Jump to content


Photo

Issue with Office365: Out of Office

DMARC Office365 RFC

  • Please log in to reply
No replies to this topic

#1 Hugo van der Kooij

Hugo van der Kooij
  • Members
  • 3 posts

Posted 11 February 2019 - 08:20 AM

Hi,

 

I discovered an issue where the Email Security Services will result in a DMARC violation.

 

If you send out-of-office replies from Office365 and you forward them through the cloud then these will fail if the receiver has taken care of Email security.

 

The issue is that the From: line is set to the domain. So it reads like:

From: Some.User@contoso.com

 

Office365 sends it out with an Empty Sender as dictated by RFC 2298:

The envelope sender address (i.e., SMTP MAIL FROM) of the MDN MUST be null (<>), specifying that no Delivery Status Notification messages or other messages indicating successful or unsuccessful delivery are to be sent in response to an MDN.

 

But the Barracuda Email Security Service puts in a random (serialized) sender:

For example: 301119-bounces@bounces.ess.barracudanetworks.com

 

This seems to me a violation of RFC 2298 and it is causing havoc if you want to step up email security.

 

It is also no match at all to the actual user sending out the Out of Office reply.

 

So how can this be fixed?