Avatar of SooHow Cheng
SooHow Cheng
Flag for Singapore asked on

Why this spf error for my MS Exchange onprem server?

This is using MS Exchange in hybrid configuration. Some mailboxes are located in onprem while others on ms office365. We only configure spf - "v=spf1 include:spf.protection.outlook.com ?all". 

Recently, we change the outgoing mails from onprem to be send directly from the onprem exchange server. We configured the mx record for the onprem exchange server. A user intend to send to recipient got the following spf error.



 More Info for Email Admins
Status code: 550 5.7.23 
 
 This error occurs when Sender Policy Framework (SPF) validation for the sender's domain fails. If you're the sender's email admin, make sure the SPF records for your domain at your domain registrar are set up correctly. Office 365 supports only one SPF record (a TXT record that defines SPF) for your domain. Include the following domain name: spf.protection.outlook.com. If you have a hybrid configuration (some mailboxes in the cloud, and some mailboxes on premises) or if you're an Exchange Online Protection standalone customer, add the outbound IP address of your on-premises servers to the TXT record.
 
 For more information and instructions about configuring SPF records see Customize an SPF record to validate outbound mail sent from your domain and also External Domain Name System records for Office 365.
Original Message Details


What shall we do with the spf error? shall we configure this spf record for onprem exchange server? is this possible?


Thanks,

ExchangeMicrosoft 365* SPF Records

Avatar of undefined
Last Comment
David Favor

8/22/2022 - Mon
David Favor

To answer your question requires the domain through which you're sending for testing.
ASKER CERTIFIED SOLUTION
Mal Osborne

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
SooHow Cheng

ASKER
Hi David,

No, I can't provide any domain (test) for testing.

Hi Mal Osborne,

I will update the spf records tomorrow
SooHow Cheng

ASKER
Thanks for both experts. It works
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
David Favor

Note: If this fails to fix your problem in the future there are 2x new 550 returns from at least Google where the returned error messages are super bogus.

Bogus SMTP response formats...

1) Unauthenticated email from $your-domain is not accepted due to $various-reasons...

2) Message not accepted for policy reasons. See https://$your-domain...

If you see either of these message, open a new question about the exact/full SMTP responses + I'll post the fixes.

You may have to DM me + drop your question URL, as sometimes EE fails to present all questions to all users.