Hi Mailop, Below is a spoofed email; it fails SPF, has no DKIM, and fails the DMARC or the 5322.From address:
Received: from MW2NAM12HT207.eop-nam12.prod.protection.outlook.com (2603:10a6:6:2d::33) by DB7PR10MB1996.EURPRD10.PROD.OUTLOOK.COM with HTTPS via DB6PR07CA0023.EURPRD07.PROD.OUTLOOK.COM; Mon, 18 Nov 2019 16:51:15 +0000 Received: from MW2NAM12FT068.eop-nam12.prod.protection.outlook.com (10.13.180.52) by MW2NAM12HT207.eop-nam12.prod.protection.outlook.com (10.13.181.223) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.23; Mon, 18 Nov 2019 16:51:14 +0000 Authentication-Results: spf=fail (sender IP is 79.101.7.133) smtp.mailfrom=e.zulily.com; hotmail.com; dkim=none (message not signed) header.d=none;hotmail.com; dmarc=fail action=oreject header.from=ocadomail.com The DMARC policy of ocadomail.com has p=reject as policy, but Microsoft's EOP seems to have overruled this policy (see action=oreject) and delivered the email to the recipient anyway. I know ISPs can enforce a stricter policy (e.g. reject although policy is p=quarantine) but I don't often see ISPs applying a more lenient response than stated in the DMARC policy. I can think of one reason for doing so (user added the sender to his / her safe-sender list) and wanted to ask if you know of some other reasons? Thank you, Jon - - - - - Jon Burke Deliverability Consultant email jon.bu...@selligent.com<mailto:jon.bu...@selligent.com> mobile +44 7990 069 027 SELLIGENT MARKETING CLOUD CONSUMER-FIRST MARKETING www.selligent.com<http://www.selligent.com/> [cid:image001.png@01D59FA0.0DE28370]
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
