Mails from Communication Service are quarantined

Mathias Indermuehle 1 Reputation point
2024-09-03T06:14:20.0233333+00:00

I setup an Azure Communication Service, Mail and Custom Domain.
My Custom Domain is validated and I created all the records that are necessary.

E-Mails send trough the interface still get quarantined by Microsofts own Office365 services.

MX Records:
One thing that gets flagged is the missing MX record
"We didn't find a mail server (MX Record) behind your domain name". This is true, Communication Services doesn't not give me any hint on how to configure the MX record to work with bounced messages etc. I don't have a SNMP service on that domain. How does one resolve this?

Your reverse DNS does not match with your sending domain:
Maybe this is an issue only on the ACS switzerland?
Your IP address xx.xx.xx.xx is associated with the domain mail-switzerlandnorthazacs10210016.outbound.protection.outlook.com.

Nevertheless your message appears to be sent from ZRAP278CU002.outbound.protection.outlook.com.

DKIM Authenticated:
DKIM Signature Body Hash Verified
Body Hash Did Not Verify

I have seen:
https://video2.skills-academy.com/en-us/answers/questions/1183905/azure-communication-service-give-error-the-specifi
https://video2.skills-academy.com/en-us/answers/questions/1473092/emails-from-my-custom-domain-xxxxx-global-ends-up
https://video2.skills-academy.com/en-us/answers/questions/1726247/azure-email-communication-service-can-not-verify-m

Services I used:
https://www.mail-tester.com/
https://mxtoolbox.com/

Azure Communication Services
Azure Communication Services
An Azure communication platform for deploying applications across devices and platforms.
847 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. brtrach-MSFT 16,121 Reputation points Microsoft Employee
    2024-09-04T07:02:36.94+00:00

    @Mathias Indermuehle I can see three items that might be causing issues here.

    1. MX Records

    Azure Communication Services typically don’t require an MX record for sending emails, as MX records are used for receiving emails. However, if you’re getting flagged for missing MX records, it might be due to how Office 365 is interpreting your domain setup.

    To resolve this:

    • Set up a basic MX record: Even if you don’t have a mail server, you can set up an MX record pointing to a non-existent mail server to satisfy the requirement. For example:
    yourdomain.com.  3600  IN  MX  10  mail.yourdomain.com.

    This won’t affect your ACS email sending but will help pass the MX record check.

    1. Reverse DNS and Sending Domain Mismatch

    The mismatch between your reverse DNS and sending domain can cause emails to be flagged as spam. This is a common issue with shared IP addresses.

    To address this:

    • Ensure your reverse DNS matches your sending domain: You might need to contact Azure support to configure the reverse DNS settings correctly. The reverse DNS should point to the same domain as your sending domain.
    1. DKIM Authentication

    DKIM (DomainKeys Identified Mail) is crucial for email authentication. The issue you’re facing with the DKIM body hash not verifying could be due to incorrect DKIM setup or email body modifications.

    To fix this:

    • Verify DKIM setup: Ensure that your DKIM records are correctly set up in your DNS. You can use tools like MXToolbox to verify your DKIM records.
    • Check email content: Ensure that the email content isn’t being modified after DKIM signing. This can happen if intermediate servers alter the email. 1. MX Records Azure Communication Services typically don’t require an MX record for sending emails, as MX records are used for receiving emails. However, if you’re getting flagged for missing MX records, it might be due to how Office 365 is interpreting your domain setup. To resolve this:
      • Set up a basic MX record: Even if you don’t have a mail server, you can set up an MX record pointing to a non-existent mail server to satisfy the requirement. For example:
           yourdomain.com.  3600  IN  MX  10  mail.yourdomain.com.
      This won’t affect your ACS email sending but will help pass the MX record check. 2. Reverse DNS and Sending Domain Mismatch The mismatch between your reverse DNS and sending domain can cause emails to be flagged as spam. This is a common issue with shared IP addresses. To address this:
      • Ensure your reverse DNS matches your sending domain: You might need to contact Azure support to configure the reverse DNS settings correctly. The reverse DNS should point to the same domain as your sending domain.
      3. DKIM Authentication DKIM (DomainKeys Identified Mail) is crucial for email authentication. The issue you’re facing with the DKIM body hash not verifying could be due to incorrect DKIM setup or email body modifications. To fix this:
      • Verify DKIM setup: Ensure that your DKIM records are correctly set up in your DNS. You can use tools like MXToolbox to verify your DKIM records.
      • Check email content: Ensure that the email content isn’t being modified after DKIM signing. This can happen if intermediate servers alter the email.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.