On Fri, Feb 04, 2022 at 02:34:35PM -0500, Alex wrote:
> I have a multi-instance postfix config and am trying to figure out why
> Microsoft 365 is marking my email from the outbound instance as SPF
> softfail.
Because you're forwarding email received from an external domain,
and it is *that* (envelope sender) domain's SPF records that count,
not yours.
> Authentication-Results: spf=softfail (sender IP is 209.222.90.109)
> smtp.mailfrom=gmail.com; dkim=pass (signature was verified)
> header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;compauth=pass
> reason=100
Unless you're "google.com", or "google.com" lists your IPs in its SPF
records, SPF is *supposed* to fail. This is why DKIM was invented, it
survives simple verbatim forwarding.
--
Viktor.
