Office 365 email account – incoming email from it on a wordpress site (even though smtp settings and everything SPF related look good) reports:
“This Sender Failed Our Fraud Detection checks and may not be who they appear to be. Learn about spoofing at ….”
After several weeks of inconsistent issues around this on incoming email from an Office 365 account, I am pleased to report we have confirmed a resolution:
1st, make sure the obvious culprit is set correctly: your SPF record where your DNS zone is hosted. In my case, it WAS correctly setup, and doing tests with MXToolbox on SPF records showed no issues. However, if you do NOT have your txt record setup to include the domain for your O365 account added to your email server IP, it will not work correctly.
2nd – and this was the issue I logged many hours trying to find – the Office 365 spam filter is interfering and appears to incorrectly block the emails while reporting in the message header that the SPF is the reason it is failing. Which is CLEARLY not the case. The solution, as reported online by Robert Peng, is a little complex but solved the issue as we were experiencing it.
Sign into Exchange admin center (https://outlook.office365.com/ecp) with your Office 365 admin account. In Mail Flow, click + to Create a new rule…, select More options. Set Apply this rule if… – the sender is this person and select the account which sends the emails. Set Do the following… – Modify the message properties – Set the Spam Confidence Level to bypass spam filtering and click Save at last., go to Admin, go to Exchange Admin, go to Mail Flow, go to add a new rule, click More Options, add your sender account(s)