From: New York
There is some good information in this thread; however, I have a problem with the answer. While I agree that making a change for one customer is a bit drastic and [in most cases] unacceptable, let's look at ALL the facts, before we discard the problem to just one customer.
I came upon this thread, because I, too, am experiencing this problem. In reviewing the logs for my personal Exchange server, after realizing that I'm not receiving messages from my corporate server, I found that I'm not only rejecting messages from work, but also many sub-domains from companies like Chase, Citibank, Toys R Us, Macys, Home Depot and even Microsoft. Could these sub-domains be suspect? Sure. However...
In examining my corporate systems' SPF record, everything looks in tact. The messages are coming from a host that correctly resolves to one of our MX records. (The SPF record includes mx, two a: entries, a bunch of ip4: entries, an include: entry and ends in "-all.") Everything in the SPF record says that the host matches the Sender ID filtering query, so the messages should be accepted. (Granted, I have not performed the same level of troubleshooting for all affected domains.)
I suspect that there is a bug in the Sender ID implementation of Exchange 2007, but - of course - I have no way to confirm this.
Everyone seems to think that the simple solution is to simply disable Sender ID filtering. Because, in my case, it's not just one "customer" that is being rejected, I'm actually considering this course of action. However, what, exactly, will I lose by disabling the filter? After all, it was implemented for a reason.
Can anyone help? I'd greatly appreciate any input.