Email abuse reports for outbound.protection.outlook.com
Not much you can do, Microsoft does not use SPF and DMARC to reject, only mark the Spam Confidence Level accordingly and lets the customer decide.
You could message @tzink7 on twitter, he should know, but this is an old post and I doubt they fixed it yet. https://blogs.msdn.microsoft.com/tzink/2015/01/09/an-update-on-dkim-on-ipv4-and-dmarc-in-office-365/
Essentially, O365 breaks email authentication (DMARC, DKIM, SPF, SPF, SPF, SPF)
Related videos on Youtube
Comments
-
CamaroSS almost 2 years
I've recently set up a DMARC record for my domain and now I'm receiving email abuse reports from hotmail.com that state:
This is an email abuse report for an email message received from IP 104.47.126.207 on Sun, 14 Feb 2016 07:20:43 -0800. The message below did not meet the sending domain's authentication policy.
104.47.126.207 resolves to mail-pu1apc01hn0248.outbound.protection.outlook.com
My SPF record is
v=spf1 ip4:{my MX IP} -all
So what does it mean? Does Hotmail try to relay an E-mail in some way? Should I worry about it?
It also states that both SPF and DKIM checks have failed
Authentication-Results: hotmail.com; spf=fail (sender IP is 104.47.126.207; identity alignment result is pass and alignment mode is relaxed) [email protected]; dkim=fail (identity alignment result is pass and alignment mode is relaxed) header.d=domain.com; x-hmca=fail [email protected]
UPDATE
An e-mail attached to the abuse report is an automated notification to the customer that MUST be sent from my server.
UPDATE
These are the Received headers from the attached e-mail
Received: from APC01-PU1-obe.outbound.protection.outlook.com ([104.47.126.228]) by COL004-MC5F8.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143); Sun, 14 Feb 2016 06:00:47 -0800
Received: from HK2PR03CA0006.apcprd03.prod.outlook.com (10.165.52.16) by HKXPR03MB0568.apcprd03.prod.outlook.com (10.161.50.18) with Microsoft SMTP Server (TLS) id 15.1.403.16; Sun, 14 Feb 2016 14:00:43 +0000
Received: from PU1APC01FT034.eop-APC01.prod.protection.outlook.com (2a01:111:f400:7ebd::208) by HK2PR03CA0006.outlook.office365.com (2a01:111:e400:78f7::16) with Microsoft SMTP Server (TLS) id 15.1.409.15 via Frontend Transport; Sun, 14 Feb 2016 14:00:43 +0000
Received: from BLU004-MC1F25.hotmail.com (10.152.252.54) by PU1APC01FT034.mail.protection.outlook.com (10.152.252.218) with Microsoft SMTP Server (TLS) id 15.1.415.6 via Frontend Transport; Sun, 14 Feb 2016 14:00:41 +0000
Received: from domain.com ([{my MX IP}]) by BLU004-MC1F25.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143); Sun, 14 Feb 2016 06:00:38 -0800
-
Michael Hampton over 8 yearsDo you use Office 365?
-
CamaroSS over 8 years@Michael Hampton, no, and an e-mail attached to the abuse report is an automated notification to the customer that MUST be sent from my server. I've updated the question with "Received" headers from the e-mail. It shows that the message did originate from my server.
-
Michael Hampton over 8 yearsMaybe your recipient is forwarding their mail somewhere?
-
CamaroSS over 8 yearsIt might be possible. I've changed the SPF policy to ~all instead of -all, maybe it would help in such case.
-
Michael Hampton over 8 yearsYes, but it makes your SPF policy useless.
-
CamaroSS over 8 yearsNot quite, the tilde rule will result in a softfail which may be a classifying factor.
-