Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outgoing emails from mailflow arrive in spam

Good afternoon Sophos community, I see myself in need of seeking help by this means for the problem that has been presented to me. I have configured mailflow in 4 domains, each one with a different substate, I have carried out the following tests:

1. Incoming emails do not present any problem

2. Emails from to personal Gmail accounts and corporate accounts arrive in the inbox without problems, no error is detected in the email headers

3. Outgoing emails from to a personal Hotmail account arrive in the SPAM tray.

In the headers of the mail that arrived at spam I detected the following errors:

ARC-Authentication-Results i=2; 1; spf=pass (sender ip is; dmarc=bestguesspass action=none; dkim=pass (signature was verified); dkim=pass (signature was verified); dkim=pass (signature was verified); arc=fail (48)

ARC-Seal i=2; a=rsa-sha256; s=arcselector9901;; cv=fail; b=mS+fP14RAUfFmoKWRg73FIrnp5OA/GEHet6ZLNNTI0AiYIPISowjnhk89b9jWfso/coA+kFyIISb5zwxJDQ37CSSUTHyIRMHzB3FwGGO0zOmUwL/dFd51OHpmg3ASuiuHC3OWsV6DlubGajWb P2jphcbxWiYAmpsZPcNZIRbUv4eane4qe35yeT7AsPwsMDSog+z6782RbTp+91l6MNoZsqrjI6EEmBQ10xeU8zCdEMZpVS9c6YBYpnKcNVnf2GI1ixUI8OCCSQK1SxeQ2UHlrw3pDl Itdpyfy+jSI4rZMWCf6uIZFGQ4hN5wGUBjFexfNCBCB51MgHlW/YOokFmEQ==

Will this have something to do with it?

In another domain with mailflow it happens to me that outgoing emails to gmail and hotmail arrive at SPAM.

I hope I can get help. Thank you

This thread was automatically locked due to age.
  • What happens if you don't use Sophos mailflow rules with that domains and the same recipients?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • I have disabled mailflow as a discard test, that way the outgoing emails from office365 to hotmail and gmail accounts arrive as legitimate in the inbox. That could be happening?

  • Hello Gerardo,

    Thank you for contacting the Sophos Community.

    So the CV=fail indicates that the ARC-Chain validation has failed for this message.

    The ARC-Chain validation is a way to validate the authenticity of an email that passes through an intermediary email server. (Relay).

    I am not 100% sure if Sophos Email supports ARC signatures for outbound emails in this specific scenario or if this would be the issue you are having, but I will check internally and get back to you.

    Do you happen to have a  case open for this?


    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Thanks for your answer. Yes I have an open case 06458525

  • It is unlikely that ARC failure would result in spam designation. ARC is message authentication not spam scanning. i tested using my Mailflow M365 sending to my hotmail account without any issues. I would say make sure that other methods of authentication are completely setup as well so that others see you as a valid/trusted sender. Are DMARC, SPF, DKIM properly configured for the domains in question? Spam scoring and determination are dependent on the scanners used by microsoft and from my experience highly prone to false positives. Which message authentication can influence other scores in a message a simple failure without any policy configured usually doesn't prevent message delivery or junk mail designation. 

  • Thanks for your answer Tom. Office365 SPF has been added to the domain; DMARC and DKIM gave us another question, should this be configured from office365 when using mailflow? currently not configured

  • Yes it should be configured, my domain is hosted by M365 and I have DKIM and DMARC configured. DMARC doesn't have any configuration specific to M365 like SPF does outside of DNS entry as seen below is sufficient

    v=DMARC1; p=quarantine; options:(none or quarantine or reject)

    for DKIM in
    1. Policies & rules
    2. Threat policies
    3. Email authentication settings set your DKIM to enabled for your domains
  • OK,

    I'm going to configure dkim/dmarc, in a few hours I'll post the results.


  • Hello Tom, I am sorry to inform you that the same results have been obtained, the emails to hotmail arrive in spam with the following configurations:

    - mailflow configured again
    - dkim of office365 configured in the public dns
    - dmarc configured in public dns
    - office365 spf configured in public dns
    - office365 rules created automatically from sophos central by api

    I have observed an important detail, whenever I finish configuring mailflow and try to send an email to hotmail, the first email arrives in the inbox without problems, after trying to send more emails to hotmail they begin to arrive in SPAM

    What other discard can we do? Could you assist us in this problem?

    I still don't lose hope in mailflow.

  • Truthfully it has little to nothing to do with mailflow. Mailflow (MFR) is just a method of using connectors in M365 to send messages to/from Microsoft (office365). MFR allows you to keep your mx record pointed at and configure SPF and other message authentication methods. When you send email it is delivered by M365 not Sophos so recipients see the message coming from M365. In reality Mailflow is just a routing mechanism and has nothing to do with spam. Why Hotmail is having False Positive issues is out of our control. If this doesn't happen with gateway mode then it could be because the hotmail service is seeing different IP reputations being delivered (gateway uses sophos IP to deliver messages, mfr uses microsoft). I do not know how much more information I can give you outside of contacting Microsoft or whitelisting the sending domain in hotmail. Do you have multiple domains? Does the same issue happen with all the domains?