120 votes5 comments · Office 365 Security & Compliance » Spam & Phishing · Flag idea as inappropriate… · Admin →
112 votes10 comments · Office 365 Security & Compliance » Spam & Phishing · Flag idea as inappropriate… · Admin →
When you have another service scanning in front of Office 365, the proper thing to do is disable the Office 365 scanning altogether and (optionally) respect the verdict from the prior system. Once you do that, even with the SPF header, the mails will not go to the users’ junk folders.Terry Zink (Senior PM in Office 365) commented
You shouldn't need to turn off SPF and DMARC (it isn't necessary to disable DKIM checks). As long as the MX doesn't point to Office 365 (e.g., it points to MimeCast), SPF checks are supposed to be disabled already (the additional spam rule option doesn't consider this, but you shouldn't turn it on).
A little more detail - the SPF/DMARC checks will still appear in the Authentication-Results header, but they won't be enforced anywhere in the filter.