This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 72%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Hi,
we use an external journal mailbox with a transport rule for all outgoing/incoming mails - setup in exchange admin center onilne.
However the SENDER address of all that mails is not configurable. It's something@tenant .onmicrosoft.com
As the SPF-policy for onmicrosoft.com is strict (-all), problems arise if mail is forwarded, as it breaks SPF.
How can we set the real domain as sender address (@customer.com). These domain is the primary mail domain, that is routed to exchange online.
Thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 22%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELL%3C/text%3E%3C/svg%3E)
Hi @Stefan Bauer ,
Beased on my knowledge and test, Journal mail is sent by the system mailbox on behalf of your Exchange online mailbox with the "SendonBehalf" permission. We could not change the this email address. And the address mailbox is a specific address.
Please following the steps in this official atricle to create a safe sender lists for this specific email address, then try to send an test email and see if the journal email breaks SPF.
Please refer to: Create safe sender lists in EOP
Or change the SPF record and add the domain of the address that sends the journal mail to the SPF record.
Please refer to: Form your SPF TXT record for Microsoft 365
----------
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Unfortunately you did not understand my questions, hence your answer are not of any help.
1, Safe sender list is some microsoft stuff, the mails are LEAVING microsoft infrastructure - during forward - so a whitelist at SENDER site, does not make any sense.
2, as mails are sent by a onmicrosoft.com-Domain, there is no way to change the SPF for this domain to allow forwarding.
Can you please raise a ticket or something, that somone will take care and make the sender address configurable?
Thank you.
Hi @Stefan Bauer ,
Sorry for my misunderstanding, in order to better solve this issue, I want to confirm the following points with you:
1.Does the "Transport rule" you mentioned refer to the "Journal rules"? If not, what Transport rule did you created?
2.Regarding what you said "if mail is forwarded, as it breaks SPF", if mail is forwarded, SPF will indeed be broken. So what if your forwarding behavior happened? For example, after receiving a journal mail in your journal mailbox, to whom should it be forwarded?
3."How can we set the real domain as sender address (@customer.com). " , Which sender address do you specifically want to modify here? According to my previous understanding, I think you want to modify the sender of Journal mail. If not, please correct me in time.
In addition, are there any specific errors?
If you want to open a ticket to Microsoft, you could find your region in the link below and contact Microsoft.
Please refer to: Global Customer Service phone numbers
Hi @Stefan Bauer ,
I am writing here to confirm with you how thing going now?
----------
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Stefan Bauer ,
I am writing here to confirm with you how thing going now?
----------
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Check what SPF is again. The TXT record is to be added to DNS of customer.com, not onmicrosoft.com.
When adding the TXT record, the content should look something like this for Exchange Online.
v=spf1 include:spf.protection.outlook.com -all
Cheong00, I'm well aware of SPF.
Again, the SPF issue exists, because there is a mail sent by a onmicrosoft.com-Domain, and I can not touch the SPF-entry, that is present for onmicrosoft.com
As written earlier, as the mail is forwarding on the way to the recipient mailbox, SPF is broken due to the strict SPF policy for onmicrosoft.com.