Email Security.cloud

We have been getting intermittent DMARC rejections for legitimate emails from Calor.co.uk addresses to some recipients. Investigation has shown that the recipients are all using MessageLabs as an MX domain. Full details of our investigation to date are below. What was also noticed that same message resent after 6 minutes was delivered without any problem.

Please can any DNS entries or routing related to Calor.co.uk or shv.com that may be residual from historic service provision by Symantec be identified and removed.

Issue

• Some messages after enabling DMARC policy to reject generated NDR and were not sent for domain calor.co.uk
• The return information in message trace and NDR provided information that SPF is not setup correctly.

 

NDR Data:

 Discovery

Validation of DKIM.

(ref. https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-worldwide)

• DKIM public key is provided by Microsoft Exchange Online
• selector1._domainkey.calor.co.uk  DKIM is pointing to selector1-calor-co-uk._domainkey.shvenergy.onmicrosoft.com
• Microsoft is correctly providing the public key on the pointed record.

SPF is setup correctly and includes spf for Exchange Online (validated on google dns)

(ref. https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing?view=o365-worldwide)

Nothing, not a response or an acknowledgement? Broadcom support refuse to speak to me as I'm not a customer, yet are impacting our mail flows and business... They advised me to come here but no one is responding after 10 days?
Original Message:
Sent: 11-26-2021 11:34 AM
From: Neil Webber
Subject: Intermittent DMARC/SPF failures to MessageLabs hosted MX records

We have been getting intermittent DMARC rejections for legitimate emails from Calor.co.uk addresses to some recipients. Investigation has shown that the recipients are all using MessageLabs as an MX domain. Full details of our investigation to date are below. What was also noticed that same message resent after 6 minutes was delivered without any problem.

Please can any DNS entries or routing related to Calor.co.uk or shv.com that may be residual from historic service provision by Symantec be identified and removed.

Issue

• Some messages after enabling DMARC policy to reject generated NDR and were not sent for domain calor.co.uk
• The return information in message trace and NDR provided information that SPF is not setup correctly.

 

NDR Data:

 Discovery

Validation of DKIM.

(ref. https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-worldwide)

• DKIM public key is provided by Microsoft Exchange Online
• selector1._domainkey.calor.co.uk  DKIM is pointing to selector1-calor-co-uk._domainkey.shvenergy.onmicrosoft.com
• Microsoft is correctly providing the public key on the pointed record.

SPF is setup correctly and includes spf for Exchange Online (validated on google dns)

(ref. https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing?view=o365-worldwide)