Outgoing emails from mailflow arrive in spam

What happens if you don't use Sophos mailflow rules with that domains and the same recipients?

I have disabled mailflow as a discard test, that way the outgoing emails from office365 to hotmail and gmail accounts arrive as legitimate in the inbox. That could be happening?

Hello Gerardo,

Thank you for contacting the Sophos Community.

So the CV=fail indicates that the ARC-Chain validation has failed for this message.

The ARC-Chain validation is a way to validate the authenticity of an email that passes through an intermediary email server. (Relay).

I am not 100% sure if Sophos Email supports ARC signatures for outbound emails in this specific scenario or if this would be the issue you are having, but I will check internally and get back to you.

Do you happen to have a  case open for this?

Regards,

Thanks for your answer. Yes I have an open case 06458525

It is unlikely that ARC failure would result in spam designation. ARC is message authentication not spam scanning. i tested using my Mailflow M365 sending to my hotmail account without any issues. I would say make sure that other methods of authentication are completely setup as well so that others see you as a valid/trusted sender. Are DMARC, SPF, DKIM properly configured for the domains in question? Spam scoring and determination are dependent on the scanners used by microsoft and from my experience highly prone to false positives. Which message authentication can influence other scores in a message a simple failure without any policy configured usually doesn't prevent message delivery or junk mail designation. 

Thanks for your answer Tom. Office365 SPF has been added to the domain; DMARC and DKIM gave us another question, should this be configured from office365 when using mailflow? currently not configured

Yes it should be configured, my domain is @foucha.com hosted by M365 and I have DKIM and DMARC configured. DMARC doesn't have any configuration specific to M365 like SPF does outside of DNS entry as seen below is sufficient

v=DMARC1; p=quarantine; options:(none or quarantine or reject)

for DKIM in Security.microsoft.com

1. Policies & rules
   
2. Threat policies
   
3. Email authentication settings set your DKIM to enabled for your domains

OK,

I'm going to configure dkim/dmarc, in a few hours I'll post the results.

thanks

Hello Tom, I am sorry to inform you that the same results have been obtained, the emails to hotmail arrive in spam with the following configurations:

- mailflow configured again
- dkim of office365 configured in the public dns
- dmarc configured in public dns
- office365 spf configured in public dns
- office365 rules created automatically from sophos central by api

I have observed an important detail, whenever I finish configuring mailflow and try to send an email to hotmail, the first email arrives in the inbox without problems, after trying to send more emails to hotmail they begin to arrive in SPAM

What other discard can we do? Could you assist us in this problem?

I still don't lose hope in mailflow.

Truthfully it has little to nothing to do with mailflow. Mailflow (MFR) is just a method of using connectors in M365 to send messages to/from Microsoft (office365). MFR allows you to keep your mx record pointed at protection.outlook.com and configure SPF and other message authentication methods. When you send email it is delivered by M365 not Sophos so recipients see the message coming from M365. In reality Mailflow is just a routing mechanism and has nothing to do with spam. Why Hotmail is having False Positive issues is out of our control. If this doesn't happen with gateway mode then it could be because the hotmail service is seeing different IP reputations being delivered (gateway uses sophos IP to deliver messages, mfr uses microsoft). I do not know how much more information I can give you outside of contacting Microsoft or whitelisting the sending domain in hotmail. Do you have multiple domains? Does the same issue happen with all the domains?