locked
Help me understand how a split email hosting client is not flagged as spam in Forefront RRS feed

  • Question

  • Hello,

    This post involves Forefront, Exchange, and general email best practices overall.

    We have a customer who has basic email hosting on Integra.net but also SOME users have their mail forwarded to an exchange host (ubtmail.com).  Their domain name, lets call it domain.com, has MX records pointed only to the Integra.net mail servers and no SPF records.  However, they send mail from the Exchange host as user@domain.com.  When we receive email from them (on Office365) Forefront doesn't seem to mind this masquerading domain.

    Here is the Forefront header:

    X-Forefront-Antispam-Report
    
    CIP:184.106.87.226;
    KIP:(null);
    UIP:(null);
    IPV:NLI;
    H:mail1.ubtmail.com;
    RD:mail1.ubtmail.com;
    EFVD:NLISFV:NSPM;
    SFS:(189002)(199002)(54504004)(38605003)(377454003)(41574002)(49866001)(47976001)(47736001)(46102001)(31966008)(50986001)(19580385001)(83322001)(69226001)(19580405001)(81542001)(81686001)(66926002)(20776003)(19580395003)(4396001)(551544002)(6806004)(74482001)(54316002)(47446002)(63696002)(15974865002)(74502001)(71186001)(76482001)(16236675002)(80976001)(74662001)(19300405004)(65816001)(74366001)(55846006)(16276001)(74876001)(33656001)(15843345004)(67866001)(76786001)(74706001)(59766001)(77982001)(76796001)(512954002)(66066001)(17760045001)(80022001)(16601075003)(56776001)(53806001)(15202345003)(81342001)(83072001)(79102001)(56816003)(54356001)(51856001)(80162001)(80862004);
    DIR:INB;
    SFP:;
    SCL:1;
    SRVR:BLUPR07MB004;
    H:CH1PRD0710HT003.namprd07.prod.outlook.com;
    CLIP:10.174.8.230;
    RD:mail1.ubtmail.com;
    MX:1;
    A:1;
    LANG:en;

    We are looking to migrate them from their current Exchange host to Office365 for those select users that require it (maintaining the split hosting using this guide: http://community.office365.com/en-us/wikis/exchange/simple-domain-sharing-for-smtp-email-addresses.aspx).

    I have two main questions about this scenario:

    1. The client claims they rarely have problems with bounced mail when sending to others.  Is there some other config going on that would establish a trust with the exchange server sending a non-authoritative domain?

    2. If we move the clients to Office365 using that guide I linked above (essentially keeping MX records pointed to Integra.net but adding SPF records to the DNS to authenticate Office365 servers for the domain), would the customer experience bounced emails for any reason?

    Thank you!

    Wednesday, August 14, 2013 5:53 PM