Spent an hour on a remote session but support person clearly had no idea what they are doing.
I've just moved a brand new client who's never used any Sophos product before on to Central Mail and now all their SPF checks are failing and mail is bouncing back due to DMARC failing (set to reject).
Looking at the headers, the only SPF that is failing is the one below. Not quite sure why it's referring to a Sophos data centre in the US, but other Sophos tenants have the same in their headers and aren't blocked by DMARC.
As a workaround, I've told the client to change DMARC to p=none instead, but that's obviously not ideal.
Received-SPF: Fail (protection.outlook.com: domain of ***** does not designate 22.214.171.124 as permitted sender) receiver=protection.outlook.com; client-ip=126.96.36.199; helo=mfod-usw2.prod.hydra.sophos.com;
This thread was automatically locked due to age.