We have an on-premise Exchange 2016 server. Mail flow is normal. However, recently we started using a 3rd party email service to send out our newsletters (Klaviyo). When we send out campaigns our Exchange server is rejecting the emails that are being sent to our own domain. This is what I see in our Exchange logs.
{[{LED=550 5.7.1 Send ID (PRA) Not permitted};{MSG=};{FQDN=};{IP=192.xxx.xxx.xxx};{LRT=}]}
I have an SPF record set up, however, Kalviyo uses dynamic IPs and I can't add them to the SPF record. They are sending from send.ourdomain.com. It's possible my SPF record is incorrect.
v=spf1 ip4:xxx.xxx.xxx.xxx ip4:xxx.xxx.xxx.xxx include:servers.mcsv.net -all include:send.ourdomain.com -all
I didn't set up the Exchange server, so I don't know if the issue is with an Exchange setting, or with our SPF record.
Where are all the places I need to look that would be able to create this reject error so I can resolve this issue?