for the proper selectors in DNS. DMARC reports from Yahoo helped me a ton here, but they were confusing. They showed DKIM failed in the policy_evaulated -> disposition section but showed result = pass in the auth_results -> dkim section. Just had my first successful email to Yahoo.com in days. Looks like the O365 DNSRBL inclusion was a red herring. - Cary On Mon, Mar 11, 2024 at 1:34 PM Cary Wiedemann <[email protected]> wrote: > Massive problems with email delivery to Yahoo and AOL today, they share a > mail system on the back-end. Microsoft issued advisory EX719348 last > Thursday for their IPs being included in some DNSRBLs, and I still see some > of their IPs on the Spamhaus RBL (40.107.102.127) but I'm not sure if > that's the root cause. > > All my emails from O365 to Yahoo and AOL have been failing since 3/7. > > Lots of noise and confusion because Yahoo and AOL recently started > enforcing stricter SPF/DKIM/DMARC requirements, but this seems to be > unrelated. These emails are DKIM signed, pass SPF, and have a valid DMARC > record. > > Still investigating, will update the list with the eventual resolution. > > - Cary > > On Mon, Mar 11, 2024 at 1:27 PM bannereddivpool via Outages < > [email protected]> wrote: > >> Anyone seeing any issues with yahoo email services? I keep getting >> dropped; >> >> telnet mta6.am0.yahoodns.net 25 >> Trying 67.195.204.74... >> Connected to mta6.am0.yahoodns.net. >> Escape character is '^]'. >> 220 mtaproxy501.free.mail.bf1.yahoo.com ESMTP ready >> EHLO mail.yahoo.com >> 250-mtaproxy501.free.mail.bf1.yahoo.com >> 250-PIPELINING >> 250-SIZE 41943040 >> 250-8BITMIME >> 250 STARTTLS >> Connection closed by foreign host. >> >> Sending from outlook and I'm getting this as well; >> >> *Diagnostic information for administrators:* >> >> Generating server: SJ2PR14MB6550.namprd14.prod.outlook.com >> Total retry attempts: 7 >> >> [email protected] <[email protected]> >> Remote server returned '550 5.4.300 Message expired -> 451 [RL01] Message >> temporarily deferred' >> >> [email protected] <[email protected]> >> Remote server returned '550 5.4.300 Message expired -> 451 [RL01] Message >> temporarily deferred' >> >> Original message headers: >> _______________________________________________ >> Outages mailing list >> [email protected] >> https://puck.nether.net/mailman/listinfo/outages >> >
_______________________________________________ Outages mailing list [email protected] https://puck.nether.net/mailman/listinfo/outages
