Howto change exchange online journal mailboxses sender domain - SPF issue

Stefan Bauer 1 Reputation point
2021-05-05T14:27:01.527+00:00

Hi,

we use an external journal mailbox with a transport rule for all outgoing/incoming mails - setup in exchange admin center onilne.

However the SENDER address of all that mails is not configurable. It's something@tenant .onmicrosoft.com

As the SPF-policy for onmicrosoft.com is strict (-all), problems arise if mail is forwarded, as it breaks SPF.

How can we set the real domain as sender address (@customer.com). These domain is the primary mail domain, that is routed to exchange online.

Thank you.

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
2,903 questions
No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Lucas Liu-MSFT 6,076 Reputation points
    2021-05-06T04:10:52.703+00:00

    Hi @Stefan Bauer ,
    Beased on my knowledge and test, Journal mail is sent by the system mailbox on behalf of your Exchange online mailbox with the "SendonBehalf" permission. We could not change the this email address. And the address mailbox is a specific address.
    Please following the steps in this official atricle to create a safe sender lists for this specific email address, then try to send an test email and see if the journal email breaks SPF.
    Please refer to: Create safe sender lists in EOP
    94262-inkedcapture-li.jpg

    Or change the SPF record and add the domain of the address that sends the journal mail to the SPF record.
    Please refer to: Form your SPF TXT record for Microsoft 365

    ----------

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Cheong00 3,421 Reputation points
    2021-05-06T06:33:58.873+00:00

    Check what SPF is again. The TXT record is to be added to DNS of customer.com, not onmicrosoft.com.

    When adding the TXT record, the content should look something like this for Exchange Online.

    v=spf1 include:spf.protection.outlook.com -all