Why your email system is broken after switching to office365

Hey Random User
So you decided to go cloud*, Great! but what does this mean for your email? Well for one, your outbound email no longer comes from your business’s public IP address pool, but a massive pool of email gateways spread across the globe. (50,688 authorized individual IPv4 addresses). Email messages bounce across multiple private and public servers, to multiple storage pools which you collect and access from any of the many client access servers. You now trust your email domain to be handled by someone else, many many someones, and your reputation is susceptible to abuse by to any of the millions of people using those shared services. Now I’m not saying Microsoft doesn’t monitor for abuse, but they also must make their customers happy. Which means being a little lenient with regulations from our friends at the FTC**.

To my point.
In my experience, people are switching to o365 because they are inept to host and maintain their own email systems, that’s fine, but when you switch you should get some help from a knowledgeable consultant (who if they are truly knowledgeable will recommend otherwise). I have seen countless users switch to o365 and blindly setup a SFP record to reject all emails from other sources, including web-forms, newsletter systems, alert systems, and so on.

Just Stop! If you are switching or switched and you can’t figure out what SPF does, do some¬†research! Even Microsoft has documentation on how to setup SPF properly.

-all vs ~all

-all = reject all email that is not from a server listed.
~all = mark or tag all email that is not from a server listed as spam
+all = authenticate all email as valid (disables spf)
?all = accept all servers as if there was no spf record
(sourced from http://www.openspf.org/SPF_Record_Syntax)

If your emails are bouncing back*** with this error:
F=<SAMS@Source4Teachers.com> rejected RCPT <someone@example.com>: 216.83.185.44 is not allowed to send mail from Source4Teachers.com (SPF failure)

You can just add the IP address to the end of your SPF Record,

from:
-all
to
ip4:216.83.185.44 -all

Voila, now you accept email from that server! If you still need help, contact-us or our friends at word to the wise, they’ve produced some excellent articles and case-studies on the subject.

Best of Luck!
-Jake

*M3AAWG defines cloud as shared hosting with redundancy.
**CAN-SPAM ACT 2003, requires the recipient to be in the To header on bulk mailers, however many users send mass mailings to themselves and BCC their spam-endpoints.
***bounces only work if they have a valid email return path on the sending server, that’s IF you use a real email server/smtp gateway. if your returnpath isn’t valid, you’ll start running into backscatter blacklist issues!

Say Something Nice