Auto-generated emails never received by customers

Good morning all,

I apologise in advance- this problem has stumped me for weeks, and after reaching out to Microsoft Support and receiving no help, I’ve come to the real experts. This problem is complex to understand, so please bear with me!

Since last year, we had set up monitor-mode (p=none) for DMARC to make sure we could become DMARC compliant before moving to quarantine or reject. We finally made the move in June. Since then, we have had many complaints in the past few months from our customers from around the time we started to enforce the DMARC policy of quarantine (dmarc p=quarantine in our domain’s DNS records).

For reference, our DMARC and SPF policies are as follows:

v=DMARC1; p=none;;

v=spf1 ~all

These customers told us that they never receive our sales invoice reports or any other reports that get generated from Microsoft Dynamics 365 F&O, a cloud-based ERP platform made by Microsoft which the company uses extensively.

These reports would generated within the platform, then sent out to the customers using SMTP. It would use the outgoing mail server “smtp. office365 .com” (no spaces) on port 587, with SSL encryption.

I will be changing and omitting some company information in the rest of my explanation. Hopefully it’ll still make sense!

We use a Microsoft 365 user account called “dservice” (Dev Service, dservice, with an associated email account which is called “Notifications” (notifications This M365 user and associated email account handle sending out all of the emails to our customers.

Here are some pictures of how the account is configured in the Microsoft 365 Admin Center:

Following up with a second post - I’m limited on the amount of pictures I can post in one post…

We use Exchange Online which sends out the emails to our third party mail filtering, Proofpoint Essentials, for outbound scanning, before being released to the internet. Checking in Exchange, I can see that the emails are sent through our outbound connector to Proofpoint properly…

I’m not sure my understanding of how emails are checked against DMARC is complete, as when I put the message headers of one of these outbound emails contained in Proofpoint into a tool such as MXToolbox, it claims we’re failing DMARC compliance as well as SPF…

I also can see that the reason we’re seemingly failing on SPF is because some IPs, such as the one shown below, are not found in our domain SPF record? These IPs are bogon IPs - private-use network IPs, which are for some reason showing up in our message headers. Why would we need to put private IPs in our SPF record?

I can also see, perhaps unrelated, that we are on a blocklist as reported by MXToolbox. Could this be the reason why we’re failing to get our emails to customers?

Because of these email issues, we had to revert DMARC back to p=none until we fix these issues, as there’s a big impact on our sales.

Please assist if you’re able to! Thank you so much for reading this far - and apologies for multi-posting but I needed to be able to send these images!



Hi Daniel and welcome to the forum!

Thank you for the details regarding your situation. However, it isn’t enough to trouble delivery issues. Empirically, we would need to review bounces, headers preferably, and DMARC data received from these sources in order to fully be able to understand the situation and its impact to the mail flow you are describing.

Your DMARC record indicate you are using Valimail DMARC solutions. Since they have access to your data and are engage in a commercial relationship with you, they are likely best suited to assist you with this issue.

Should you have already exhausted this avenue, I would recommend you reach out to me via private message, and I’d be happy to coordinate with you to get more information on your situation so I could help better.

1 Like