Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outgoing emails from mailflow arrive in spam

Good afternoon Sophos community, I see myself in need of seeking help by this means for the problem that has been presented to me. I have configured mailflow in 4 domains, each one with a different substate, I have carried out the following tests:

1. Incoming emails do not present any problem

2. Emails from mydomain.com to personal Gmail accounts and corporate accounts arrive in the inbox without problems, no error is detected in the email headers

3. Outgoing emails from mydomain.com to a personal Hotmail account arrive in the SPAM tray.

In the headers of the mail that arrived at spam I detected the following errors:

ARC-Authentication-Results i=2; mx.microsoft.com 1; spf=pass (sender ip is 52.100.173.228) smtp.rcpttodomain=hotmail.com smtp.mailfrom=talma.com.co; dmarc=bestguesspass action=none header.from=talma.com.co; dkim=pass (signature was verified) header.d=lasacol.onmicrosoft.com; dkim=pass (signature was verified) header.d=lasacol.onmicrosoft.com; dkim=pass (signature was verified) header.d=mail-dkim-us-west-2.prod.hydra.sophos.com; arc=fail (48)

ARC-Seal i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=fail; b=mS+fP14RAUfFmoKWRg73FIrnp5OA/GEHet6ZLNNTI0AiYIPISowjnhk89b9jWfso/coA+kFyIISb5zwxJDQ37CSSUTHyIRMHzB3FwGGO0zOmUwL/dFd51OHpmg3ASuiuHC3OWsV6DlubGajWb P2jphcbxWiYAmpsZPcNZIRbUv4eane4qe35yeT7AsPwsMDSog+z6782RbTp+91l6MNoZsqrjI6EEmBQ10xeU8zCdEMZpVS9c6YBYpnKcNVnf2GI1ixUI8OCCSQK1SxeQ2UHlrw3pDl Itdpyfy+jSI4rZMWCf6uIZFGQ4hN5wGUBjFexfNCBCB51MgHlW/YOokFmEQ==

Will this have something to do with it?

In another domain with mailflow it happens to me that outgoing emails to gmail and hotmail arrive at SPAM.

I hope I can get help. Thank you



This thread was automatically locked due to age.
Parents Reply Children
  • Yes it should be configured, my domain is @foucha.com hosted by M365 and I have DKIM and DMARC configured. DMARC doesn't have any configuration specific to M365 like SPF does outside of DNS entry as seen below is sufficient

    v=DMARC1; p=quarantine; options:(none or quarantine or reject)

    for DKIM in Security.microsoft.com
    1. Policies & rules
    2. Threat policies
    3. Email authentication settings set your DKIM to enabled for your domains
  • OK,

    I'm going to configure dkim/dmarc, in a few hours I'll post the results.

    thanks

  • Hello Tom, I am sorry to inform you that the same results have been obtained, the emails to hotmail arrive in spam with the following configurations:

    - mailflow configured again
    - dkim of office365 configured in the public dns
    - dmarc configured in public dns
    - office365 spf configured in public dns
    - office365 rules created automatically from sophos central by api

    I have observed an important detail, whenever I finish configuring mailflow and try to send an email to hotmail, the first email arrives in the inbox without problems, after trying to send more emails to hotmail they begin to arrive in SPAM

    What other discard can we do? Could you assist us in this problem?

    I still don't lose hope in mailflow.

  • Truthfully it has little to nothing to do with mailflow. Mailflow (MFR) is just a method of using connectors in M365 to send messages to/from Microsoft (office365). MFR allows you to keep your mx record pointed at protection.outlook.com and configure SPF and other message authentication methods. When you send email it is delivered by M365 not Sophos so recipients see the message coming from M365. In reality Mailflow is just a routing mechanism and has nothing to do with spam. Why Hotmail is having False Positive issues is out of our control. If this doesn't happen with gateway mode then it could be because the hotmail service is seeing different IP reputations being delivered (gateway uses sophos IP to deliver messages, mfr uses microsoft). I do not know how much more information I can give you outside of contacting Microsoft or whitelisting the sending domain in hotmail. Do you have multiple domains? Does the same issue happen with all the domains?