Jump to content


Issue with Office365: Out of Office

DMARC Office365 RFC

  • Please log in to reply
1 reply to this topic

#1 Hugo van der Kooij

Hugo van der Kooij
  • Members
  • 3 posts

Posted 11 February 2019 - 08:20 AM



I discovered an issue where the Email Security Services will result in a DMARC violation.


If you send out-of-office replies from Office365 and you forward them through the cloud then these will fail if the receiver has taken care of Email security.


The issue is that the From: line is set to the domain. So it reads like:

From: Some.User@contoso.com


Office365 sends it out with an Empty Sender as dictated by RFC 2298:

The envelope sender address (i.e., SMTP MAIL FROM) of the MDN MUST be null (<>), specifying that no Delivery Status Notification messages or other messages indicating successful or unsuccessful delivery are to be sent in response to an MDN.


But the Barracuda Email Security Service puts in a random (serialized) sender:

For example: 301119-bounces@bounces.ess.barracudanetworks.com


This seems to me a violation of RFC 2298 and it is causing havoc if you want to step up email security.


It is also no match at all to the actual user sending out the Out of Office reply.


So how can this be fixed?

#2 Eric Byrd

Eric Byrd
  • Members
  • 1 posts

Posted 04 March 2020 - 12:30 PM

We are seeing the same issue.  Per Hugo's comments, please refrain from adding any sender to the envelope for Office 365 out of office emails.