If there is an externally hosted distribution list (listserv) that sends message addressed as From our users, what is the easiest way to get those messages to bypass the anti-spoofing policy?
If the messages will have your users' email addresses as the From address, the best way to allow this would be an Anti-Spoofing bypass based on either SPF record or IP.
If the listserv provider has an SPF record published for their domain that includes all of their sending IP ranges, you can simply create an Anti-Spoofing SPF based Bypass using the vendor's SPF record:
Anti-Spoofing SPF Based Bypass
If the provider does not have an SPF record that includes all of their sending IP ranges, you can request a list of IP ranges from the provider, and apply them to an Anti-Spoofing policy set to Take No Action. The below KB article covers how to accomplish this in the Create an Anti-Spoofing Policy to Allow Spoofing Based on IP section:
Does this answer your question?
Retrieving data ...