Possibly incorrect SPF

Navishkar Sadheo
Navishkar Sadheo used Ask the Experts™
on
Dear Experts

I am hoping someone can assist me with the following issue. I have SPF and DKIM configured on my domain, which appear to be setup correctly but when I examine the message header of an email I sent I see the following entry "None (protection.outlook.com: za.cfao.com does not designate permitted sender hosts)"

Just to add I am using Exclaimer for signature management.

Please can someone examine the header below and advised if I configured something incorrectly.

"Delivered-To: nsadheo@gmail.com
Received: by 2002:a4f:c15:0:0:0:0:0 with SMTP id 21csp930979ivm;
        Wed, 21 Aug 2019 06:30:56 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyk6Zvuz4Zzp1WUwoJQlz3EsF/mENO5B7uNOXkWXKiQUJ9CmIl25//eS3gDvDa/NqaFIZJg
X-Received: by 2002:a17:906:158c:: with SMTP id k12mr31626198ejd.83.1566394255976;
        Wed, 21 Aug 2019 06:30:55 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1566394255; cv=pass;
        d=google.com; s=arc-20160816;
        b=lbJV6glrTA9esPnHzJRI/x2ugMmh1yM0zYOO4Hmhvpeuwblxjcnlf4yErbNS9ShdTC
         zz7tB3Tlp63d+mH95cXl0tVS6pXE852lUmxX47jdY5tuQ86Mn788xO/HP8y1VlFlamK2
         zTuOJ3ow4d264I2lPWXgueWLQOOwVvjyLOsz0hxpo4TIfLY+YLvTr2XlDUW7F4ZIC50o
         fjfU5YP15UvEHg4+YPHRqmiMQyp6DT6No71nhWhbZyCdzTWFs6A8a2QJEYYuY5hccLd7
         4sHcycJKruMu0BIGoa7e5O/BS5zXRxqoPzN9IvrMQu0IiI0hQS4Fc+iqTs+RRuRnl8Ex
         z3bA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=mime-version:content-language:accept-language:message-id:date
         :thread-index:thread-topic:subject:to:from:dkim-signature;
        bh=mEa8xeBYgC5oDAMvVia716t3ct7BI+dA6l0bklr8UAM=;
        b=AC+iiIgfhye53K/jD2GTMuQhsu1Us5iZQcxKe/x1ww59llPOzWCipIVOSJ6kO2/kM5
         5QesFTIYMNlMRaJwaHWOkR+Muy2SRaaxpPhLc4lpbjmdZpgtxKZlyLmuXkx3UZvIVjzL
         hMOz4U7K6G0iDr8LgxsRRCjMWjUMBQAE6ohKsxlTT4aA1aiCp/Fqe48DjpBK8/Wwkj+5
         Ui8Lvtv2xiwFIuRtITLmBNz0+Z2dbInt1pTAsMQhE5dJyH7TjIuFaPB484UNz3m21xX6
         S1WKMEPP19uGuXCFJUtkSmZyJub93td7GsYXCE3v765FkYeTV7SukV6EQavzyE7esCLR
         OOtA==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@za.cfao.com header.s=selector2 header.b=FP6CtFnn;
       arc=pass (i=1 spf=pass spfdomain=za.cfao.com dkim=pass dkdomain=za.cfao.com dmarc=pass fromdomain=za.cfao.com);
       spf=pass (google.com: domain of nsadheo@za.cfao.com designates 40.107.5.95 as permitted sender) smtp.mailfrom=nsadheo@za.cfao.com
Return-Path: <nsadheo@za.cfao.com>
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50095.outbound.protection.outlook.com. [40.107.5.95])
        by mx.google.com with ESMTPS id p9si10358093ejf.115.2019.08.21.06.30.55
        for <nsadheo@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Wed, 21 Aug 2019 06:30:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of nsadheo@za.cfao.com designates 40.107.5.95 as permitted sender) client-ip=40.107.5.95;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@za.cfao.com header.s=selector2 header.b=FP6CtFnn;
       arc=pass (i=1 spf=pass spfdomain=za.cfao.com dkim=pass dkdomain=za.cfao.com dmarc=pass fromdomain=za.cfao.com);
       spf=pass (google.com: domain of nsadheo@za.cfao.com designates 40.107.5.95 as permitted sender) smtp.mailfrom=nsadheo@za.cfao.com
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F+DwKETlHrzExLzhUmKe8DYH+g1ahFs/Ec9iuYU3WMOuPoD9LotwlIEWnRWr2ECk4a/jkV7N1x3bMakycJaZK/PYADiDo5GLXeaatvirya0YnMIYTNAV3rsmCKOxge1fkYTEi53IYOKBEy6kwAFnMEFlL9szBZ7JnUNyFu1tm17huZXUl4DT8nzAPcJs21gu5o2hGkKhPW7goMWDyZ/VVfQS7/q+X6uOwXStbGHhitkh2tw0Z6N7D4GPdU1WMxjrrmXYta4V2mGRvwM8K6s+QIEZx0h+2nmwvYQm9j5VeWQLsJ6HxWmVW4TDYBVbK7hjVk5l20iGZzpUnmndHc6Jjw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mEa8xeBYgC5oDAMvVia716t3ct7BI+dA6l0bklr8UAM=; b=OlIwiuD9XISvwzVd1HdhPWx6ADnQiHYi+SUnkn6XGlIYa0RLu27hdFJbPDupi6xFv/LFyXqjv+g2gGpsAWY5nVvIPqICsw6iF7kYot/oEmYlsyoabmZbY2kIQAqXrxOn0eLMv/V0/2saTO3KM0SuhWENDBfZ4HeJ3F8L6O7QqI5a+g0KMR5SxDeapiLVD/qTZ5RxFcyPHeysnw1o0j4fmtIPI8ZPAM8JYufhdO/AkWgsDC6N3JraMUvwVeE23tmYZBzruS6Ip51aiUuoeGMY3YBAhYnFlQgbPNXgy4WwRfxeCeLhoR7jzA1QXHrUNjY/qjMrYGtS4LsSw8eUWM2ewg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=za.cfao.com; dmarc=pass action=none header.from=za.cfao.com; dkim=pass header.d=za.cfao.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=za.cfao.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mEa8xeBYgC5oDAMvVia716t3ct7BI+dA6l0bklr8UAM=; b=FP6CtFnnw6NVQziPrjiZsfdDEBYGCCmQAq3O5/goannAvxIwiT8pJagAe9vqYgQOcn/OXY4lB0SqUmS5UfrZi/iumosCAUW8fd/dOm/ltG+4OyZ41zecTdTflhNvdiSgxEUldjLvURAnYgyFjxxCjzCMQEq7gVp/N8lAwZ2E7Rk=
Received: from DB8P190MB0730.EURP190.PROD.OUTLOOK.COM (52.135.63.144) by DB8P190MB0730.EURP190.PROD.OUTLOOK.COM (52.135.63.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.16; Wed, 21 Aug 2019 13:30:54 +0000
Received: from DB8P190MB0730.EURP190.PROD.OUTLOOK.COM ([fe80::71bf:4419:8bc4:a699]) by DB8P190MB0730.EURP190.PROD.OUTLOOK.COM ([fe80::71bf:4419:8bc4:a699%2]) with mapi id 15.20.2178.020; Wed, 21 Aug 2019 13:30:54 +0000
From: Navishkar SADHEO <nsadheo@za.cfao.com>
To: NC Sadheo <nsadheo@gmail.com>
Subject: test1
Thread-Topic: test1
Thread-Index: AdVYJKY9mClFl38XRWend63MaL4MVg==
Date: Wed, 21 Aug 2019 13:30:54 +0000
Message-ID: <DB8P190MB0730A5E666636DC0871F162FF1AA0@DB8P190MB0730.EURP190.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=nsadheo@za.cfao.com;
x-originating-ip: [105.23.225.190]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cf0e2d89-8b6b-48db-e189-08d7263bcad7
x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020);SRVR:DB8P190MB0730;
x-ms-traffictypediagnostic: DB8P190MB0730:
x-microsoft-antispam-prvs: <DB8P190MB0730D72F146971F54A573808F1AA0@DB8P190MB0730.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:1728;
x-forefront-prvs: 0136C1DDA4
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(4636009)(346002)(396003)(376002)(366004)(136003)(39850400004)(199004)(189003)(81156014)(26005)(55016002)(6116002)(186003)(9686003)(3846002)(54896002)(6306002)(73894003)(74316002)(316002)(2906002)(102836004)(99286004)(6506007)(256004)(71190400001)(71200400001)(8936002)(33656002)(790700001)(7736002)(4270600006)(6436002)(25786009)(7116003)(6916009)(476003)(14454004)(486006)(76116006)(7696005)(66066001)(1411001)(66446008)(64756008)(66946007)(66476007)(66556008)(217283003)(52536014)(5660300002)(86362001)(8676002)(53936002)(81166006)(478600001);DIR:OUT;SFP:1102;SCL:1;SRVR:DB8P190MB0730;H:DB8P190MB0730.EURP190.PROD.OUTLOOK.COM;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:0;MX:1;
received-spf: None (protection.outlook.com: za.cfao.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: s8HgQRDDo8xAYqnGArehkBX6oT8ql8aX1kVqtuMf+kHwheBv6i0An7xYGP7tvMkVskJljufiIPvSoWm7q166ekbNowo0HY2g0VptApLjHACVN+WRyRd1kXwfpT74x2BodJ2dS7BCsTzX6Ax1FZ1cq8FhDmRj8InG2vLlXes69Lgpwf8cHwbc578zHeALzuTHakLe7XlVZYLvL6/MQjLq+ARP1A7ybfgxvtMiJnk8keKAxOTB8+hblcaXjov0WsFtHvtKLr7fMLPlJUWOMYzMzoo383lWUX//97BLdB/tZbE=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DB8P190MB0730A5E666636DC0871F162FF1AA0DB8P190MB0730EURP_"
MIME-Version: 1.0
X-OriginatorOrg: za.cfao.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cf0e2d89-8b6b-48db-e189-08d7263bcad7
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Aug 2019 13:30:54.3575 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 15d1f070-0301-4099-9892-b8198001c1a6
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ydoY64BQKqKLBzQBXy9uHHQqH1OTIdPN8oEyGwTG1DnCr2DEBjsc6ZYrkvgO8e/0qKNxTENPNdgObCvlqFC/YQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8P190MB0730

--_000_DB8P190MB0730A5E666636DC0871F162FF1AA0DB8P190MB0730EURP_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable



--_000_DB8P190MB0730A5E666636DC0871F162FF1AA0DB8P190MB0730EURP_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
=09{font-family:"Cambria Math";
=09panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
=09{font-family:Calibri;
=09panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
=09{font-family:"Segoe UI";
=09panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
=09{margin:0cm;
=09margin-bottom:.0001pt;
=09font-size:11.0pt;
=09font-family:"Calibri",sans-serif;
=09mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
=09{mso-style-priority:99;
=09color:#0563C1;
=09text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
=09{mso-style-priority:99;
=09color:#954F72;
=09text-decoration:underline;}
span.EmailStyle17
=09{mso-style-type:personal-compose;
=09font-family:"Segoe UI",sans-serif;
=09color:windowtext;}
.MsoChpDefault
=09{mso-style-type:export-only;
=09font-family:"Calibri",sans-serif;
=09mso-fareast-language:EN-US;}
@page WordSection1
=09{size:612.0pt 792.0pt;
=09margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
=09{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-ZA" link=3D"#0563C1" vlink=3D"#954F72">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Segoe UI&quot;,sans=
-serif"><o:p>&nbsp;</o:p></span></p>
</div>
</body>
</html>

--_000_DB8P190MB0730A5E666636DC0871F162FF1AA0DB8P190MB0730EURP_--"
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Jose Gabriel Ortega CastroTop Rated Freelancer on MS Technologies
Awarded 2018
Distinguished Expert 2018

Commented:
Hello, Navishkar I can see it using the beta :)

Oh well, the problem is that you're sending emails from a Subdomain of your root domain "za.cfao.com"

for this reason, you'd need to create an SPF for this subdomain.
1.png
Aparentelly is in place.
https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx?huid=f580fdd8-e106-403e-ba30-d2ffbf29b78d
and they are aligned and good. what is wrong is the DKIM signature.

Commented:
You're reading the wrong parts. It's all a PASS from Google:

Received-SPF: pass (google.com: domain of nsadheo@za.cfao.com designates 40.107.5.95 as permitted sender) client-ip=40.107.5.95;
Authentication-Results: mx.google.com;
       dkim=pass
header.i=@za.cfao.com header.s=selector2 header.b=FP6CtFnn;
       arc=pass (i=1 spf=pass spfdomain=za.cfao.com dkim=pass dkdomain=za.cfao.com dmarc=pass fromdomain=za.cfao.com);
       spf=pass (google.com: domain of nsadheo@za.cfao.com designates 40.107.5.95 as permitted sender)
Senior Systems Admin
Top Expert 2010
Commented:
"None (protection.outlook.com: za.cfao.com does not designate permitted sender hosts)"

This is referencing the SPF results that occurred when your email crossed boundaries between Office 365 Tenants. Essentially, if you have email routing from one tenant to another tenant before hitting the Internet. When email goes directly from one tenant to another, there are no SPF records because it is utilizing Microsoft's internal DNS for the SPF lookup, which doesn't maintain a copy of your DNS records. Not sure how you're managing to do that, but from the headers it looks like that's what is going on. (Note the X-MS-Exchange-CrossTenant header lines)
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
@Jose Gabriel Ortega Castro - Where can you see an issue with the DKIM signature??

Author

Commented:
@Adam Brown - "Not sure how you're managing to do that," --- I am not really doing anything strange that I am aware of...
Jose Gabriel Ortega CastroTop Rated Freelancer on MS Technologies
Awarded 2018
Distinguished Expert 2018

Commented:
navishar check the link that I mentioned on my last comment

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial