{"id":7812,"date":"2024-04-05T04:47:30","date_gmt":"2024-04-05T04:47:30","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=7812"},"modified":"2024-04-05T04:47:32","modified_gmt":"2024-04-05T04:47:32","slug":"out-of-office-messages-from-mimecast-going-to-defender-anti-phishing-quarantine","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/out-of-office-messages-from-mimecast-going-to-defender-anti-phishing-quarantine","title":{"rendered":"Out of Office Messages from Mimecast going to Defender Anti Phishing Quarantine"},"content":{"rendered":"\n

This organisation had a A DMARC “p=quarantine” policy DMARC record<\/p>\n\n\n\n

When an Automatic Reply is sent , it actually leaves the Env Sender (RFC5321.MailFrom)\u00a0Blank ( Null )<\/p>\n\n\n\n

It still has the Header From <\/p>\n\n\n\n

The reason for DMARC failure on Automatic Replies \\ Out of Office is SPF alignment check; The Env Sender (null) and the Body Sender (yourdomain.com)\u00a0<\/p>\n\n\n\n

The work around for this is DKIM which should be added to it anyway to get around SPF Failure. For some reason Mimecast has not tagged the DKIM signature on the Automatic Reply, which is an alternative way to verify the authenticity of the message, is not in the mail header.<\/p>\n\n\n\n

spf=none (sender IP is 103.96.21.223) smtp.helo=au-smtp-delivery-223.mimecast.com; dkim=none (message not signed) header.d=none;dmarc=fail action=quarantine header.from=xxxxx.com.au;compauth=fail reason=000<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

The Mimecast DKIM Policies were set to tag\u00a0only on\u00a0 the Return AddressFrom\u00a0<\/strong>(Blank on SPF ) ( Not the Header )\u00a0<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

Changing this to Both Resolved this<\/p>\n\n\n\n

Failing that you could always enable DKIM on 365 as well as Mimecast <\/p>\n\n\n\n

Automatic replies should have a\u00a0Auto-Submitted:<\/code>\u00a0header that you can key an exception rule on.<\/p>\n","protected":false},"excerpt":{"rendered":"

This organisation had a A DMARC “p=quarantine” policy DMARC record When an Automatic Reply is sent , it actually leaves the Env Sender (RFC5321.MailFrom)\u00a0Blank ( Null ) […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-7812","post","type-post","status-publish","format-standard","hentry","category-research"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/7812","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=7812"}],"version-history":[{"count":1,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/7812\/revisions"}],"predecessor-version":[{"id":7815,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/7812\/revisions\/7815"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=7812"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=7812"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=7812"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}