Good morning all,
I apologise in advance- this problem has stumped me for weeks, and after reaching out to Microsoft Support and receiving no help, I’ve come to the real experts. This problem is complex to understand, so please bear with me!
Since last year, we had set up monitor-mode (p=none) for DMARC to make sure we could become DMARC compliant before moving to quarantine or reject. We finally made the move in June. Since then, we have had many complaints in the past few months from our customers from around the time we started to enforce the DMARC policy of quarantine (dmarc p=quarantine in our domain’s DNS records).
For reference, our DMARC and SPF policies are as follows:
DMARC:
v=DMARC1; p=none; rua=mailto:dmarc_agg@vali.email;
SPF:
v=spf1 include:spf.protection.outlook.com a:dispatch-us.ppe-hosted.com include:_spf.psm.knowbe4.com include:emailus.freshservice.com include:servers.mcsv.net ~all
These customers told us that they never receive our sales invoice reports or any other reports that get generated from Microsoft Dynamics 365 F&O, a cloud-based ERP platform made by Microsoft which the company uses extensively.
These reports would generated within the platform, then sent out to the customers using SMTP. It would use the outgoing mail server “smtp. office365 .com” (no spaces) on port 587, with SSL encryption.
I will be changing and omitting some company information in the rest of my explanation. Hopefully it’ll still make sense!
We use a Microsoft 365 user account called “dservice” (Dev Service, dservice @domain.com), with an associated email account which is called “Notifications” (notifications @domain.com). This M365 user and associated email account handle sending out all of the emails to our customers.
Here are some pictures of how the account is configured in the Microsoft 365 Admin Center:
Following up with a second post - I’m limited on the amount of pictures I can post in one post…
