I discovered an issue where the Email Security Services will result in a DMARC violation.
If you send out-of-office replies from Office365 and you forward them through the cloud then these will fail if the receiver has taken care of Email security.
The issue is that the From: line is set to the domain. So it reads like:
Office365 sends it out with an Empty Sender as dictated by RFC 2298:
The envelope sender address (i.e., SMTP MAIL FROM) of the MDN MUST be null (<>), specifying that no Delivery Status Notification messages or other messages indicating successful or unsuccessful delivery are to be sent in response to an MDN.
But the Barracuda Email Security Service puts in a random (serialized) sender:
For example: firstname.lastname@example.org
This seems to me a violation of RFC 2298 and it is causing havoc if you want to step up email security.
It is also no match at all to the actual user sending out the Out of Office reply.
So how can this be fixed?