quick googling:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dmarc-to-validate-email#inbounddmarcfail How Office 365 handles inbound email that fails DMARC If the DMARC policy of the sending server is p=reject, EOP marks the message as spam instead of rejecting it. In other words, for inbound email, Office 365 treats p=reject and p=quarantine the same way. Office 365 is configured like this because some legitimate email may fail DMARC. For example, a message might fail DMARC if it is sent to a mailing list that then relays the message to all list participants. If Office 365 rejected these messages, people could lose legitimate email and have no way to retrieve it. Instead, these messages will still fail DMARC but they will be marked as spam and not rejected. If desired, users can still get these messages in their inbox through these methods: * Users add safe senders individually by using their email client * Administrators create an Exchange mail flow rule (also known as a transport rule) for all users that allows messages for those particular senders. 20.11.2019 16:17, Jon Burke via mailop пишет: > > Hi Mailop, > > > > Below is a spoofed email; it fails SPF, has no DKIM, and fails the > DMARC or the 5322.From address: > > > > /Received: from MW2NAM12HT207.eop-nam12.prod.protection.outlook.com > (2603:10a6:6:2d::33) by DB7PR10MB1996.EURPRD10.PROD.OUTLOOK.COM with > HTTPS via DB6PR07CA0023.EURPRD07.PROD.OUTLOOK.COM; Mon, 18 Nov 2019 > 16:51:15 +0000 Received: from > MW2NAM12FT068.eop-nam12.prod.protection.outlook.com (10.13.180.52) by > MW2NAM12HT207.eop-nam12.prod.protection.outlook.com (10.13.181.223) > with Microsoft SMTP Server (version=TLS1_2, > cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.23; Mon, > 18 Nov 2019 16:51:14 +0000 *Authentication-Results: spf=fail (sender > IP is 79.101.7.133) smtp.mailfrom=e.zulily.com; hotmail.com; dkim=none > (message not signed) header.d=none;hotmail.com; dmarc=fail > action=oreject header.from=ocadomail.com*/// > > > > The DMARC policy of ocadomail.com has p=reject as policy, but > Microsoft’s EOP seems to have overruled this policy (see > action=oreject) and delivered the email to the recipient anyway. > > > > I know ISPs can enforce a stricter policy (e.g. reject although policy > is p=quarantine) but I don’t often see ISPs applying a more lenient > response than stated in the DMARC policy. I can think of one reason > for doing so (user added the sender to his / her safe-sender list) and > wanted to ask if you know of some other reasons? > > > > Thank you, > > > > Jon > > > > > > - - - - - > > *Jon Burke* > > Deliverability Consultant > > > > *email* jon.bu...@selligent.com <mailto:jon.bu...@selligent.com> > > *mobile * +44 7990 069 027 > > > > *SELLIGENT MARKETING CLOUD* > > CONSUMER-FIRST MARKETING > > www.selligent.com <http://www.selligent.com/> > > > > > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Vladimir Dubrovin @ mail.ru
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
