Update on Nov 3, 2017 - See A second update on the problem of email forwarding in Office 365
Well over a year ago, I wrote the following blog post: Why does my email from Facebook, that I forward from my outlook.com account, get rejected?
It's a very popular blog post, it gets more comment than almost any other post that I have written. The overwhelming majority of comments asks the question: "When will this be fixed?"
Now, I can't comment on these types of things for two reasons:
- We have hit problems many times when deploying this fix, so any time I would have announced something on this blog would have required a subsequent update
- I am not allowed to make public comments re: timelines for features and fixes that haven't been announced publicly on a feature roadmap that Microsoft has officially announced
We have had an internal timeline, however, and I've been tracking it closely.
But now, I have an update:
- In Office 365, we've deployed a fix such that if you use Exchange Transport Rules (ETRs) to forward or redirect a message to another destination mailbox, the original message format will be retained. This means that a forwarded or redirected message will retain its original DKIM signature and pass DKIM at the forwarded-to destination.I have personally tested this and can confirm that it works.
The more geeky explanation is that as long as the message has not yet undergone MIME-to-MAPI conversion, it will not have the message format modified such that DKIM breaks. So, there are other code paths that this works such as distribution lists (I've tested that, too). But I haven't tested everything, so I can't say what all works and what doesn't. I just know that ETRs that forward and redirect are the most common features where this breaks, and those seem to work okay at least when I try it.
- However, mailbox forwarding does not work - neither in Office 365 nor in Outlook.com. This means that if you have a mailbox rule that redirects to another mailbox, or you use the Mail settings > Options > Mail > Accounts > Forwarding, the original DKIM signature will be broken.
A workaround for this is to use mailbox rules to forward (I know, it's kind of confusing... sorry). Go into Mail settings (gear icon at the top right corner of Outlook.com web interface) > Options > Mail > Automatic processing > Inbox and sweep rules. Once there, create a rule to forward (not redirect) a message to another destination.Per the geeky explanation above, what's happening here is that the message hits the mailbox and therefore has undergone MIME-to-MAPI conversion, and then when forwarded it does MAPI-to-MIME. But this reconstructed message is not the same as the original.We still have to fix this part.
That's all for now.