Feedback by UserVoice

How can we improve compliance or protect your users better in Office 365?

Implement Sender Rewriting Scheme (SRS) to Resolve Forwarding Issues

Forwarding in SMTP is fundamentally flawed unless you implement SRS.

http://www.openspf.org/SRS

If you maintain the Return-Path of the originating message while forwarding you effectively spoof the originating domain.

If you modify the Return-Path to be the address of the account that forwarded a message you break the Return-Path chain and delivery issues will result in the forwarded message Delivery Status Notification (DSN) being delivered to the forwarding user and not the original sender.

SRS resolves this by modifying the Return-Path in a way that doesn't spoof the originating domain but still allows DSNs to be sent to the original sender.

590 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Douglas Plumley shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    Added to the roadmap (https://products.office.com/en-us/business/office-365-roadmap) for tracking. As mentioned earlier, we’re also looking very seriously at Authenticated Received Chain, which is in draft, but has good momentum for adoption. We hope to report back soon on that as well.

    If you’re interested in signing your tenant up early to help us test this out, be sure to give us your email address so you can receive an invitation when we’re ready!

    28 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Newbiez commented  ·   ·  Flag as inappropriate

        I do agree with Pau comment, that is
        "... 99% of the constant flow of 'enhancements' to Office 365 are pointless fluff. Please redirect your efforts to something that actually adds value to your product."

        I'm still struggling with a whole bunch of application that is relying on SRS aka Sender Rewriting Scheme whereas Office 365 rewrite the "Mail From:" header to other email address, in my case it's the same domain.

        I've spent hours and with their technical support and no one seems to have any ideas what SRS about and have to educate them what is Sender Rewriting Scheme features are about.

      • Anonymous commented  ·   ·  Flag as inappropriate

        What is the status of this item? I'm still not seeing any rewriting on emails through our Office 365 groups.

      • Terry Zink (Senior PM in Office 365) commented  ·   ·  Flag as inappropriate

        I know that SRS is a popular request, but please ensure your expectations are set accordingly. SRS fixes SPF failures when a messages is forwarded out of Office 365; that is, message originates outside the service and into Office 365, and then is forwarded out of the service (either Transport rules or some user mailbox forwarding). Because currently the service is retaining the original SMTP MAIL FROM, if it publishes SPF Hard Fail, that will fail at the destination mailbox.

        However, this won't fix DMARC failures (or Office 365's new antispoofing features). For that, Authentication Received Chaining (ARC) is required. ARC is a new feature which is implemented at only one large receiver - Google - and a handful of smaller ones. It's under development here at Microsoft as well.

        So, SRS solves some problems, and ARC solves others but until ARC is more widely adopted there will be problems when it comes to forwarding (the plus side is that the largest receivers where this matters tends to be Microsoft [Outlook.com + Office 365] and Google).

      • Paul commented  ·   ·  Flag as inappropriate

        Please do this ASAP. 99% of the constant flow of 'enhancements' to Office 365 are pointless fluff. Please redirect your efforts to something that actually adds value to your product.

      • Wayne Bosworth commented  ·   ·  Flag as inappropriate

        It seems this feature has been pushed back further - now showing...
        Estimated Release: Q3 CY2018 (modified : 02/27/2018)

      • Paul commented  ·   ·  Flag as inappropriate

        This was in the Roadmap as Estimated Release: January CY2018 but has just slipped to Estimated Release: Q1 CY2018 (Feature ID: 24056), which is a shame as many of us are waiting for this.

      • Rob commented  ·   ·  Flag as inappropriate

        Please add SRS functionality. This is affecting distribution groups with external contacts for us.

      • Roberto A. commented  ·   ·  Flag as inappropriate

        The last admin update was over 6 months ago. Is there any time-frame to share? If there will be no SRS implementation in the the near future, it would be good to know.

      • Jeff commented  ·   ·  Flag as inappropriate

        The SRS standard was published in 2006 - over 10 years ago.

        It is a recommended best practice, and a core part of SPF. It seems MS have no comment on when / if they will implement this.

        It is very disappointing given that it is not a technically challenging issue.
        http://www.openspf.org/SRS

      • PC commented  ·   ·  Flag as inappropriate

        We are waiting many months to get the forward email functionality.
        Amazing that MS don't understand the fact that many company and users will leave O365 for this type of issue.
        Why stay on a "thinking about it" and where are all the old comments made in this tread from more than a year ago !

      • Paul commented  ·   ·  Flag as inappropriate

        Sender Rewriting Scheme (SRS) is needed urgently in Office 365 as without it too many forwarded emails are being lost.

        As SPF, DKIM and DMRC become common place SRS will become critical to the survival of Office 365 email.

      • Roberto A. commented  ·   ·  Flag as inappropriate

        Please add this functionality as soon as possible.

        External contacts in Office 365 distribution groups are getting '554 5.7.1 : Client host rejected: Antispoofing in action' errors. This is not good at all.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Farooque.... I can't speak for everyone, but for my tenant, the issue is Office 365 groups which contain guests with AOL/yahoo email accounts. Due to Yahoo/AOL 'dmarc p=reject' policy, and the way Office 365 simply redirects a message without implementing SRS, messages sent to a distribution list from yahoo/aol users will not be received by other yahoo/aol members of the group.

      • Farooque commented  ·   ·  Flag as inappropriate

        Hey!!!! Anyone technically would like to add "why did you need this in EOP"? I need a technical answer.....?

      • KAD commented  ·   ·  Flag as inappropriate

        If not fixed the owner of our company, who is not getting e-mail forwarded g-mail account but is getting the "Undeliverable" notices pointing back to their own domain forwarded, may mandate we move away from office 365 as the companies mail platform.

      • Tor Willy Austerslått commented  ·   ·  Flag as inappropriate

        Yes, please implement SRS in Office 365/Exchange Online. At the moment, the Office 365 Distribution Groups can't be relied on to deliver mail to group members with external addresses who has a strict SPF policy. To the recipient mail system, the expanded address looks like a spoofed From-address since it arrives from Office 365's mail servers.

      ← Previous 1

      Feedback and Knowledge Base