Microsoft Office365 with IPv6 enabled bounces all comodo mail

How Can I Help Comodo? (Please We Need You!) Report Comodo Forum / Web Site Issues
1

I ran across a nasty issue with ipv6 and Comodo mail sent to Office365 with ipv6 switched enabled.

As it turns out, Microsoft requires mail senders who deliver mail over ipv6, to comply with the M3aawg best practice / (strong recommendation) to use SPF and DKIM with ipv6

From Microsoft:

" Office 365 conforms with the Messaging, Mobile and Malware Working Group’s (M3AAWG) recommendations for receivers over IPv6:

Senders over IPv6 must pass two conditions:

[ol]- 1.The sending IPv6 address must have a PTR record. If it does not, the service will reject the message with the permanent reject error:450 5.7.1 Service unavailable, sending IPv6 address [$SenderIPAddress] must have reverse DNS record.

  • 2.The sending email must pass SPF or DKIM verification. If it does not, the service will reject the message with the permanent reject error:450 5.7.1 Service unavailable, message sent over IPv6 must pass either SPF or DKIM validation.[/ol]

Sofar so good.
However.
Microsoft decided to require SPF AND DKIM . But Comodo has only implemented SPF.
Result: email sent by comodo to Office365 instances with ipv6 enabled, Bounces !

2017-04-16 13:48:25.785624500 delivery 78916: deferral: 
450_4.7.26_Service_does_not_accept_messages_sent_over_IPv6 
_[2a02:1788:402:1c88::c0a8:88cc]_unless_they_pass_either_SPF_or_DKIM_validation
_(message_not_signed)_[DB5EUR01FT015.eop-EUR01.prod.protection.outlook.com]/
 2017-04-16 13:53:51.994773500 starting delivery 79209: msg 657905 to remote xxxx@dinl.nl

Comodo support says: “I suggest to whitelist comodo domains”.
My answer: that is not whitelisting, that is deliberately switching off a good security recommendation, which has been thought out for a very good reasons

Apparently not too many Office365 instances with ipv6 switched on use comodo.
Complication is that I didn’t know why I did not receive Comodo mails, until I asked their support to send me their relevant log entries. This was not obvious

My suggestion to Comodo: Please follow the M3aawg recommendation, enable DKIM. It is a good security standard, nothing redundant about it. Otherwise more and more Office365 users (instances) will not be able to use Comodo.