MicrosoftSince you enabled the "key updates to IPv6 traffic for Exchange Online," we have begun experiencing issues with emails failing DMARC validation. This is particularly concerning because these emails are sent from our head office organization, and we know for a fact that our email policy is correctly configured.
However, some emails are failing the SPF check, which subsequently causes DMARC to fail. Since our DMARC policy is set to "reject," these emails are being rejected. Notably, when we resend the same email, it gets delivered successfully.
I have opened a support case with Microsoft, but so far, it hasn’t provided a resolution. We send our emails through a third-party hosted system, and as such, our MX record points to them. We have Enhanced Filtering configured, and everything has been working fine since 2018. These issues only started occurring around October 20th—after your IPv6 changes were implemented.
Currently, we have not enabled IPv6 in our organization, nor do we have any plans to do so, as there is minimal IPv6 adoption in our region. From the extended reports in Exchange Online, it appears that our mail traffic is being processed by servers using IPv6 addresses owned by Microsoft. It seems that some DNS lookups performed by Exchange Online to verify our mail policy are being done using IPv6 exclusively. These IPv6 lookups return null responses from our SPF configuration, which only supports IPv4.
This aligns with our theory regarding the root cause of these errors. While I understand that Microsoft had good intentions in activating this change, it is currently having a negative impact on our email traffic. To address this, we have disabled IPv6 in our domains to opt out of this change, and I have received confirmation that we have successfully opted out. However, the issue persists.
