Implement Sender Rewriting Scheme (SRS) to Resolve Forwarding Issues
Forwarding in SMTP is fundamentally flawed unless you implement SRS.
If you maintain the Return-Path of the originating message while forwarding you effectively spoof the originating domain.
If you modify the Return-Path to be the address of the account that forwarded a message you break the Return-Path chain and delivery issues will result in the forwarded message Delivery Status Notification (DSN) being delivered to the forwarding user and not the original sender.
SRS resolves this by modifying the Return-Path in a way that doesn't spoof the originating domain but still allows DSNs to be sent to the original sender.
Added to the roadmap (https://products.office.com/en-us/business/office-365-roadmap) for tracking. As mentioned earlier, we’re also looking very seriously at Authenticated Received Chain, which is in draft, but has good momentum for adoption. We hope to report back soon on that as well.
If you’re interested in signing your tenant up early to help us test this out, be sure to give us your email address so you can receive an invitation when we’re ready!
ARC is also coming soon, though I have no date to provide at this particular time. SRS is rolled out to nearly all tenants, but is on hold for some while we finish ARC. Stay tuned.
I just noticed Microsoft is trying to use ARC for emails with SRS implemented.
The problem is, the SRS rewritten messages are getting signed with the default tenant domain (mytenant.onmicrosoft.com), which doesn't match any domain in the message.
I think messages rewritten with SRS and forwarded should get signed by the domain name of the original recipient, not the tenant name.
SRS was a great idea when SPF was new, but it breaks DMARC. Can we get at least the option to disable it for messages authenticated with DMARC?
Is ARC still in the roadmap? Is there any timeline at all?
Victor Khong commented
When will SRS be rolled out to GCC?
Hi, we are also waiting on SRS being implemented. We have a number of groups which forward mail from external senders to external recipients. This works on our on-premise environment but not when we direct mail flow through Office 365. Until SRS is implemented we are unable to fully migrate to Office 365.
I too have spent a fair amount of time with Microsoft Support to get information on SRS and when its being rolled out.
I do agree with Pau comment, that is
"... 99% of the constant flow of 'enhancements' to Office 365 are pointless fluff. Please redirect your efforts to something that actually adds value to your product."
I'm still struggling with a whole bunch of application that is relying on SRS aka Sender Rewriting Scheme whereas Office 365 rewrite the "Mail From:" header to other email address, in my case it's the same domain.
I've spent hours and with their technical support and no one seems to have any ideas what SRS about and have to educate them what is Sender Rewriting Scheme features are about.
What is the status of this item? I'm still not seeing any rewriting on emails through our Office 365 groups.
Alan McFarlane commented
Did everyone see the blog post on this?
It contains lots of nice detail on the feature… And gives the rollout date as:
“From July 16th, we will begin rolling out Sender Rewriting Scheme (SRS)”
Terry Zink (Senior PM in Office 365) commented
I know that SRS is a popular request, but please ensure your expectations are set accordingly. SRS fixes SPF failures when a messages is forwarded out of Office 365; that is, message originates outside the service and into Office 365, and then is forwarded out of the service (either Transport rules or some user mailbox forwarding). Because currently the service is retaining the original SMTP MAIL FROM, if it publishes SPF Hard Fail, that will fail at the destination mailbox.
However, this won't fix DMARC failures (or Office 365's new antispoofing features). For that, Authentication Received Chaining (ARC) is required. ARC is a new feature which is implemented at only one large receiver - Google - and a handful of smaller ones. It's under development here at Microsoft as well.
So, SRS solves some problems, and ARC solves others but until ARC is more widely adopted there will be problems when it comes to forwarding (the plus side is that the largest receivers where this matters tends to be Microsoft [Outlook.com + Office 365] and Google).
Please do this ASAP. 99% of the constant flow of 'enhancements' to Office 365 are pointless fluff. Please redirect your efforts to something that actually adds value to your product.
Wayne Bosworth commented
It seems this feature has been pushed back further - now showing...
Estimated Release: Q3 CY2018 (modified : 02/27/2018)
This was in the Roadmap as Estimated Release: January CY2018 but has just slipped to Estimated Release: Q1 CY2018 (Feature ID: 24056), which is a shame as many of us are waiting for this.
Douglas Plumley commented
SPF SRS was posted to the public roadmap yesterday, looks like we are getting closer!
Please add SRS functionality. This is affecting distribution groups with external contacts for us.
Roberto A. commented
The last admin update was over 6 months ago. Is there any time-frame to share? If there will be no SRS implementation in the the near future, it would be good to know.
Any further updates here, Microsoft?
The SRS standard was published in 2006 - over 10 years ago.
It is a recommended best practice, and a core part of SPF. It seems MS have no comment on when / if they will implement this.
It is very disappointing given that it is not a technically challenging issue.
We are waiting many months to get the forward email functionality.
Amazing that MS don't understand the fact that many company and users will leave O365 for this type of issue.
Why stay on a "thinking about it" and where are all the old comments made in this tread from more than a year ago !
Sender Rewriting Scheme (SRS) is needed urgently in Office 365 as without it too many forwarded emails are being lost.
As SPF, DKIM and DMRC become common place SRS will become critical to the survival of Office 365 email.