ARC verification fail (40) on specific Exchange Online frontends - recurring issue

Hello,
We are observing recurring arc=fail (40) errors on messages forwarded through Exchange Online, caused by specific frontend servers. The same messages pass ARC verification correctly on other providers (Google, etc.).

Affected frontends identified so far:

• CH2PEPF0000013F.namprd02.prod.outlook.com - build 15.20.9700.17 (March 14, 2026)
• CH3PEPF0000000B.namprd04.prod.outlook.com - build 15.20.9769.17 (April 6, 2026)

Both share the same build suffix .17. The signing implementation on our side has been cryptographically verified as correct and RFC 6376 compliant. The issue has also been reported on the IETF ietf-smtp mailing list with full technical analysis.
Cryptographic analysis shows the failing servers append a spurious trailing \r\n to the last header before computing the verification hash, violating RFC 6376 Section 3.7.

Is there a pattern with .17 frontend builds and ARC verification?

Reagards
Vittorio