146 votes5 comments · Office 365 Security & Compliance » Spam & Phishing · Flag idea as inappropriate… · Admin →
An error occurred while saving the comment
115 votes10 comments · Office 365 Security & Compliance » Spam & Phishing · Flag idea as inappropriate… · Admin →
When you have another service scanning in front of Office 365, the proper thing to do is disable the Office 365 scanning altogether and (optionally) respect the verdict from the prior system. Once you do that, even with the SPF header, the mails will not go to the users’ junk folders.
An error occurred while saving the commentTerry Zink (Senior PM in Office 365) commented
You shouldn't need to turn off SPF and DMARC (it isn't necessary to disable DKIM checks). As long as the MX doesn't point to Office 365 (e.g., it points to MimeCast), SPF checks are supposed to be disabled already (the additional spam rule option doesn't consider this, but you shouldn't turn it on).
A little more detail - the SPF/DMARC checks will still appear in the Authentication-Results header, but they won't be enforced anywhere in the filter.