23 votes4 comments · Office 365 Security & Compliance » Spam & Phishing · Flag idea as inappropriate… · Admin →
We highly recommend using DKIM and DMARC in addition to just SPF. That said, this may be best worked via a support ticket so individual messages can be analyzed. As mentioned, it is completely possible that the issue is because of a whitelist or rule.
An error occurred while saving the commentAl Douglas commented
An SPF Hard Fail will be marked as high confidence spam (SCL 9) if the advanced spam option "SPF hard fail" is enabled (https://technet.microsoft.com/en-us/library/jj200750(v=exchg.150).aspx) unless the sender is whitelisted in some way. I would suggest enabling this option, unless the email is marked with an SCL-1 then it is bypassing the content filter due to a configured allow list/ETR, and this should be identified and investigated