I did. The ListServ is on a subdomain.  I pointed to include:spf.protection.outlook.com. He said: 
"that is what we have for our (topleveldomain) SPF records, but the IP records contained in the spf.protection.outlook.com records do not contain the Microsoft production servers."

It doesn't seem like it should be this difficult... 
But maybe this is why Lsoft wrote the article with this as a potential solution:
" The solution is to use the Microsoft SMTPSVC mailer on the LISTSERV machine in a slightly different manner than described above and let SMTPSVC do the necessary authentication so that the email will be accepted by the Exchange Online server and forwarded on to wherever it needs to go."

Krista Landon

On Mon, Apr 4, 2022 at 1:33 PM Ricardo Stella <[log in to unmask]> wrote:

Sends this to your admin?

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing?view=o365-worldwide

On Mon, Apr 4, 2022 at 1:26 PM Krista <[log in to unmask]> wrote:
The admin tells me:
"As to fix the SPF signature and alignment settings we will need to add all Microsoft production server IPs ( because this will keep changing ). And Microsoft will not make that list available to us."

"It is going to multiple MTAs (Message transport agents). In this case it will start with the SMTP relay server which will forward the message to one or more of the Hybrid exchange servers before it is routed via a nated IP to Microsoft production servers where is will be inspected by EOP"

On Mon, Apr 4, 2022 at 1:10 PM Sunil Chauhan <[log in to unmask]> wrote:
The server which talking to eop should be on the spf.

If you listserv directly sending to eop, then the connecting up should be on spf.  Or route via the mailrelay which I believe would be already on spf.

On Mon, 4 Apr, 2022, 10:11 PM Krista, <[log in to unmask]> wrote:
Is this article still the most current on how to get ListServ to work with O365 and not have messages being sent go into Junk?

https://www.lsoft.com/news/techtipLSV-issue3-2015.asp

Our ListServ is running on Windows and is on the Intranet of our organization, which has switched to using O365 for email. We currently use an SMTP relay. Messages that go to external addresses are fine, as the ListServ's domain has an SPF record that contains the ESAs, but if a message comes From the organization's main domain, from O365 to the ListServ, and the subscribers have a mailbox on the org's main domain (in O365), the messages takes a direct route to the microsoft production server and EOP, so the SPF check fails, and ironically internal mail, going to the listserv, then sent back to internal mail, gets tossed into subscriber's junk folders.

I'm not an exchange server engineer/Office 365 admin/engineer. I'm just going based on what our engineer is telling me.

If anyone has more up to date suggestions on how to work with O365 (cloud) from an internal ListServ, please let me know.

Krista Landon



To unsubscribe from the LSTSRV-L list, click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1


To unsubscribe from the LSTSRV-L list, click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1


To unsubscribe from the LSTSRV-L list, click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1



--
°(((=((===°°°(((================================================

To unsubscribe from the LSTSRV-L list, click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1


To unsubscribe from the LSTSRV-L list, click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1