Anyone know why Sender ID rejects messages from an outside company that has permission to use our domain?
Currently our SPF record looks like this-
v=spf1 ip4:(Public IP) mx:mail.mycompany.com a:mycompany.com mx:allowedcompany.com include:allowedcompany.com -all
From what I understand, this should:
-Allow my domain's mail exchanging server as a permitted sender.
-Check IP of sender matches our A record.
-Allows allowedcompany.com 's mail exchanging server as a permitted sender.
-Does a pass fail check of allowedcompany.com 's spf record.
Allowedcompany.com does have an spf record that is correct, so it would seem that the inlcude here is redundant if it checks the mx record of allowedcompany.com.
Either way, when allowedcompany.com sends mail using our domain name in the sender field of the header and not the envelope, a test email to gmail passes spf check as permitted sender. However, when the same kind of email is sent to our exchange using our domain name in the header (not envelope), Sender ID rejects it. In this case I added allowedcompany.com to the Sender ID config domains to bypass Sender ID, but this did not allow the message through either. All cases gave "RejectMessage,550 5.7.1 Sender ID (PRA) Not Permitted,Fail_NotPermitted." We also tried a rule to bypass anti spam when the domain of the sender is allowedcompany.com in the envelope, but this did not work either.
Any help is appreciated.