The introduction of email authentication mechanisms like SPF, DKIM, and DMARC have improved email security and spoofing prevention. However, some scenarios have been disrupted by these authentication mechanisms, namely auto-forwarding and relaying. Here in Office 365, we are committed to ensuring the security of our customers and the general integrity of the email ecosystem that we are a part of. From July 16th, we will begin rolling out Sender Rewriting Scheme (SRS) functionality to solve the problem of auto-forwarding being incompatible with SPF. The SRS feature will rewrite the P1 From address (also known as the Envelope From address) for all applicable messages being sent externally from Office 365. The From header (also known as Display From address or P2 From address) which is displayed by email clients will remain unchanged. This change will improve deliverability of applicable messages since SPF checks that were failing in the past for such messages will now pass. Regarding ‘applicable’ messages, we anticipate the following scenarios will be affected and result in SRS rewriting the P1 From address:
Note: SRS rewriting would also rewrite the P1 From address of messages that are relayed from our customer’s on-premises environment, where the P1 From domain is NOT a verified domain. Customers should only be sending messages from domains in their Accepted Domains list. Find out more about Accepted Domains in Office 365 here.
This change results in Non-Delivery Reports (NDRs) returning to Office 365 instead of the original sender as it occurs today without SRS. Part of the SRS implementation, therefore, is to reroute returning NDRs to the original sender in the case where a message could not be delivered.<Forwarding Mailbox Username>+SRS=<Hash>=<Timestamp>=<Original Sender Domain>=<Original Sender Username>@<Forwarding Mailbox Domain>
Example: A message is sent from Bob (bob@fabrikam.com) to John's mailbox in Office 365 (john.work@contoso.com). John has set up auto-forwarding to his home email address (john.home@example.com).Original message | Auto-forwarded message | |
Recipient | john.work@contoso.com | john.home@example.com |
P1 From | bob@fabrikam.com | john.work+SRS=44ldt=IX=fabrikam.com=bob@contoso.com |
From header | bob@fabrikam.com | bob@fabrikam.com |
bounces+SRS=<Hash>=<Timestamp>=<Original Sender Domain>=<Original Sender Username>@<Customer's Default Accepted Domain>
Important: In order to receive NDRs for relayed messages that are rewritten by SRS, a mailbox (either hosted or on-premises) needs to be created with the username 'bounces' and the domain being the default Accepted Domain of the customer. Example: A message is sent from Bob (bob@fabrikam.com) to John's mailbox (john.onprem@contoso.com) on his company's own Exchange server. John has set up auto-forwarding to his home email address (john.home@example.com).Original message | Relayed message received by Office 365 | Relayed message sent from Office 365 | |
Recipient | john.onprem@contoso.com | john.home@example.com | john.home@example.com |
P1 From | bob@fabrikam.com | bob@fabrikam.com | bounces+SRS=44ldt=IX=fabrikam.com= bob@contoso.com |
From header | bob@fabrikam.com | bob@fabrikam.com | bob@fabrikam.com |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.