The following articles were included in our Exchange Messaging Outlook (EMO) newsletter published on August 17, 2023.
EMO is a weekly publication. To receive your own copy of EMO by email, subscribe here.
Support Exchange Messaging Outlook Sponsors
Increase Your Productivity!
ReliefJet Essentials for Outlook is a set of more than 160 tools for performing a wide range of tasks in Outlook: processing email messages, contacts, appointments, meetings, tasks and other Outlook items.
Today's Highlights »
- Sender must authenticate with at least one of SPF or DKIM
- Microsoft wants to access your Google Account
- Run New Outlook when Windows boots
- Automatically Choose the Previous Message
- Outlook 2013 and OneNote on Surface RT
Sender must authenticate with at least one of SPF or DKIM
I'm seeing a lot of users complaining their messages are being rejected by Gmail.
"We have an outlook.com personalized address. Our email is rejected by any @gmail.com account. The bounce messages says that we need to authenticate our emails using either an SPF or DKIM record."
Google is rejecting mail from domains that do not have an SPF (Sender Policy Framework) record.
The solution: add an SPF record to your DNS records. You can expect many mail hosts to follow suit in the coming months, so its a matter of time before all domains will need to have these records.
An SPF record is a simple text record added to the DNS records that tells the recipient server which servers the sending domain is authorized to send from. This is intended to prevent spoofing, where the spammer fakes the Mail From address. (Bounces and some autoreplies go to this address.)
For Outlook.com personalized domains or accounts created under one of the older defunct custom domain programs, use the following as your SPF record.
It applies to the domain root, and depending on how your DNS references the root, you would enter @ as the name or the domain name. Use this as the Data or Value:
v=spf1 include:outlook.com -all
Using "-all" (dash All) indicates messages sent by your domain from other servers should be marked Fail and rejected. Use "~all" (tilde All) for a SoftFail – this indicates servers should accept the message and mark it as spam.
A DMARC (Domain-based Message Authentication, Reporting, and Conformance) record checks the From address and verifies it was sent from the domain's authorized servers.
Like SPF, a DMARC record is a TXT record in your DNS.
Use _dmarc as the name and v=DMARC1; p=quarantine as the data.
The options for p (policy) are none, quarantine, and reject. Using none means the server doesn't restrict unauthenticated email. Using quarantine tells the server to mark the messages as spam, delivering them to the junk mail folder or quarantine. Reject will reject the message if it does not pass authentication.
The bounce messages mention DKIM. Don't worry about DKIM (DomainKeys Identified Mail) - that is a certificate and public key authentication. You won't be able to configure it with outlook.com custom domains, but it won't be a problem as long as you have at least an SPF record.
You can verify your SPF and DMARC records are correct at mxtoolbox.com. Enter your domain name and click the MX lookup button to see your MX server name. This should be what you use in the SPF record. Then choose SPF Lookup or DMARC Lookup from the menu. It will let you know if your entries are missing or incorrect.
Microsoft has technical articles here. While they are specific to Microsoft 365 Business Tenants, they contain technical information about SPF, DKIM, and DMARC.
Email authentication in Microsoft 365 | Microsoft Learn
Microsoft began honoring the sender's DMARC policy setting for messages sent to Outlook.com addresses (including Hotmail, live, and msn, plus all custom domains) in July. Business tenants can set their own policy, but the default honor's the sender's DMARC policy.
More information is here: Announcing New DMARC Policy Handling Defaults for Enhanced Email Security
Microsoft wants to access your Google Account
I've had several questions this week from Gmail users asking about the dialog that comes up asking to allow Microsoft to access to their account. One user thought it would allow Microsoft to generate and send messages from their account and arbitrarily delete emails without their knowledge. (Adding a Yahoo account to Outlook 365 will trigger a similar dialog.)
The dialog is the result of oAuth2 support for the accounts. Microsoft connects to the mailbox using the Gmail API and that dialog is required by Google when any app, not just Outlook, accesses one of the services in the account.
Outlook will not do anything in the account without your knowledge and if it arbitrarily deletes email from your account, it’s not intentional - its a really nasty bug. Outlook for Windows accesses mail folders only, while New Outlook (Pre), Outlook for Mac, Outlook mobile, and Windows Mail also access calendar and contacts.
All software that accesses a Google account using oAuth2 and Gmail API is required by Google to display that message – it's a general message that any service accessing Gmail using oAuth2 authentication will see.
If you don't allow access, you will not be able to add the account to Outlook as an IMAP account. You can add the account to Outlook as a POP3 account but will need to enable 2 step verification and use an app password in Outlook. Remember: POP3 only downloads the Inbox.
Google has this article for developers over what they must ask permission to access, it's under the Gmail api heading at OAuth API verification FAQs
This article lists all the things any app must ask permission for: Gmail API
I don't have links for Yahoo's requirements for third party developers, but it’s the same situation as with Google – you need to give permission if you want to add the account to Outlook. It's not nefarious on the part of Microsoft, its required by Yahoo.
Run New Outlook when Windows boots
A user has two asks: how to enable New Outlook for Windows to run automatically when he boots the computer. He'd also like to receive notifications when New Outlook is closed.
Fixing the start up problem is easy: create a shortcut and put it in start-up folder.
To create the shortcut, pin Outlook Pre icon to the start menu then drag it from the start menu to the desktop. Copy the desktop shortcut to the clipboard.
Next, open File Explorer and type shell:startup in the address bar and press Enter.
Paste the shortcut in the folder.
On my computer, New Outlook is the last app loaded after rebooting.
Notifications are a bigger problem. New Outlook will need to be running to sync mail and get notifications. But you can hide the app when it's minimized so it's out of the way. Right-click on the Pre icon in the notification tray area and choose Minimize
Keep in mind that the New Outlook is a beta app and they are always adding new features to it. Eventually, it might run a small stub as Windows Mail does now so you can receive notifications.
Automatically Choose the Previous Message
One more user question: how to move the selection up the message list after deleting a message. Currently, the next selected message is an older one. The user wants a newer message selected.
This is an easy fix: In File > Options > Mail - at the very bottom, set the option for After Moving or Deleting to Open Previous item. This will select the previous message when you delete the selected message. Choose Open Next item if you want to move down the list after deleting a message.
This setting always moves the selection up the list (the sort order does not matter) - if you want to move down the list choose the option to Open next item.
Outlook 2013 and OneNote on Surface RT
Users with a Surface RT and Outlook 2013 – yes, more than one person is still using their RT - ran into a problem after a recent security update was installed. Outlook 2013 and OneNote won't start, the error message says Windows can't verify the digital signature for the file.
We believe Security update for Outlook 2013: August 8, 2023 (KB5002449) is the cause (but cannot uninstall it on the surface RT to confirm.)
The lifecycle for both Windows RT and Office 2013 RT ended earlier this year, but both Outlook and OneNote worked fine before the update was installed, Microsoft needs to fix it – either fix the update or remove it.
New & Updated Microsoft 365 & Exchange Server Support Articles
Considerations for server-side Automation of Office
Describes problems when using server-side Automation of Office and offers alternatives to Automation that can speed performance.
Chinese coded characters aren't supported in Exchange Admin Center
DST settings are inaccurate after an OS update
Enable support for AES256-CBC-encrypted content in Exchange Server August 2023 SU
External email address field doesn't display the correct username
Microsoft Exchange replication service repeatedly stops responding
OWA redirection and SSL offloading fail after you install an Exchange Server service pack
Resolves an issue in Exchange Server 2010 and Exchange Server 2007 in which users receive a "403 Forbidden" error when they try to connect to OWA.
Users in an Exchange Online Protection environment receive NDRs when they send mail to a recipient environment that uses UCEPROTECT for mail security
Describes a scenario in which users in an Exchange Online Protection environment receive an NDR when they send mail to a recipient whose messaging environment uses the UCEPROTECT service for mail security.
A room or room list disappears in Scheduling Assistant when you create a meeting in Exchange Online
Describes a Scheduling Assistant issue that occurs when you create a meeting in Office 365 or Exchange Online. Specifically, a room or room list disappears unexpectedly.
New & Updated Outlook Support Articles
How to deploy junk email settings, such as the Safe Senders list, by using Group Policy
Considerations for server-side Automation of Office
Describes problems when using server-side Automation of Office and offers alternatives to Automation that can speed performance.
Administering the offline address book in Outlook
Describes the offline address book in Microsoft Outlook. Explains how to download, update, and configure it.
August 2023 updates for Microsoft Office
Description of the security update for Outlook 2013: August 8, 2023 (KB5002449)
Description of the security update for Outlook 2016: August 8, 2023 (KB5002459)
Other Resources
Open Outlook Folders using PowerShell or VBScript
How to use PowerShell or VBScript scripts to open an Outlook for Windows folder.