Email abuse reports for outbound.protection.outlook.com

email spf dmarc

5,451

Not much you can do, Microsoft does not use SPF and DMARC to reject, only mark the Spam Confidence Level accordingly and lets the customer decide.

You could message @tzink7 on twitter, he should know, but this is an old post and I doubt they fixed it yet. https://blogs.msdn.microsoft.com/tzink/2015/01/09/an-update-on-dkim-on-ipv4-and-dmarc-in-office-365/

Essentially, O365 breaks email authentication (DMARC, DKIM, SPF, SPF, SPF, SPF)

5,451

CamaroSS

Beginner . . .

Updated on September 18, 2022

Comments

CamaroSS almost 2 years

I've recently set up a DMARC record for my domain and now I'm receiving email abuse reports from hotmail.com that state:

This is an email abuse report for an email message received from IP 104.47.126.207 on Sun, 14 Feb 2016 07:20:43 -0800. The message below did not meet the sending domain's authentication policy.

104.47.126.207 resolves to mail-pu1apc01hn0248.outbound.protection.outlook.com

My SPF record is

v=spf1 ip4:{my MX IP} -all

So what does it mean? Does Hotmail try to relay an E-mail in some way? Should I worry about it?

It also states that both SPF and DKIM checks have failed

Authentication-Results: hotmail.com; spf=fail (sender IP is 104.47.126.207; identity alignment result is pass and alignment mode is relaxed) [email protected]; dkim=fail (identity alignment result is pass and alignment mode is relaxed) header.d=domain.com; x-hmca=fail [email protected]

UPDATE

An e-mail attached to the abuse report is an automated notification to the customer that MUST be sent from my server.

UPDATE

These are the Received headers from the attached e-mail

Received: from APC01-PU1-obe.outbound.protection.outlook.com ([104.47.126.228]) by COL004-MC5F8.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143); Sun, 14 Feb 2016 06:00:47 -0800

Received: from HK2PR03CA0006.apcprd03.prod.outlook.com (10.165.52.16) by HKXPR03MB0568.apcprd03.prod.outlook.com (10.161.50.18) with Microsoft SMTP Server (TLS) id 15.1.403.16; Sun, 14 Feb 2016 14:00:43 +0000

Received: from PU1APC01FT034.eop-APC01.prod.protection.outlook.com (2a01:111:f400:7ebd::208) by HK2PR03CA0006.outlook.office365.com (2a01:111:e400:78f7::16) with Microsoft SMTP Server (TLS) id 15.1.409.15 via Frontend Transport; Sun, 14 Feb 2016 14:00:43 +0000

Received: from BLU004-MC1F25.hotmail.com (10.152.252.54) by PU1APC01FT034.mail.protection.outlook.com (10.152.252.218) with Microsoft SMTP Server (TLS) id 15.1.415.6 via Frontend Transport; Sun, 14 Feb 2016 14:00:41 +0000

Received: from domain.com ([{my MX IP}]) by BLU004-MC1F25.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143); Sun, 14 Feb 2016 06:00:38 -0800
- Michael Hampton over 8 years
  
  Do you use Office 365?
- CamaroSS over 8 years
  
  @Michael Hampton, no, and an e-mail attached to the abuse report is an automated notification to the customer that MUST be sent from my server. I've updated the question with "Received" headers from the e-mail. It shows that the message did originate from my server.
- Michael Hampton over 8 years
  
  Maybe your recipient is forwarding their mail somewhere?
- CamaroSS over 8 years
  
  It might be possible. I've changed the SPF policy to ~all instead of -all, maybe it would help in such case.
- Michael Hampton over 8 years
  
  Yes, but it makes your SPF policy useless.
- CamaroSS over 8 years
  
  Not quite, the tilde rule will result in a softfail which may be a classifying factor.