Help with SPF, DKIM and DMARC for O365

|-Goku-|

[H]ard|Gawd
Joined
Aug 24, 2003
Messages
1,774
Hey all,
Was just seeing if anyone has any Exchange experience that could help me.

I don't do to much with exchange stuff, but I have a client that is on Office 365, and was getting hit with spoofers. So, we set up SPF, DKIM and DMARC. Which has worked great, but now we need to allow their web site hosting company send emails on their behalf.

They are using word press, and it was coming from mail.wpengine.com. So, I added that to the SPF record, but the email still was flagged as spam. According to mxtoolbox, it passed SPF Alignment and Authentication, but failed both DKIM. So, they had me use SendGrid, which I verified the domain in SendGrid, and added the DKIM keys, and the CNAME for the return Path. This was still flagged as spam, showing that SPF Alignment and Authentication Failed, but DKIM Alignment passed. In the headers, it shows that SPF = Pass, so I am not sure what I am missing. The only thing I can think of is that MXToolbox is showing the Sendgrid and mail.wpengine.com IP as being blacklisted.

Any help or a point in the right direction would be great.
 

FNtastic

[H]ard|Gawd
Joined
Jul 6, 2013
Messages
1,419
No... Don't add anything to your domain records. Create them an email account and give them the credentials. The website developer will need to figure out the rest if it isn't already a feature of whatever plugin/feature they are using with WP

Remove any records that you added. You don't want to list any domains besides your own as authorized senders... That's a really bad idea. And, how spoofing happens

Essentially, the changes you are trying to make are going to allow anyone to send email with your domain listed as the sender, and it appear legitimate. This is bad for obvious reasons. If I sign up for a mail.wpengine.com account or whatever you added to your records, and put your actual domain as the sender, I can claim to be anyone in your company without ever having access to your network or O365 or any of your admin logins. I skip all that and can start sending emails worldwide picking off clients, etc
 
Last edited:

socK

2[H]4U
Joined
Jan 25, 2004
Messages
3,779
One thing I've found useful for name spoofing is a transport rule that bites on known names if the email is coming from the outside and throws it into quarantine. One downside is that you have to watch and maintain a whitelist in case someone with an identical name is trying to reach you from the outside, but at least for us, this is exceedingly rare in practice.

So like the CEO, President, VP's, whatever

Make a regex like this so it's a bit fuzzy in case they do last name first name or something or use some unicode whitespace character.
Some[\p{Z}\p{P}]{0,2}Name|Name[\p{Z}\p{P}]{0,2}Some
 
Top