Tenant consolidation project moving to a new "greenfield" Office 365 Tenant:In one case, during a Power365 Integration Pro project with Day 2 ERS being utilized, the default @tenant.onmicrosoft.com Domain was used for the end-user’s Primary SMTP Reply Address. When a migrated/cutover user in the target tenant sends out a message to an external domain where SPF Hard Fail is enabled, the message may be rejected because @tenant.onmicrosoft.com Domain’s SPF record does not include the Power365 ERS Relay Server’s IPs in their record chain.
The following steps must be done on both source and target Accepted Domain DNS records.
How to add an SPF record: https://www.dmarcanalyzer.com/spf/how-to-create-an-spf-txt-record/
An SPF record is added to your domain's DNS zone file as a TXT record and it identifies authorized SMTP servers for your domain.
TXT @ "v=spf1 a include:spf.power365.quest.com ~all"
The following table provides an explanation of the various components of the Example SPF Record:
TXT The DNS zone record type; SPF records are written as TXT records
@ In a DNS file, the "@" symbol is a placeholder used to represent "the current domain"
v=spf1 Identifies the TXT record as an SPF record, utilizing SPF Version 1
a Authorizes the host(s) identified in the domain's A record(s) to send e-mail
include: Authorizes mail to be sent on behalf of the domain from google.com
~all Denotes that this list is all inclusive, and no other servers are allowed to send e-mail