Home

Spoofed email from @micrsoft.com landed in my VP's inbox.

%3CLINGO-SUB%20id%3D%22lingo-sub-214118%22%20slang%3D%22en-US%22%3ESpoofed%20email%20from%20%40micrsoft.com%20landed%20in%20my%20VP's%20inbox.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-214118%22%20slang%3D%22en-US%22%3E%3CP%3ESpoofed%20email%20from%20%40micrsoft.com%20landed%20in%20my%20VP's%20inbox.%20How%3F%26nbsp%3BHeaders%20indicate%20dmarc%20failure%2C%20but%20Microsoft's%20Reject%20Policy%20was%20not%20respected%20by%20their%20own%20servers%2C%20then%20the%20mail%20was%20delivered%20directly%20to%20the%20inbox.%20He%20had%20an%20aneurysm.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHeaders%20below%20if%20anyone%20cares%20to%20help%20me%20figure%20out%20why%20it%20did%20not%20get%20rejected%20per%20Microsoft's%20DMARC%20Policy.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EReceived%3A%20from%20DM5PR04MB0954.namprd04.prod.outlook.com%20(2603%3A10b6%3A910%3A4f%3A%3A15)%3CBR%20%2F%3Eby%20CY4PR04MB0952.namprd04.prod.outlook.com%20with%20HTTPS%20via%3CBR%20%2F%3ECY4PR04CA0050.NAMPRD04.PROD.OUTLOOK.COM%3B%20Tue%2C%2010%20Jul%202018%2017%3A42%3A15%20%2B0000%3CBR%20%2F%3EReceived%3A%20from%20SN4PR0401CA0040.namprd04.prod.outlook.com%3CBR%20%2F%3E(2603%3A10b6%3A803%3A2a%3A%3A26)%20by%20DM5PR04MB0954.namprd04.prod.outlook.com%3CBR%20%2F%3E(2603%3A10b6%3A4%3A43%3A%3A30)%20with%20Microsoft%20SMTP%20Server%20(version%3DTLS1_2%2C%3CBR%20%2F%3Ecipher%3DTLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)%20id%2015.20.930.20%3B%20Tue%2C%2010%20Jul%3CBR%20%2F%3E2018%2017%3A42%3A13%20%2B0000%3CBR%20%2F%3EReceived%3A%20from%20SN1NAM01FT051.eop-nam01.prod.protection.outlook.com%3CBR%20%2F%3E(2a01%3A111%3Af400%3A7e40%3A%3A207)%20by%20SN4PR0401CA0040.outlook.office365.com%3CBR%20%2F%3E(2603%3A10b6%3A803%3A2a%3A%3A26)%20with%20Microsoft%20SMTP%20Server%20(version%3DTLS1_2%2C%3CBR%20%2F%3Ecipher%3DTLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)%20id%2015.20.930.19%20via%20Frontend%3CBR%20%2F%3ETransport%3B%20Tue%2C%2010%20Jul%202018%2017%3A42%3A13%20%2B0000%3CBR%20%2F%3EAuthentication-Results%3A%20spf%3Dpass%20(sender%20IP%20is%20209.85.223.226)%3CBR%20%2F%3Esmtp.mailfrom%3Dkippahi.com%3B%20pepsicenter.com%3B%20dkim%3Dnone%20(message%20not%20signed)%3CBR%20%2F%3E%3CSTRONG%3Eheader.d%3Dnone%3Bpepsicenter.com%3B%20dmarc%3Dfail%20action%3Doreject%3C%2FSTRONG%3E%3CBR%20%2F%3E%3CSTRONG%3Eheader.from%3Dmicrosoft.com%3Bcompauth%3Dfail%20reason%3D000%3C%2FSTRONG%3E%3CBR%20%2F%3EReceived-SPF%3A%20Pass%20(protection.outlook.com%3A%20domain%20of%20kippahi.com%20designates%3CBR%20%2F%3E209.85.223.226%20as%20permitted%20sender)%20receiver%3Dprotection.outlook.com%3B%3CBR%20%2F%3Eclient-ip%3D209.85.223.226%3B%20helo%3Dmail-io0-f226.google.com%3B%3CBR%20%2F%3EReceived%3A%20from%20mail-io0-f226.google.com%20(209.85.223.226)%20by%3CBR%20%2F%3ESN1NAM01FT051.mail.protection.outlook.com%20(10.152.64.150)%20with%20Microsoft%20SMTP%3CBR%20%2F%3EServer%20(version%3DTLS1_2%2C%20cipher%3DTLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)%20id%3CBR%20%2F%3E15.20.906.15%20via%20Frontend%20Transport%3B%20Tue%2C%2010%20Jul%202018%2017%3A42%3A13%20%2B0000%3CBR%20%2F%3EReceived%3A%20by%20mail-io0-f226.google.com%20with%20SMTP%20id%20v26-v6so21140229iog.5%3CBR%20%2F%3Efor%20%3CREDACTED%3E%3B%20Tue%2C%2010%20Jul%202018%2010%3A42%3A13%20-0700%20(PDT)%3CBR%20%2F%3EX-Google-DKIM-Signature%3A%20v%3D1%3B%20a%3Drsa-sha256%3B%20c%3Drelaxed%2Frelaxed%3B%3CBR%20%2F%3Ed%3D1e100.net%3B%20s%3D20161025%3B%3CBR%20%2F%3Eh%3Dx-gm-message-state%3Adate%3Ato%3Afrom%3Asubject%3Amessage-id%3Amime-version%3B%3CBR%20%2F%3Ebh%3DLjzPhte3jTTasd9s0b5g%2BRnDnb8FSrwPVw6nM2MoQ6Y%3D%3B%3CBR%20%2F%3Eb%3DRQ2tRp9xXruud5Zvq5fOa9AhtPIZLW1Xy%2F7y0yRcRKo4pIHmkDk%2BBFnhfTnlslUEz7%3CBR%20%2F%3EJQJHL%2F5q2cRXeA1wUrZe5xsevqt%2BzRPrY2WvYGqCJrPejdIBHHsqL0ZP35UIZhtDEFfT%3CBR%20%2F%3EWhah9JGxloKvMbTyxYr18%2FZwnex4egeETvu1rzh1LKwubqmz12Fch4pIveqFo%2BcEJRwm%3CBR%20%2F%3EvRxsy7nzD%2B%2Fr5iC1eaoP%2F1bRv8afPdedS%2Bpv9guneaZO%2FyIdEECVMJLxKKth0xAJbkMS%3CBR%20%2F%3E7yVMRfZBLLnT2EWvPa0N0shb8tSOPQbxAVZBK0gnGEFBxSsvrvJfYoEuUNG57a%2F%2B7oXp%3CBR%20%2F%3EO04w%3D%3D%3CBR%20%2F%3EX-Gm-Message-State%3A%20AOUpUlENU4Bpn17a24pZlrvjEdDqPI%2BcPrTF33uUE4IeTkScTXjWeZWj%3CBR%20%2F%3EXDabCdCWbSWOV%2BzcO0SmAlm6fCeMMGz8kHGjt5hinCep3Rsv%3CBR%20%2F%3EX-Google-Smtp-Source%3A%20AAOMgpeedbERs3SiWWTUmYdeOsLwl8S1Y2hp%2BvZuYQnuPDzEt251Et9%2Fktc6JCU7B9%2BVM9WFvhNH29E3kR6V%3CBR%20%2F%3EX-Received%3A%20by%202002%3Aa6b%3Aa504%3A%3A%20with%20SMTP%20id%20o4-v6mr20289254ioe.95.1531244532626%3B%3CBR%20%2F%3ETue%2C%2010%20Jul%202018%2010%3A42%3A12%20-0700%20(PDT)%3CBR%20%2F%3EReturn-Path%3A%20postmaster%40kippahi.com%3CBR%20%2F%3EReceived%3A%20from%20box-codeanywhere%20(%5B40.69.186.165%5D)%3CBR%20%2F%3Eby%20smtp-relay.gmail.com%20with%20ESMTPS%20id%20r192-v6sm5339158ith.7.2018.07.10.10.42.12%3CBR%20%2F%3Efor%20%3CREDACTED%3E%3CBR%20%2F%3E(version%3DTLS1%20cipher%3DECDHE-RSA-AES128-SHA%20bits%3D128%2F128)%3B%3CBR%20%2F%3ETue%2C%2010%20Jul%202018%2010%3A42%3A12%20-0700%20(PDT)%3CBR%20%2F%3EX-Relaying-Domain%3A%20kippahi.com%3CBR%20%2F%3EDate%3A%20Tue%2C%2010%20Jul%202018%2008%3A42%3A12%20-0900%3CBR%20%2F%3ETo%3A%20%3CREDACTED%3E%3CBR%20%2F%3EFrom%3A%20Microsoft%20Support%20Team%20%3CBR%20%2F%3ESubject%3A%20We%20found%20request%20on%20your%20account%20on%20July%2010%2C%202018%2C%2008%3A42%20AM%3CBR%20%2F%3EMessage-ID%3A%20%26lt%3B1e012453220e87d1b731c5cb36c12c73%40box-codeanywhere%26gt%3B%3CBR%20%2F%3EX-Mailer%3A%20PHPMailer%205.2.23%20(%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FPHPMailer%2FPHPMailer%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FPHPMailer%2FPHPMailer%3C%2FA%3E)%3CBR%20%2F%3EContent-Type%3A%20multipart%2Falternative%3B%3CBR%20%2F%3Eboundary%3D%22b1_1e012453220e87d1b731c5cb36c12c73%22%3CBR%20%2F%3EX-MS-Exchange-Organization-ExpirationStartTime%3A%2010%20Jul%202018%2017%3A42%3A13.3597%3CBR%20%2F%3E(UTC)%3CBR%20%2F%3EX-MS-Exchange-Organization-ExpirationStartTimeReason%3A%20Original%20Submit%3CBR%20%2F%3EX-MS-Exchange-Organization-ExpirationInterval%3A%202%3A00%3A00%3A00.0000000%3CBR%20%2F%3EX-MS-Exchange-Organization-ExpirationIntervalReason%3A%20Original%20Submit%3CBR%20%2F%3EX-MS-Exchange-Organization-Network-Message-Id%3A%20f45ae646-b8b4-40a7-eb53-08d5e68c7875%3CBR%20%2F%3EX-EOPAttributedMessage%3A%200%3CBR%20%2F%3EX-EOPTenantAttributedMessage%3A%20ab6ed105-c086-4195-b560-55de99f5b299%3A0%3CBR%20%2F%3EX-MS-Exchange-Organization-MessageDirectionality%3A%20Incoming%3CBR%20%2F%3EX-Forefront-Antispam-Report%3A%20CIP%3A209.85.223.226%3BIPV%3ANLI%3BCTRY%3AUS%3BEFV%3ANLI%3BSFV%3ASPM%3BSFS%3A(10001)%3BDIR%3AINB%3BSFP%3A%3BSCL%3A5%3BSRVR%3ADM5PR04MB0954%3BH%3Amail-io0-f226.google.com%3BFPR%3A%3BSPF%3ANone%3BLANG%3Aen%3BCAT%3ASPM%3B%3CBR%20%2F%3EX-Microsoft-Exchange-Diagnostics%3A%201%3BSN1NAM01FT051%3B1%3AfOlgEliYVfvCZ5jT9EbSJTNxfL4QdoJD9S%2F1RbQrbK0RpOXL30%2BOUnfX4jR4eqibYsB0QpRNKB4Ll6gQ4CDdXJGY8KaCq5zDAyf5wOMXvgaQOHQJMQdMm0Aa87Ha7W2l%3CBR%20%2F%3EX-MS-Exchange-Organization-AuthSource%3A%20SN1NAM01FT051.eop-nam01.prod.protection.outlook.com%3CBR%20%2F%3EX-MS-Exchange-Organization-AuthAs%3A%20Anonymous%3CBR%20%2F%3EX-MS-PublicTrafficType%3A%20Email%3CBR%20%2F%3EX-MS-Office365-Filtering-Correlation-Id%3A%20f45ae646-b8b4-40a7-eb53-08d5e68c7875%3CBR%20%2F%3EX-Microsoft-Antispam%3A%20UriScan%3A%3BBCL%3A0%3BPCL%3A0%3BRULEID%3A(7020095)(4652040)(5600053)(711020)(4605076)(4612076)(4613076)(4614076)(1401180)(1403068)(71702078)%3BSRVR%3ADM5PR04MB0954%3B%3CBR%20%2F%3EX-Microsoft-Exchange-Diagnostics%3A%201%3BDM5PR04MB0954%3B3%3AVZrNMaHC0%2FBbcg%2BhNLW9MUS1MQ03nAjifoeKwgGOc2BjK4gn3hzBvF%2Ful5I%2B%2FoN3Sf2nlXZOMC7T76LvkzcBgjv6atL%2B4Zl8U36qWgKYQxe8%2FMcFPJ1CggeI59J%2Fxtf4xThh37Ue1uzSyGnRU1SVlZruZdQqaZnZccuTnVv40De1Wq1Dcm3CXe8TDB4DIYBGX7mr1jGxclTnmc4Ov4%2F8Px%2B0Zw%2BYAny8TNA3SnNwKr12K%2FNmy5INJVWGCiEoeLJy2a1X8CZhfyHS%2FKPPT81p5NSz3%2FhLF0IGVNzngGzprHuuxKC1rXJiLDu21%2FhwWrcxczNPS5g1tHSziS2eKBxxHWdB7j3rD1wi%2BIGN%2FYYbJRY%3D%3B25%3A%2FSCy5%2Bpw1KLoLPXhCqlfZ1PTXhLZEERU3DesuEnOksZal4yQhkUt69xfvQUTAhETT%2BybuOLdaYEgYxqhq30ASiSs4dePYXiQVgCWviEKecyqghSuAuQduY8vnJuwJ9uBDUJ592w9k%2FL%2F5a14%2BF%2BtxE4%2BaZ9GXprOeT528Tq0uAVLmTvAXdDOMjFN3BqvRnL4G%2Fi8htOIiL3Yrv7YbbAm8oPTefwwXcZ3KPqxZrU3F1f7Y9fieBhLz5XdupCDf%2Ffm%2F%2FozUJTBv7Hu93J%2FWThslN9DkvJUMCjWK5m%2FVTUJ1zRrxd5JnoWWg%2FA0QyE%2FTPMP%2FUq9dCgdrXqL9bZ7meLUtw%3D%3D%3CBR%20%2F%3EX-MS-TrafficTypeDiagnostic%3A%20DM5PR04MB0954%3A%3CBR%20%2F%3EX-MS-Exchange-AtpMessageProperties%3A%20sap%3D1%3Bslp%3D1%3B%3CBR%20%2F%3EX-Microsoft-Exchange-Diagnostics%3A%201%3BDM5PR04MB0954%3B31%3AC%2Bp3OLIi17Apzd7Hp5OskZrmwr2qHvEfgC8lliR5KqwRKNztmKp5MOsPIzHlCzeNCjraRnckFUDthwDMNoVv11XaK4tuWCkvKrOiuU26mlY7wHWLqh35JkPk8j7fhuw1vyr%2BXxqn8N26UdKxd5Wfce8PBwiXKVmUIOnrcTb5ugFEtO1XVW%2BHB2zV0T8WKZKR41ceHoCHSehm%2BQ8ByJVvl4NahcdZiIgVHdq5M%2BvRD4Q%3D%3B20%3A2RDuWZ82Ef7VKCrQt9px5s3qGDW350VermvzBCZtI8%2ByONuIyelylc3DnmuhlMG6%2FArJ0ZzxfkZBf7Gzw8ht3cbLwaFv%2BZtLFtu9eUQyP%2BaheU8Y3qe8pvGiIWRwCmj%2B1gmgh3M4fWKZcV%2F5v2Kodn949wggviVBATj9aWoP1%2BGReqLy5sjQmpLT17B%2BJFuCa3X21fqOw41r9ZbyNs90CoJH2cRRb0rdzlQt16J20Lel%2FL%2FurVvhoWgrGDLqtaSkl8aXRox8J%2FdceCQvYXKmsIdgVGJkso2r6erfFUJRqkfD1YL7Ouhtc%2BJUJxCSUPyYRMtNdsMZEN2QvQCw%2FDgaO6f5rVnLLAW%2Bm7KUA21HpJMsQyxxyiwqZ2H8AFhd%2BgPrqoVdPByMiNcEaRdktMmtsHcVodEA33vyt1ZJXoeLocaIY12iW37MTkjmjD43TmDVdV4YVLvycCkoG%2Bmt6k2DMN1JmGM0Xnf3xC3XB73%2BPu0Hc5O4M02LmNC06PjvxNMP%3CBR%20%2F%3EX-MS-Exchange-AntiPhishPolicyId%3A%20KSE%20Anti%20Spoof%3CBR%20%2F%3EX-Exchange-Antispam-Report-Test%3A%20UriScan%3A%3B%3CBR%20%2F%3EX-Exchange-Antispam-Report-CFA-Test%3A%20%3D%3Fus-ascii%3FQ%3FBCL%3A0%3BPCL%3A0%3BRULEID%3A(8211001083)(2018021200122)(2018011200283%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F)(2401047)(8121501046)(2018021201122)(2018011210174)(2018011%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F211064)(2018011212028)(2018011213028)(2018011214028)(2018011%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F215028)(2018011216028)(2018011217028)(2018011218028)(2018011%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F219092)(2018011220252)(2018011221063)(2018011222027)(2018011%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F223027)(2018011224027)(2018011225035)(2018011229035)(2018011%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F232269)(2018011233052)(2018021202149)(98810176)(98801176)(20%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F18021203149)(98815176)(98812176)(2018021210149)(201801124027%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F9)(1430482)(1431068)(1432130)(1440212)(1552081)(1560030)(155%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F7028)(823300264)(823350442)(823411253)(9101536074)(102015010%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F46)(3231311)(901025)(902075)(913088)(7045084)(944500087)(944%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F503075)(9300000150)(9301002111)(52103095)(52102095)(11171617%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F1)(52104123)(52105095)(52106170)(52401190)(52601095)(5260609%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F5)(52505095)(52406095)(52403095)(52301095)(52204095)(1102011%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F)(93006095)(93004095)(88839001)(88838384)(88841344)(88835096%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F)(3002001)(1610001)(8301001075)(8301002168)(8301003183)(8876%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F6976)(88801398)(98821027)(98822027)(88860193)(88861208)(8838%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F0075)(88381075)(88382106)(2018021211149)(2018011241182)(2018%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F020102067)(2018021213027)(201708071742011)(7699016)(76990205%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F)(7701012)%3BSRVR%3ADM5PR04MB0954%3BBCL%3A0%3BPCL%3A0%3BRULEID%3A%3BSRVR%3ADM5PR%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F04MB0954%3B%3F%3D%3CBR%20%2F%3EX-Microsoft-Exchange-Diagnostics%3A%201%3BDM5PR04MB0954%3B4%3AbCXgVALM2wk6t5ObIkSGslfyDZ%2BFjXU0aFnkI6rvEQn%2BwDUAfkx1uT75tT%2FOpKDOb%2FMNe%2BpyymJEEKlG6aogXKXOS4rq%2BXHejeB0tbPgmTayGiMEc5IEhdX4byYONDiKGaw2jRmS7Ct8cFuJwp%2BzyXEY5%2F0d44hWpxUN5ZxF0XBmB69zN0vbX79k5J%2B0gVUWC1tEiyZFC88McOirbB1HCbgBKpLq8%2FI5ifkYObbHJNEM5TWnr074ghD3I7jb8ItVhMSmENw2yiR1qphEnEBIEg%3D%3D%3B23%3AYAwZkQ7D1HjA5Ct%2B64PM7wuBk0xHgUfBmeapAbxM5s2kEmCDvo%2BelIfPuNZNxGli8VqSSqilYn%2FXgAX0tQYkP6kSh9b5EvjxGygX%2FLO%2Fba3DWaL1cJHnnjwkEJJJ5U5vfGOdua6gg6MDEg4Ez9U4edRFF4aL2j8M9lN%2BJ2GDlhly%2BHFw0LjyIXOGGO2rvzI%2F2qWc4y8hp7vEahqlsnQoLw%3D%3D%3CBR%20%2F%3EX-MS-Exchange-Organization-SCL%3A%205%3CBR%20%2F%3EX-Microsoft-Antispam-Message-Info%3A%20%3D%3Fus-ascii%3FQ%3FYXRs3La%2FgxgdzKew4r2d58mCX0AKdP1R1AiH4GHmr%2F%2Fz28i%2F42opq7BYKW3q%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FTBFYJNFizYoAGXjrZX91%2BKUfa29dT%2B7eAHlywqc4mre0JL%2F7cGaZaqiOvgFp%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FemS4p%2Br0%2FO0rHPW9cg58LcxxIO8G%2BcRBkz5LaDPxmlEWmubxc002Cv17Dzjt%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FVBr9KmPeF4VySbv2AJFJzZiLq1Vkakt0mrWPmhWQsbgDZ6winEyBybFSQqn7%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F20%2FpdGxOPgKneHthzWoMIiaYPi26R5iHBZaT8xoztmqlS%2F7Yjydq2qC2AT9a%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3F2tMBSRcA%2F3RLs6YPyw1c5SQ0ioEiM07w4BEV%2BAmJw%2BJ0TQC2tf3CNJ%2BXZ7hx%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FG2DZLu4brNMhclTEKu0TjeduBBmwV2QquNqoKb58%2BquTZ83uajAotj%2Fsf2UG%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FoxwsKk%2BDmDV0mJMC6ScrJMnpRZEKubbcoNuQ82Rn9KCHgomfhcV6QZ0oMCdq%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FDsjW%2BbxHaJLIvgebjoc4nWzlJ%2Fq35BbV%2FEnkd6Qd9%2FKEO%2FikEdYxZ12Hj%2Byp%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FNJTFHg9A3ZFGNKr30MRPVNZOF7TQn1DAKZKLRQaR96XBYZNWh7uFN7wNMKOK%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FRdUuWCSXHQzme8XF2oFolNHCwVaHb1BSKvczUcig6WRavFdM17izkzRDUQZ4%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FVAGAu5VDPpkBWmTJGhnj3W5h7YwvyARCqoinM79fv0UDNn%2BFGjDKR5RKIK80%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3Fgz47otFKFIMN6xDPBRb13tWPvrgDh1uXCvoQDkOkNkgUt4SY6ERlAetKCDHT%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FX2oiqu6my28uyeBT7rf0D85ba88iHrzm42V6hEjhkFdVvYx6Oh1eALEw9Egl%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FwHHEnGTEEFUcV53DSoEX%2B985dgxn9kEa3KqBtkfGeAckLOhlbURUbx6oRWXr%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3Fhyqvcx4RAFI3j%2B73H5rsBDjUYMngTdYDmSEHnet5BKz7kj0dEgx1ABPnwjkR%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FEZzPcVmdD8Ft%2FnD2VMa1WI7XWexdQdUID76DGoW08Xg7A3vNNHoJrUT1Zqp8%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FOusuRT%2BXW0avnTTB7yLz%2Fi7O%2FWS4uVXAWyt2iv8inqGgSe5jwEFiLwXDpqT3%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FhhRt7YAHOe9lSiJ9Fyw4b9xwNhp8tk82GjHxU2m8IlZGQzTe8Q1GvIbQZLpq%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3Fbt1HRF11NfK1tBuQ5Iytl7oF%2F4D6lUrp3937FPzntCAsyhMPRCy6hIUcoazD%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FQhpx%2F119XzEjOuNNnTjBkK06ZZJ2KQmRE7Jug2ZCaYVbSfVErJDrtgYUteRE%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FSpo4ujQz%2BMfxNXeDO1vN7TwRIKZEabRhsymLgLBz2rKZeGkiFs1ghoaKcKnr%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FBdpLIbQjRWGbgwUHo3U%2FUbMbnCPnyKnuoAgHxgiJmfaeBlczSZnqQ3aWHDRJ%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FJpQtHStmeH26Y4ndWm6%2BtFRqRFOr7eV%2FzovcryhV5iQpphscnomOGFFk85qn%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FbwfyYdLglDFsTU0ttY%2BQph7gxUnb7AJlzo7onV5GwwPoeDVIVrEjGGlPbFWi%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FglNcP0bRZjTt2a6njrJS6SMapqWjqvTlSTwTJ%2FdEIUd1K%2BR%2BZdn5XbSUIQ1o%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FMQMUTxRUCKPq4Vy29tyJAtW8k43Fvsn0%2FHsSy4Fntufgcdmskk8rUAWEffAR%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FlVd7mpXEES6aUvFqJ%2FiV%2BGs7kWC8VXIhODq%2BHEsl%2B41rbpardkdxl5ibZD7A%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3Fna67Y0DDTO7o7O8rqwH5jD7kfMx0LVKnltKT3bms0pZb5Fc4GSwYQRWqYK3f%3F%3D%3CBR%20%2F%3E%3D%3Fus-ascii%3FQ%3FLHGqOpvHWA%3D3D%3D3D%3F%3D%3CBR%20%2F%3EX-Microsoft-Exchange-Diagnostics%3A%201%3BDM5PR04MB0954%3B6%3A7BsXd6FCZ%2B6ETVOxdz2JjROKVhWBXN8Xtmu5ey8UTBjRB0T9kzPODgDe3xhCg%2FlYaSrMUbZiVvrRmaL73McWmAy7gkC3%2F1g8xm1gAHulKQorriGRZj6E9n7qGk932xgN8AQRDDYz0rlEd5NLuMMGaAKetFMDRzuA3vObJZLa2GVCG67HfL93vrXjOQjeoCeBu4lu1F0KH0XE1hI13GaAgw%2B1BhdDs95nHF%2B40mUL6jNkvQAy3rJXstXH13gBBNShoCt1pg5Y05afbBkaFaySOv3itfa6t%2FMuTcwJw49LVlEogQcVSMoGlpWnTzLM5%2Bijr67yWLQACegUBgen6Pefic7KUU4kfbqKrMUwvDrODCIytfaMw8vAb9e5X49A1XtJ%2BAEQsJvVbijUB8fJ49ykSIHogVrpcW2oYQRdDTkmhpy7Q%2FFVjt8McMYPFOOGJ5kjxPYJ5d5IFnEu%2FFIGHI3kowEjkC8u8wlKyPullUCgCnKyl9PVoORiJsaQtXhrJECm%3B5%3AoStqLP04wePddQfFLyyzLtNniuNRDYKQrkTKDGmZ61ZruDqcad2JomkqiwoRR0lg1JQtksHkvIrEhGRur4p2ReGySlAj8fsKfZP7Tj%2FXy5aiMBfKRPhWtmuWiRf%2FLi7j49eDqH1JgiexTYH2JGHaZGIzy6Oij7trx4oKMi4rwNg%3D%3B24%3AF19yLepqDJtW1Qq%2F2bKSvxfq2%2FO%2BGs%2FgQQtGqUjMP0kwUwFLejVqorGowR8E9ceIu%2BNLKey0qYgQsV0b41CQHw%3D%3D%3CBR%20%2F%3EX-MS-Exchange-Safelinks-Url-KeyVer%3A%201%3CBR%20%2F%3ESpamDiagnosticOutput%3A%201%3A13%3CBR%20%2F%3ESpamDiagnosticMetadata%3A%20Default%3CBR%20%2F%3EX-MS-Exchange-ATPSafeLinks-BitVector%3A%20100%3A0x0%7C0x100%3B%3CBR%20%2F%3EX-Microsoft-Exchange-Diagnostics%3A%201%3BDM5PR04MB0954%3B7%3Ayh5RkZFLPhJ9Y23o1u9LFLcYdUaJddoAeKaty5wGhzns9Czl4xeq7hGO3z86cuulTZiAZDPJWB71RwJrJU72iHFsNs6m9p3LM7g%2Bf3zBDpCNJz8Tz8cFcoek%2FATpcKxgq6Sd%2BFPRiH7qojW4z06ACcDE6vHYjwSBoR3wcbVB84iyxw9GC%2FSkHbGgR7h8K0cvGx7T2q8C1Od5uSQtsZNDwHFId5hq9OAyeGuFs5tPJyu0iBwPQFHCUFGVLqKL51%2F0oewYuTC128DxzVxcFWiGGP6leC4EtWJCNpBhw2XVR3g%3D%3CBR%20%2F%3EX-MS-Exchange-CrossTenant-OriginalArrivalTime%3A%2010%20Jul%202018%2017%3A42%3A13.0784%3CBR%20%2F%3E(UTC)%3CBR%20%2F%3EX-MS-Exchange-CrossTenant-Network-Message-Id%3A%20f45ae646-b8b4-40a7-eb53-08d5e68c7875%3CBR%20%2F%3EX-MS-Exchange-CrossTenant-Id%3A%20ab6ed105-c086-4195-b560-55de99f5b299%3CBR%20%2F%3EX-MS-Exchange-CrossTenant-FromEntityHeader%3A%20Internet%3CBR%20%2F%3EX-MS-Exchange-Transport-CrossTenantHeadersStamped%3A%20DM5PR04MB0954%3CBR%20%2F%3EX-MS-Exchange-Transport-EndToEndLatency%3A%2000%3A00%3A02.3927153%3CBR%20%2F%3EX-MS-Exchange-Processed-By-BccFoldering%3A%2015.20.0930.000%3CBR%20%2F%3EImportance%3A%20high%3CBR%20%2F%3EX-Priority%3A%201%3CBR%20%2F%3EX-Microsoft-Exchange-Diagnostics%3A%3CBR%20%2F%3E1%3BCY4PR04MB0952%3B27%3ABX2ZVUWniK14HIs0aJBI8yAI4pZGw2fPq0J5KY0OFsrvVNkseRZFFBm4UaBLOEmEp5E64mn247d%2FVf9cTrh3%2Fw6IPBIvJorsEsH7p5slBOEPO1ysWL4i0vzFLw6n69f6k4IkHyXGRAcorrKnJgf1UdSNkNBTpy96e3jkzgpECaTrJOZnkmars0NnFuxN3G3TfsGjjNKovmX0ZiTV%2B4BRYZ7X%2B2t8QzyP66y3hEwU%2F28PsrTJpLf%2B0pEzeWPrK1QO1IaneP3C9a%2FuGgTiYabeDNuRMyUYFvz1ic7TPvsnZPLw6cwZk2bv%2Fzay1IUUamogaFGcyalQtOfnhvIpHbm%2BLSqD3qrqWx1YYBA2PZOY5e14%2FgErp3gYjCm%2FvnM7jj95ZWjken7Yu9cRVKi9QHWlWRk7x4FzE3ecaIUNai390xAtBIMmddwsSI1t7Rrzn7AII%2BHTgY2i1UO5uMkkTZ79JQ%3D%3D%3CBR%20%2F%3EX-Microsoft-Antispam-Mailbox-Delivery%3A%3CBR%20%2F%3Edwl%3A1%3Bucf%3A0%3Bjmr%3A0%3Bex%3A0%3Bauth%3A0%3Bdest%3AI%3BENG%3A(20160513016)(750119)(520011016)(520008050)(702028)(944506220)(944626516)%3B%3CBR%20%2F%3EX-Microsoft-Antispam-Message-Info%3A%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FY2tOVmVWemIvMjVsVGV4c2hlb1hyYTh1cEI2b1JJRkowYmpCanFTNzNLck5P%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FQW1VUW1iMUJxcmtQSW1OZzhHc2dTQk5YakppNTNjeDZJOFpBTy96NVBZRmxU%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FRVBDallWMDlTRHNmUG9mYUVCM1llOVh3UXJRTHA3Y2lBbWVSTlVWWlNQZGc0%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FQnhIUVEwNHE3RGxPRmd1Z0o3TjhLUlNTUmI3SzhkaW8zQnUyam1vQU1YNXor%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FMU1XQzlhbXZrSUVYVUpOZ0dkQ1ZuYnhONytNRC9aYkhnelNGQnUrZlRYS1oy%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FTi9CNlArbi9mNlpwTlFOZXZ5VHBTMmJDZ2YxYmFLS2pjMWlCYlVQZFM3eUJ0%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FMnBRMVRoUjljRklWVkEzK0JvMDgzOWlaU3YxSHpoSDY5cHVRYlBvd3phMVJy%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FdWsyV29rRnFQVGhBUGhPUUVJbUFuNlhDMHgreVA4cis3VDE2Q2hVTHV5cE54%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FeWExMXVQYVU0UkQyVkVpL1FRR2N0QmpMcGNwWWh1c1hUZ0ZPNG1hd0hGd1ps%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FSzRjUUVTMmNKVXcwSndlSGhUSUxpQkZBREx4cUJkcjNtRDd5OWZrVllJSHBx%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FTmtpTGNJUzErUml1RzdnWTVMdFFBWkdRMU1XaG00SHYvQm5mODN3dTM2Yy9T%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FelQrMTc5UmthQW4weXNsOEFEZG1PQ0tzNW1yWDJNVEVISk1wNHdLYUdVRWhZ%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FWktOV3VhdmJxbHI3TllGNXpKT1ZFdzhTVzhYSGdZVzhGZjhZMWlTeWdJcnBt%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FTnBMdGxxRzJGRTFmQTVVdDdyNStieVRqbGNXNzVJN09BU3daMUxwWWVJdnBE%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FOGhQZ1RSalBPWDF6YWxaZVFadGIyZWVGR1ZaWlZCeFJFc3VLZkFlcHBlcHcv%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FTGYxRUJhaGp2Wk1LSnZzYnlaZ3dEWFd0dDJUQTNVR2hvMGpicEN1aWVFNFV3%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FUHg4OXlJYjNmR21CMVB4WHF0aU1Ocm04aFd1Mk1sSDZ5SFVlYkVjcXh4NHJa%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FaUNaOEsvOWlOeFIydE1JNXpja0VDeWlSdyt1VmEzWFcreWJqVGlrS1ZUQ2M2%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3Fbm50K0V5YlBvT0tBTGttTUVNZHNqdXR1bWdmY1JGMmNadzNudHFiZ25Dd1kr%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FM2VuMUY3UWx1NlRNZ3RaYWhJTDVJTnNyRDZxMmdxMi9YVWpxVjFzc1A5NFFr%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FbExvKzdpNFFnY0s5dHBlVmovbGJjOUFMM2h3bFFBd1ZkdEU3QjZOVWsxZldU%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FZXJ4Tzl3U0E4WGhNRlFsdkFNazVSNGgrRnIrVUlHdEpybHVGOVhKejdzeGlz%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FYitvcXpxdTF4N2VIVEhabXA5RFdqUWNncWVwTC9NT1NnQ0U0R3NyK2N6Zjhn%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FSXhheE1RMm1rYnpid0NkcTZLZEtWanFjOUpLMWJoT3hTUnN4aVI3ck9xOHp4%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FMC9iZjBRZkFlYXZOOHBydEYrV2Y0eENQeEIzeDhWeTRwaUhDVTlBbEk5LzRv%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FSmlFWWt2TWF0cUVjQytacUFtbGtDWDVwRGZCUEFXUGUyNktCdWd0NHh0eHpF%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FS3RUcG9XRDF6RjBBN2RzaytHTzZrTFRuMUpCZDN0ZTRoZngyR1NPVlpqWTBX%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FU2ptVUcvQ1JBTU5tTWlKaXozbHZYSjltOTNLN0VXcTE1QkN6amliQlZWK3ZG%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FOGdaUlhxOVE0TVcvY3FQM0lBRlI1N01rcXZKVldzMmo5N1Rsa1YyNERabjFE%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FOFVUUHZtTkp2eDdiMVZONUdiRHVuaFNSWDNyYzh1VjBvMEh5V1JBRFJhS1NB%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FOGhhUzNqQ05haXhUaU9nTWord0JWQVorZnYrbCsxbWpGa2d0OXhMV2lHM0Yr%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FMjlCQnoxL1l6akRyWnZPQWdTMndIRjBvV3hkRkVZdWZCblFad0hiNHcxTE5x%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FUkxWM1ZoMWs0TUdXdldSd2NvSEtXZENWRUVGdS9KV0V4VEs4NFFoN20zZWVN%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FU0dUQ09zL21qK2xVMkdicG4vVWN5SkpVbllwS3RaektUTjZydGZicUxSaE9C%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FRTdKZEJOYmxuUXpuZWdoTGFIWlgxcFJpZzlsLytXSk14akJPWG5MU0YrTXk3%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FbGdpTTh5OFNJZ0Q3UWhiSUNYREZYby9XS3N0L1Q0VzdPdmZuMmc5cHlFdm5G%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FcXllT3l3UWV2eEQ5YmxmQmlEUHBtbWNXUVFLYWk3NXM4d0JLY3A1WStnZVlk%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FSVhxLzRQbDc1QXNBKzVaaDJOZTN4eGd5Z1ZrSGxHVGN5dFJmcEg3RnhaRFZa%3F%3D%3CBR%20%2F%3E%3D%3Futf-8%3FB%3FT01EQmVXRDlVdDMzTnlLVEFwU2tGM01BR1h6WjF6UE9UUENBcUFvQT09%3F%3D%3CBR%20%2F%3EMIME-Version%3A%201.0%3C%2FREDACTED%3E%3C%2FREDACTED%3E%3C%2FREDACTED%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-214118%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-214590%22%20slang%3D%22en-US%22%3ERe%3A%20Spoofed%20email%20from%20%40micrsoft.com%20landed%20in%20my%20VP's%20inbox.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-214590%22%20slang%3D%22en-US%22%3E%3CP%3ECorrect.%20Office%20365%20currently%20treats%20them%20the%20same%2C%20according%20to%20that%20doc%20I%20linked%20to.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-214307%22%20slang%3D%22en-US%22%3ERe%3A%20Spoofed%20email%20from%20%40micrsoft.com%20landed%20in%20my%20VP's%20inbox.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-214307%22%20slang%3D%22en-US%22%3EThank%20you%20for%20the%20information%20Sir.%20I%20was%20definitely%20under%20the%20Impression%20that%20a%20Reject%20policy%20would%20result%20in%20mail%20being%20dropped%20if%20non%20compliant%20with%20the%20policy.%20So%2C%20in%20all%20actuality%2C%20is%20there%20a%20difference%20in%20what%20happens%20with%20Reject%20Vs.%20Quarantine%3F%20Seems%20both%20policies%20would%20just%20result%20with%20mail%20being%20delivered%20to%20Junk.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-214167%22%20slang%3D%22en-US%22%3ERe%3A%20Spoofed%20email%20from%20%40micrsoft.com%20landed%20in%20my%20VP's%20inbox.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-214167%22%20slang%3D%22en-US%22%3E%3CP%3ESounds%20like%20you're%20expecting%20the%20DMARC%20reject%20to%20result%20in%20an%20outright%20rejection%20of%20the%20message.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFrom%20that%20header%20info%2C%20the%20message%20was%20marked%20as%20SCL%205%20(spam).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPer%20%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2Fanti-spoofing-protection-in-office-365-d24bb387-c65d-486e-93e7-06a4f1a436c0%3Fui%3Den-US%26amp%3Brs%3Den-US%26amp%3Bad%3DUS%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ethis%20article%3C%2FA%3E%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CBLOCKQUOTE%3ECurrently%2C%20for%20all%20customers%20of%20Office%20365%20%E2%80%93%20ATP%20and%20non-ATP%20-%20%3CSTRONG%3Emessages%20that%20fail%20DMARC%20with%20a%20policy%20of%20reject%20or%20quarantine%20are%20marked%20as%20spam%20and%20usually%20take%20the%20high%20confidence%20spam%20action%2C%20or%20sometimes%20the%20regular%20spam%20action%3C%2FSTRONG%3E%20(depending%20on%20whether%20other%20spam%20rules%20first%20identify%20it%20as%20spam).%20Intra-org%20spoof%20detections%20take%20the%20regular%20spam%20action.%20This%20behavior%20does%20not%20need%20to%20be%20enabled%2C%20nor%20can%20it%20be%20disabled.%3C%2FBLOCKQUOTE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ESo%2C%20outright%20rejection%20is%20never%20the%20outcome.%20This%20makes%20sense%20from%20the%20perspective%20that%20Microsoft%20would%20not%20want%20to%20be%20discarding%20(losing)%20email%20from%20senders%20who%20have%20made%20a%20mistake%20with%20their%20DMARC%20records%2C%20and%20also%20because%20of%20the%20impact%20it%20would%20have%20on%20things%20like%20forwarding%20and%20mailing%20lists.%20But%2C%20the%20header%20info%20is%26nbsp%3Bwritten%20there%20for%20customers%20(you)%20to%20make%20more%20aggressive%20filtering%20decisions%20using%20mail%20flow%20rules%20if%20you%20wish.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EThe%20question%20is%20then%20why%20an%20SCL%205%20mail%20made%20it%20to%20the%20user's%20inbox.%20That%20could%20be%20due%20to%20the%20spam%20filter%20policy%20that%20has%20been%20configured%20for%20that%20user%2C%20or%20as%20Support%20has%20suggested%20to%20you%2C%20a%20hidden%20mailbox%20rule.%20So%20keep%20investigating%20that%20angle.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-214125%22%20slang%3D%22en-US%22%3ERe%3A%20Spoofed%20email%20from%20%40micrsoft.com%20landed%20in%20my%20VP's%20inbox.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-214125%22%20slang%3D%22en-US%22%3E%3CP%3ESupport%20says%20they%20see%20a%20rule%20that%20may%20be%20causing%20the%20issue%20in%20the%20Mailbox%20that%20I%20can%20not%20see%20when%20viewing%20the%20rules%20online.%20They%20want%20me%20to%20use%20MFCMAPI%20tomorrow%20to%20try%20to%20locate%20the%20rule%20and%20remove%20it.%20They%20are%20not%20sure%20this%20is%20the%20root%20cause%20but%20they%20want%20to%20try%20it%20anyway.%20They%20state%20it%20is%20a%20rule%20called%20Junk%20Email%20Rule%2C%20with%20no%20actions%20associated%20with%20it.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENot%20sure%20why%20this%20would%20apply%2C%20because%20DMARC%20failures%20for%20Micrsoft.com%20should%20result%20in%20a%20straight%20up%20reject%20from%20the%20server%20at%20time%20of%20delivery%20according%20to%20their%20published%20policy.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmxtoolbox.com%2FSuperTool.aspx%3Faction%3Ddmarc%253amicrosoft.com%26amp%3Brun%3Dtoolpage%26nbsp%3B%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmxtoolbox.com%2FSuperTool.aspx%3Faction%3Ddmarc%253amicrosoft.com%26amp%3Brun%3Dtoolpage%26nbsp%3B%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CPRE%3Ev%3DDMARC1%3B%20p%3Dreject%3B%20pct%3D100%3B%20rua%3Dmailto%3Ad%40rua.agari.com%3B%20ruf%3Dmailto%3Ad%40ruf.agari.com%3B%20fo%3D1%3C%2FPRE%3E%3C%2FDIV%3E%3CDIV%20class%3D%22tool-result-body%22%3ETag%20TagValue%20Name%20Description%20%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%3Ev%3C%2FTD%3E%3CTD%3EDMARC1%3C%2FTD%3E%3CTD%3EVersion%3C%2FTD%3E%3CTD%3EIdentifies%20the%20record%20retrieved%20as%20a%20DMARC%20record.%20It%20must%20be%20the%20first%20tag%20in%20the%20list.%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3Ep%3C%2FTD%3E%3CTD%3Ereject%3C%2FTD%3E%3CTD%3EPolicy%3C%2FTD%3E%3CTD%3EPolicy%20to%20apply%20to%20email%20that%20fails%20the%20DMARC%20test.%20TagValue%20can%20be%20'none'%2C%20'quarantine'%2C%20or%20'reject'.%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3Epct%3C%2FTD%3E%3CTD%3E100%3C%2FTD%3E%3CTD%3EPercentage%3C%2FTD%3E%3CTD%3EThe%20percentage%20tag%20tells%20receivers%20to%20only%20apply%20policy%20against%20email%20that%20fails%20the%20DMARC%20check%20X%20amount%20of%20the%20time.%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3Erua%3C%2FTD%3E%3CTD%3Emailto%3Ad%40rua.agari.com%3C%2FTD%3E%3CTD%3EReceivers%3C%2FTD%3E%3CTD%3EList%20of%20URIs%20for%20receivers%20to%20send%20XML%20feedback%20to.%20URIs%20are%20required%20to%20be%20added%20in%20the%20format%20of%20'mailto%3Aaddress%40example.com'.%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3Eruf%3C%2FTD%3E%3CTD%3Emailto%3Ad%40ruf.agari.com%3C%2FTD%3E%3CTD%3EForensic%20Receivers%3C%2FTD%3E%3CTD%3EList%20of%20URIs%20for%20receivers%20to%20send%20Forensic%20reports%20to.%20URIs%20are%20required%20to%20be%20added%20in%20the%20format%20of%20'mailto%3Aaddress%40example.com'.%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3Efo%3C%2FTD%3E%3CTD%3E1%3C%2FTD%3E%3CTD%3EForensic%20Reporting%3C%2FTD%3E%3CTD%3EForensic%20reporting%20options.%20The%20value%20of%20this%20tag%20is%20a%20colon-separated%20list%20of%20characters.%20Possible%20values%3A%20(0)%20to%20generate%20reports%20if%20all%20underlying%20authentication%20mechanisms%20fail%20to%20produce%20a%20DMARC%20pass%20result%2C%20(1)%20to%20generate%20reports%20if%20any%20mechanisms%20fail%2C%20(d)%20to%20generate%20report%20if%20DKIM%20signature%20failed%20to%20verify%2C%20(s)%20if%20SPF%20failed.%20If%20no%20ruf%20tag%20is%20specified%2C%20this%20tag%20will%20be%20ignored.%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E
Robert Woods
Super Contributor

Spoofed email from @micrsoft.com landed in my VP's inbox. How? Headers indicate dmarc failure, but Microsoft's Reject Policy was not respected by their own servers, then the mail was delivered directly to the inbox. He had an aneurysm. 

 

Headers below if anyone cares to help me figure out why it did not get rejected per Microsoft's DMARC Policy. 

 

 

Received: from DM5PR04MB0954.namprd04.prod.outlook.com (2603:10b6:910:4f::15)
by CY4PR04MB0952.namprd04.prod.outlook.com with HTTPS via
CY4PR04CA0050.NAMPRD04.PROD.OUTLOOK.COM; Tue, 10 Jul 2018 17:42:15 +0000
Received: from SN4PR0401CA0040.namprd04.prod.outlook.com
(2603:10b6:803:2a::26) by DM5PR04MB0954.namprd04.prod.outlook.com
(2603:10b6:4:43::30) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.930.20; Tue, 10 Jul
2018 17:42:13 +0000
Received: from SN1NAM01FT051.eop-nam01.prod.protection.outlook.com
(2a01:111:f400:7e40::207) by SN4PR0401CA0040.outlook.office365.com
(2603:10b6:803:2a::26) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.930.19 via Frontend
Transport; Tue, 10 Jul 2018 17:42:13 +0000
Authentication-Results: spf=pass (sender IP is 209.85.223.226)
smtp.mailfrom=kippahi.com; pepsicenter.com; dkim=none (message not signed)
header.d=none;pepsicenter.com; dmarc=fail action=oreject
header.from=microsoft.com;compauth=fail reason=000
Received-SPF: Pass (protection.outlook.com: domain of kippahi.com designates
209.85.223.226 as permitted sender) receiver=protection.outlook.com;
client-ip=209.85.223.226; helo=mail-io0-f226.google.com;
Received: from mail-io0-f226.google.com (209.85.223.226) by
SN1NAM01FT051.mail.protection.outlook.com (10.152.64.150) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.906.15 via Frontend Transport; Tue, 10 Jul 2018 17:42:13 +0000
Received: by mail-io0-f226.google.com with SMTP id v26-v6so21140229iog.5
for <redacted@pepsicenter.com>; Tue, 10 Jul 2018 10:42:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:date:to:from:subject:message-id:mime-version;
bh=LjzPhte3jTTasd9s0b5g+RnDnb8FSrwPVw6nM2MoQ6Y=;
b=RQ2tRp9xXruud5Zvq5fOa9AhtPIZLW1Xy/7y0yRcRKo4pIHmkDk+BFnhfTnlslUEz7
JQJHL/5q2cRXeA1wUrZe5xsevqt+zRPrY2WvYGqCJrPejdIBHHsqL0ZP35UIZhtDEFfT
Whah9JGxloKvMbTyxYr18/Zwnex4egeETvu1rzh1LKwubqmz12Fch4pIveqFo+cEJRwm
vRxsy7nzD+/r5iC1eaoP/1bRv8afPdedS+pv9guneaZO/yIdEECVMJLxKKth0xAJbkMS
7yVMRfZBLLnT2EWvPa0N0shb8tSOPQbxAVZBK0gnGEFBxSsvrvJfYoEuUNG57a/+7oXp
O04w==
X-Gm-Message-State: AOUpUlENU4Bpn17a24pZlrvjEdDqPI+cPrTF33uUE4IeTkScTXjWeZWj
XDabCdCWbSWOV+zcO0SmAlm6fCeMMGz8kHGjt5hinCep3Rsv
X-Google-Smtp-Source: AAOMgpeedbERs3SiWWTUmYdeOsLwl8S1Y2hp+vZuYQnuPDzEt251Et9/ktc6JCU7B9+VM9WFvhNH29E3kR6V
X-Received: by 2002:a6b:a504:: with SMTP id o4-v6mr20289254ioe.95.1531244532626;
Tue, 10 Jul 2018 10:42:12 -0700 (PDT)
Return-Path: postmaster@kippahi.com
Received: from box-codeanywhere ([40.69.186.165])
by smtp-relay.gmail.com with ESMTPS id r192-v6sm5339158ith.7.2018.07.10.10.42.12
for <redacted@pepsicenter.com>
(version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Tue, 10 Jul 2018 10:42:12 -0700 (PDT)
X-Relaying-Domain: kippahi.com
Date: Tue, 10 Jul 2018 08:42:12 -0900
To: <redacted@pepsicenter.com>
From: Microsoft Support Team <no-reply.7nul5p0b@microsoft.com>
Subject: We found request on your account on July 10, 2018, 08:42 AM
Message-ID: <1e012453220e87d1b731c5cb36c12c73@box-codeanywhere>
X-Mailer: PHPMailer 5.2.23 (https://github.com/PHPMailer/PHPMailer)
Content-Type: multipart/alternative;
boundary="b1_1e012453220e87d1b731c5cb36c12c73"
X-MS-Exchange-Organization-ExpirationStartTime: 10 Jul 2018 17:42:13.3597
(UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: Original Submit
X-MS-Exchange-Organization-ExpirationInterval: 2:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: Original Submit
X-MS-Exchange-Organization-Network-Message-Id: f45ae646-b8b4-40a7-eb53-08d5e68c7875
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: ab6ed105-c086-4195-b560-55de99f5b299:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: CIP:209.85.223.226;IPV:NLI;CTRY:US;EFV:NLI;SFV:SPM;SFS:(10001);DIR:INB;SFP:;SCL:5;SRVR:DM5PR04MB0954;H:mail-io0-f226.google.com;FPR:;SPF:None;LANG:en;CAT:SPM;
X-Microsoft-Exchange-Diagnostics: 1;SN1NAM01FT051;1:fOlgEliYVfvCZ5jT9EbSJTNxfL4QdoJD9S/1RbQrbK0RpOXL30+OUnfX4jR4eqibYsB0QpRNKB4Ll6gQ4CDdXJGY8KaCq5zDAyf5wOMXvgaQOHQJMQdMm0Aa87Ha7W2l
X-MS-Exchange-Organization-AuthSource: SN1NAM01FT051.eop-nam01.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: f45ae646-b8b4-40a7-eb53-08d5e68c7875
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652040)(5600053)(711020)(4605076)(4612076)(4613076)(4614076)(1401180)(1403068)(71702078);SRVR:DM5PR04MB0954;
X-Microsoft-Exchange-Diagnostics: 1;DM5PR04MB0954;3:VZrNMaHC0/Bbcg+hNLW9MUS1MQ03nAjifoeKwgGOc2BjK4gn3hzBvF/ul5I+/oN3Sf2nlXZOMC7T76LvkzcBgjv6atL+4Zl8U36qWgKYQxe8/McFPJ1CggeI59J/xtf4xThh37Ue1uzSyGnRU1SVlZruZdQqaZnZccuTnVv40De1Wq1Dcm3CXe8TDB4DIYBGX7mr1jGxclTnmc4Ov4/8Px+0Zw+YAny8TNA3SnNwKr12K/Nmy5INJVWGCiEoeLJy2a1X8CZhfyHS/KPPT81p5NSz3/hLF0IGVNzngGzprHuuxKC1rXJiLDu21/hwWrcxczNPS5g1tHSziS2eKBxxHWdB7j3rD1wi+IGN/YYbJRY=;25:/SCy5+pw1KLoLPXhCqlfZ1PTXhLZEERU3DesuEnOksZal4yQhkUt69xfvQUTAhETT+ybuOLdaYEgYxqhq30ASiSs4dePYXiQVgCWviEKecyqghSuAuQduY8vnJuwJ9uBDUJ592w9k/L/5a14+F+txE4+aZ9GXprOeT528Tq0uAVLmTvAXdDOMjFN3BqvRnL4G/i8htOIiL3Yrv7YbbAm8oPTefwwXcZ3KPqxZrU3F1f7Y9fieBhLz5XdupCDf/fm//ozUJTBv7Hu93J/WThslN9DkvJUMCjWK5m/VTUJ1zRrxd5JnoWWg/A0QyE/TPMP/Uq9dCgdrXqL9bZ7meLUtw==
X-MS-TrafficTypeDiagnostic: DM5PR04MB0954:
X-MS-Exchange-AtpMessageProperties: sap=1;slp=1;
X-Microsoft-Exchange-Diagnostics: 1;DM5PR04MB0954;31:C+p3OLIi17Apzd7Hp5OskZrmwr2qHvEfgC8lliR5KqwRKNztmKp5MOsPIzHlCzeNCjraRnckFUDthwDMNoVv11XaK4tuWCkvKrOiuU26mlY7wHWLqh35JkPk8j7fhuw1vyr+Xxqn8N26UdKxd5Wfce8PBwiXKVmUIOnrcTb5ugFEtO1XVW+HB2zV0T8WKZKR41ceHoCHSehm+Q8ByJVvl4NahcdZiIgVHdq5M+vRD4Q=;20:2RDuWZ82Ef7VKCrQt9px5s3qGDW350VermvzBCZtI8+yONuIyelylc3DnmuhlMG6/ArJ0ZzxfkZBf7Gzw8ht3cbLwaFv+ZtLFtu9eUQyP+aheU8Y3qe8pvGiIWRwCmj+1gmgh3M4fWKZcV/5v2Kodn949wggviVBATj9aWoP1+GReqLy5sjQmpLT17B+JFuCa3X21fqOw41r9ZbyNs90CoJH2cRRb0rdzlQt16J20Lel/L/urVvhoWgrGDLqtaSkl8aXRox8J/dceCQvYXKmsIdgVGJkso2r6erfFUJRqkfD1YL7Ouhtc+JUJxCSUPyYRMtNdsMZEN2QvQCw/DgaO6f5rVnLLAW+m7KUA21HpJMsQyxxyiwqZ2H8AFhd+gPrqoVdPByMiNcEaRdktMmtsHcVodEA33vyt1ZJXoeLocaIY12iW37MTkjmjD43TmDVdV4YVLvycCkoG+mt6k2DMN1JmGM0Xnf3xC3XB73+Pu0Hc5O4M02LmNC06PjvxNMP
X-MS-Exchange-AntiPhishPolicyId: KSE Anti Spoof
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: =?us-ascii?Q?BCL:0;PCL:0;RULEID:(8211001083)(2018021200122)(2018011200283?=
=?us-ascii?Q?)(2401047)(8121501046)(2018021201122)(2018011210174)(2018011?=
=?us-ascii?Q?211064)(2018011212028)(2018011213028)(2018011214028)(2018011?=
=?us-ascii?Q?215028)(2018011216028)(2018011217028)(2018011218028)(2018011?=
=?us-ascii?Q?219092)(2018011220252)(2018011221063)(2018011222027)(2018011?=
=?us-ascii?Q?223027)(2018011224027)(2018011225035)(2018011229035)(2018011?=
=?us-ascii?Q?232269)(2018011233052)(2018021202149)(98810176)(98801176)(20?=
=?us-ascii?Q?18021203149)(98815176)(98812176)(2018021210149)(201801124027?=
=?us-ascii?Q?9)(1430482)(1431068)(1432130)(1440212)(1552081)(1560030)(155?=
=?us-ascii?Q?7028)(823300264)(823350442)(823411253)(9101536074)(102015010?=
=?us-ascii?Q?46)(3231311)(901025)(902075)(913088)(7045084)(944500087)(944?=
=?us-ascii?Q?503075)(9300000150)(9301002111)(52103095)(52102095)(11171617?=
=?us-ascii?Q?1)(52104123)(52105095)(52106170)(52401190)(52601095)(5260609?=
=?us-ascii?Q?5)(52505095)(52406095)(52403095)(52301095)(52204095)(1102011?=
=?us-ascii?Q?)(93006095)(93004095)(88839001)(88838384)(88841344)(88835096?=
=?us-ascii?Q?)(3002001)(1610001)(8301001075)(8301002168)(8301003183)(8876?=
=?us-ascii?Q?6976)(88801398)(98821027)(98822027)(88860193)(88861208)(8838?=
=?us-ascii?Q?0075)(88381075)(88382106)(2018021211149)(2018011241182)(2018?=
=?us-ascii?Q?020102067)(2018021213027)(201708071742011)(7699016)(76990205?=
=?us-ascii?Q?)(7701012);SRVR:DM5PR04MB0954;BCL:0;PCL:0;RULEID:;SRVR:DM5PR?=
=?us-ascii?Q?04MB0954;?=
X-Microsoft-Exchange-Diagnostics: 1;DM5PR04MB0954;4:bCXgVALM2wk6t5ObIkSGslfyDZ+FjXU0aFnkI6rvEQn+wDUAfkx1uT75tT/OpKDOb/MNe+pyymJEEKlG6aogXKXOS4rq+XHejeB0tbPgmTayGiMEc5IEhdX4byYONDiKGaw2jRmS7Ct8cFuJwp+zyXEY5/0d44hWpxUN5ZxF0XBmB69zN0vbX79k5J+0gVUWC1tEiyZFC88McOirbB1HCbgBKpLq8/I5ifkYObbHJNEM5TWnr074ghD3I7jb8ItVhMSmENw2yiR1qphEnEBIEg==;23:YAwZkQ7D1HjA5Ct+64PM7wuBk0xHgUfBmeapAbxM5s2kEmCDvo+elIfPuNZNxGli8VqSSqilYn/XgAX0tQYkP6kSh9b5EvjxGygX/LO/ba3DWaL1cJHnnjwkEJJJ5U5vfGOdua6gg6MDEg4Ez9U4edRFF4aL2j8M9lN+J2GDlhly+HFw0LjyIXOGGO2rvzI/2qWc4y8hp7vEahqlsnQoLw==
X-MS-Exchange-Organization-SCL: 5
X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?YXRs3La/gxgdzKew4r2d58mCX0AKdP1R1AiH4GHmr//z28i/42opq7BYKW3q?=
=?us-ascii?Q?TBFYJNFizYoAGXjrZX91+KUfa29dT+7eAHlywqc4mre0JL/7cGaZaqiOvgFp?=
=?us-ascii?Q?emS4p+r0/O0rHPW9cg58LcxxIO8G+cRBkz5LaDPxmlEWmubxc002Cv17Dzjt?=
=?us-ascii?Q?VBr9KmPeF4VySbv2AJFJzZiLq1Vkakt0mrWPmhWQsbgDZ6winEyBybFSQqn7?=
=?us-ascii?Q?20/pdGxOPgKneHthzWoMIiaYPi26R5iHBZaT8xoztmqlS/7Yjydq2qC2AT9a?=
=?us-ascii?Q?2tMBSRcA/3RLs6YPyw1c5SQ0ioEiM07w4BEV+AmJw+J0TQC2tf3CNJ+XZ7hx?=
=?us-ascii?Q?G2DZLu4brNMhclTEKu0TjeduBBmwV2QquNqoKb58+quTZ83uajAotj/sf2UG?=
=?us-ascii?Q?oxwsKk+DmDV0mJMC6ScrJMnpRZEKubbcoNuQ82Rn9KCHgomfhcV6QZ0oMCdq?=
=?us-ascii?Q?DsjW+bxHaJLIvgebjoc4nWzlJ/q35BbV/Enkd6Qd9/KEO/ikEdYxZ12Hj+yp?=
=?us-ascii?Q?NJTFHg9A3ZFGNKr30MRPVNZOF7TQn1DAKZKLRQaR96XBYZNWh7uFN7wNMKOK?=
=?us-ascii?Q?RdUuWCSXHQzme8XF2oFolNHCwVaHb1BSKvczUcig6WRavFdM17izkzRDUQZ4?=
=?us-ascii?Q?VAGAu5VDPpkBWmTJGhnj3W5h7YwvyARCqoinM79fv0UDNn+FGjDKR5RKIK80?=
=?us-ascii?Q?gz47otFKFIMN6xDPBRb13tWPvrgDh1uXCvoQDkOkNkgUt4SY6ERlAetKCDHT?=
=?us-ascii?Q?X2oiqu6my28uyeBT7rf0D85ba88iHrzm42V6hEjhkFdVvYx6Oh1eALEw9Egl?=
=?us-ascii?Q?wHHEnGTEEFUcV53DSoEX+985dgxn9kEa3KqBtkfGeAckLOhlbURUbx6oRWXr?=
=?us-ascii?Q?hyqvcx4RAFI3j+73H5rsBDjUYMngTdYDmSEHnet5BKz7kj0dEgx1ABPnwjkR?=
=?us-ascii?Q?EZzPcVmdD8Ft/nD2VMa1WI7XWexdQdUID76DGoW08Xg7A3vNNHoJrUT1Zqp8?=
=?us-ascii?Q?OusuRT+XW0avnTTB7yLz/i7O/WS4uVXAWyt2iv8inqGgSe5jwEFiLwXDpqT3?=
=?us-ascii?Q?hhRt7YAHOe9lSiJ9Fyw4b9xwNhp8tk82GjHxU2m8IlZGQzTe8Q1GvIbQZLpq?=
=?us-ascii?Q?bt1HRF11NfK1tBuQ5Iytl7oF/4D6lUrp3937FPzntCAsyhMPRCy6hIUcoazD?=
=?us-ascii?Q?Qhpx/119XzEjOuNNnTjBkK06ZZJ2KQmRE7Jug2ZCaYVbSfVErJDrtgYUteRE?=
=?us-ascii?Q?Spo4ujQz+MfxNXeDO1vN7TwRIKZEabRhsymLgLBz2rKZeGkiFs1ghoaKcKnr?=
=?us-ascii?Q?BdpLIbQjRWGbgwUHo3U/UbMbnCPnyKnuoAgHxgiJmfaeBlczSZnqQ3aWHDRJ?=
=?us-ascii?Q?JpQtHStmeH26Y4ndWm6+tFRqRFOr7eV/zovcryhV5iQpphscnomOGFFk85qn?=
=?us-ascii?Q?bwfyYdLglDFsTU0ttY+Qph7gxUnb7AJlzo7onV5GwwPoeDVIVrEjGGlPbFWi?=
=?us-ascii?Q?glNcP0bRZjTt2a6njrJS6SMapqWjqvTlSTwTJ/dEIUd1K+R+Zdn5XbSUIQ1o?=
=?us-ascii?Q?MQMUTxRUCKPq4Vy29tyJAtW8k43Fvsn0/HsSy4Fntufgcdmskk8rUAWEffAR?=
=?us-ascii?Q?lVd7mpXEES6aUvFqJ/iV+Gs7kWC8VXIhODq+HEsl+41rbpardkdxl5ibZD7A?=
=?us-ascii?Q?na67Y0DDTO7o7O8rqwH5jD7kfMx0LVKnltKT3bms0pZb5Fc4GSwYQRWqYK3f?=
=?us-ascii?Q?LHGqOpvHWA=3D=3D?=
X-Microsoft-Exchange-Diagnostics: 1;DM5PR04MB0954;6:7BsXd6FCZ+6ETVOxdz2JjROKVhWBXN8Xtmu5ey8UTBjRB0T9kzPODgDe3xhCg/lYaSrMUbZiVvrRmaL73McWmAy7gkC3/1g8xm1gAHulKQorriGRZj6E9n7qGk932xgN8AQRDDYz0rlEd5NLuMMGaAKetFMDRzuA3vObJZLa2GVCG67HfL93vrXjOQjeoCeBu4lu1F0KH0XE1hI13GaAgw+1BhdDs95nHF+40mUL6jNkvQAy3rJXstXH13gBBNShoCt1pg5Y05afbBkaFaySOv3itfa6t/MuTcwJw49LVlEogQcVSMoGlpWnTzLM5+ijr67yWLQACegUBgen6Pefic7KUU4kfbqKrMUwvDrODCIytfaMw8vAb9e5X49A1XtJ+AEQsJvVbijUB8fJ49ykSIHogVrpcW2oYQRdDTkmhpy7Q/FVjt8McMYPFOOGJ5kjxPYJ5d5IFnEu/FIGHI3kowEjkC8u8wlKyPullUCgCnKyl9PVoORiJsaQtXhrJECm;5:oStqLP04wePddQfFLyyzLtNniuNRDYKQrkTKDGmZ61ZruDqcad2JomkqiwoRR0lg1JQtksHkvIrEhGRur4p2ReGySlAj8fsKfZP7Tj/Xy5aiMBfKRPhWtmuWiRf/Li7j49eDqH1JgiexTYH2JGHaZGIzy6Oij7trx4oKMi4rwNg=;24:F19yLepqDJtW1Qq/2bKSvxfq2/O+Gs/gQQtGqUjMP0kwUwFLejVqorGowR8E9ceIu+NLKey0qYgQsV0b41CQHw==
X-MS-Exchange-Safelinks-Url-KeyVer: 1
SpamDiagnosticOutput: 1:13
SpamDiagnosticMetadata: Default
X-MS-Exchange-ATPSafeLinks-BitVector: 100:0x0|0x100;
X-Microsoft-Exchange-Diagnostics: 1;DM5PR04MB0954;7:yh5RkZFLPhJ9Y23o1u9LFLcYdUaJddoAeKaty5wGhzns9Czl4xeq7hGO3z86cuulTZiAZDPJWB71RwJrJU72iHFsNs6m9p3LM7g+f3zBDpCNJz8Tz8cFcoek/ATpcKxgq6Sd+FPRiH7qojW4z06ACcDE6vHYjwSBoR3wcbVB84iyxw9GC/SkHbGgR7h8K0cvGx7T2q8C1Od5uSQtsZNDwHFId5hq9OAyeGuFs5tPJyu0iBwPQFHCUFGVLqKL51/0oewYuTC128DxzVxcFWiGGP6leC4EtWJCNpBhw2XVR3g=
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jul 2018 17:42:13.0784
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f45ae646-b8b4-40a7-eb53-08d5e68c7875
X-MS-Exchange-CrossTenant-Id: ab6ed105-c086-4195-b560-55de99f5b299
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR04MB0954
X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.3927153
X-MS-Exchange-Processed-By-BccFoldering: 15.20.0930.000
Importance: high
X-Priority: 1
X-Microsoft-Exchange-Diagnostics:
1;CY4PR04MB0952;27:BX2ZVUWniK14HIs0aJBI8yAI4pZGw2fPq0J5KY0OFsrvVNkseRZFFBm4UaBLOEmEp5E64mn247d/Vf9cTrh3/w6IPBIvJorsEsH7p5slBOEPO1ysWL4i0vzFLw6n69f6k4IkHyXGRAcorrKnJgf1UdSNkNBTpy96e3jkzgpECaTrJOZnkmars0NnFuxN3G3TfsGjjNKovmX0ZiTV+4BRYZ7X+2t8QzyP66y3hEwU/28PsrTJpLf+0pEzeWPrK1QO1IaneP3C9a/uGgTiYabeDNuRMyUYFvz1ic7TPvsnZPLw6cwZk2bv/zay1IUUamogaFGcyalQtOfnhvIpHbm+LSqD3qrqWx1YYBA2PZOY5e14/gErp3gYjCm/vnM7jj95ZWjken7Yu9cRVKi9QHWlWRk7x4FzE3ecaIUNai390xAtBIMmddwsSI1t7Rrzn7AII+HTgY2i1UO5uMkkTZ79JQ==
X-Microsoft-Antispam-Mailbox-Delivery:
dwl:1;ucf:0;jmr:0;ex:0;auth:0;dest:I;ENG:(20160513016)(750119)(520011016)(520008050)(702028)(944506220)(944626516);
X-Microsoft-Antispam-Message-Info:
=?utf-8?B?Y2tOVmVWemIvMjVsVGV4c2hlb1hyYTh1cEI2b1JJRkowYmpCanFTNzNLck5P?=
=?utf-8?B?QW1VUW1iMUJxcmtQSW1OZzhHc2dTQk5YakppNTNjeDZJOFpBTy96NVBZRmxU?=
=?utf-8?B?RVBDallWMDlTRHNmUG9mYUVCM1llOVh3UXJRTHA3Y2lBbWVSTlVWWlNQZGc0?=
=?utf-8?B?QnhIUVEwNHE3RGxPRmd1Z0o3TjhLUlNTUmI3SzhkaW8zQnUyam1vQU1YNXor?=
=?utf-8?B?MU1XQzlhbXZrSUVYVUpOZ0dkQ1ZuYnhONytNRC9aYkhnelNGQnUrZlRYS1oy?=
=?utf-8?B?Ti9CNlArbi9mNlpwTlFOZXZ5VHBTMmJDZ2YxYmFLS2pjMWlCYlVQZFM3eUJ0?=
=?utf-8?B?MnBRMVRoUjljRklWVkEzK0JvMDgzOWlaU3YxSHpoSDY5cHVRYlBvd3phMVJy?=
=?utf-8?B?dWsyV29rRnFQVGhBUGhPUUVJbUFuNlhDMHgreVA4cis3VDE2Q2hVTHV5cE54?=
=?utf-8?B?eWExMXVQYVU0UkQyVkVpL1FRR2N0QmpMcGNwWWh1c1hUZ0ZPNG1hd0hGd1ps?=
=?utf-8?B?SzRjUUVTMmNKVXcwSndlSGhUSUxpQkZBREx4cUJkcjNtRDd5OWZrVllJSHBx?=
=?utf-8?B?TmtpTGNJUzErUml1RzdnWTVMdFFBWkdRMU1XaG00SHYvQm5mODN3dTM2Yy9T?=
=?utf-8?B?elQrMTc5UmthQW4weXNsOEFEZG1PQ0tzNW1yWDJNVEVISk1wNHdLYUdVRWhZ?=
=?utf-8?B?WktOV3VhdmJxbHI3TllGNXpKT1ZFdzhTVzhYSGdZVzhGZjhZMWlTeWdJcnBt?=
=?utf-8?B?TnBMdGxxRzJGRTFmQTVVdDdyNStieVRqbGNXNzVJN09BU3daMUxwWWVJdnBE?=
=?utf-8?B?OGhQZ1RSalBPWDF6YWxaZVFadGIyZWVGR1ZaWlZCeFJFc3VLZkFlcHBlcHcv?=
=?utf-8?B?TGYxRUJhaGp2Wk1LSnZzYnlaZ3dEWFd0dDJUQTNVR2hvMGpicEN1aWVFNFV3?=
=?utf-8?B?UHg4OXlJYjNmR21CMVB4WHF0aU1Ocm04aFd1Mk1sSDZ5SFVlYkVjcXh4NHJa?=
=?utf-8?B?aUNaOEsvOWlOeFIydE1JNXpja0VDeWlSdyt1VmEzWFcreWJqVGlrS1ZUQ2M2?=
=?utf-8?B?bm50K0V5YlBvT0tBTGttTUVNZHNqdXR1bWdmY1JGMmNadzNudHFiZ25Dd1kr?=
=?utf-8?B?M2VuMUY3UWx1NlRNZ3RaYWhJTDVJTnNyRDZxMmdxMi9YVWpxVjFzc1A5NFFr?=
=?utf-8?B?bExvKzdpNFFnY0s5dHBlVmovbGJjOUFMM2h3bFFBd1ZkdEU3QjZOVWsxZldU?=
=?utf-8?B?ZXJ4Tzl3U0E4WGhNRlFsdkFNazVSNGgrRnIrVUlHdEpybHVGOVhKejdzeGlz?=
=?utf-8?B?YitvcXpxdTF4N2VIVEhabXA5RFdqUWNncWVwTC9NT1NnQ0U0R3NyK2N6Zjhn?=
=?utf-8?B?SXhheE1RMm1rYnpid0NkcTZLZEtWanFjOUpLMWJoT3hTUnN4aVI3ck9xOHp4?=
=?utf-8?B?MC9iZjBRZkFlYXZOOHBydEYrV2Y0eENQeEIzeDhWeTRwaUhDVTlBbEk5LzRv?=
=?utf-8?B?SmlFWWt2TWF0cUVjQytacUFtbGtDWDVwRGZCUEFXUGUyNktCdWd0NHh0eHpF?=
=?utf-8?B?S3RUcG9XRDF6RjBBN2RzaytHTzZrTFRuMUpCZDN0ZTRoZngyR1NPVlpqWTBX?=
=?utf-8?B?U2ptVUcvQ1JBTU5tTWlKaXozbHZYSjltOTNLN0VXcTE1QkN6amliQlZWK3ZG?=
=?utf-8?B?OGdaUlhxOVE0TVcvY3FQM0lBRlI1N01rcXZKVldzMmo5N1Rsa1YyNERabjFE?=
=?utf-8?B?OFVUUHZtTkp2eDdiMVZONUdiRHVuaFNSWDNyYzh1VjBvMEh5V1JBRFJhS1NB?=
=?utf-8?B?OGhhUzNqQ05haXhUaU9nTWord0JWQVorZnYrbCsxbWpGa2d0OXhMV2lHM0Yr?=
=?utf-8?B?MjlCQnoxL1l6akRyWnZPQWdTMndIRjBvV3hkRkVZdWZCblFad0hiNHcxTE5x?=
=?utf-8?B?UkxWM1ZoMWs0TUdXdldSd2NvSEtXZENWRUVGdS9KV0V4VEs4NFFoN20zZWVN?=
=?utf-8?B?U0dUQ09zL21qK2xVMkdicG4vVWN5SkpVbllwS3RaektUTjZydGZicUxSaE9C?=
=?utf-8?B?RTdKZEJOYmxuUXpuZWdoTGFIWlgxcFJpZzlsLytXSk14akJPWG5MU0YrTXk3?=
=?utf-8?B?bGdpTTh5OFNJZ0Q3UWhiSUNYREZYby9XS3N0L1Q0VzdPdmZuMmc5cHlFdm5G?=
=?utf-8?B?cXllT3l3UWV2eEQ5YmxmQmlEUHBtbWNXUVFLYWk3NXM4d0JLY3A1WStnZVlk?=
=?utf-8?B?SVhxLzRQbDc1QXNBKzVaaDJOZTN4eGd5Z1ZrSGxHVGN5dFJmcEg3RnhaRFZa?=
=?utf-8?B?T01EQmVXRDlVdDMzTnlLVEFwU2tGM01BR1h6WjF6UE9UUENBcUFvQT09?=
MIME-Version: 1.0

 

4 Replies

Support says they see a rule that may be causing the issue in the Mailbox that I can not see when viewing the rules online. They want me to use MFCMAPI tomorrow to try to locate the rule and remove it. They are not sure this is the root cause but they want to try it anyway. They state it is a rule called Junk Email Rule, with no actions associated with it. 

 

Not sure why this would apply, because DMARC failures for Micrsoft.com should result in a straight up reject from the server at time of delivery according to their published policy.

 

https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3amicrosoft.com&run=toolpage 

 

v=DMARC1; p=reject; pct=100; rua=mailto:d@rua.agari.com; ruf=mailto:d@ruf.agari.com; fo=1
Tag TagValue Name Description
vDMARC1VersionIdentifies the record retrieved as a DMARC record. It must be the first tag in the list.
prejectPolicyPolicy to apply to email that fails the DMARC test. TagValue can be 'none', 'quarantine', or 'reject'.
pct100PercentageThe percentage tag tells receivers to only apply policy against email that fails the DMARC check X amount of the time.
ruamailto:d@rua.agari.comReceiversList of URIs for receivers to send XML feedback to. URIs are required to be added in the format of 'mailto:address@example.com'.
rufmailto:d@ruf.agari.comForensic ReceiversList of URIs for receivers to send Forensic reports to. URIs are required to be added in the format of 'mailto:address@example.com'.
fo1Forensic ReportingForensic reporting options. The value of this tag is a colon-separated list of characters. Possible values: (0) to generate reports if all underlying authentication mechanisms fail to produce a DMARC pass result, (1) to generate reports if any mechanisms fail, (d) to generate report if DKIM signature failed to verify, (s) if SPF failed. If no ruf tag is specified, this tag will be ignored.

Sounds like you're expecting the DMARC reject to result in an outright rejection of the message.

 

From that header info, the message was marked as SCL 5 (spam).

 

Per this article:

 

Currently, for all customers of Office 365 – ATP and non-ATP - messages that fail DMARC with a policy of reject or quarantine are marked as spam and usually take the high confidence spam action, or sometimes the regular spam action (depending on whether other spam rules first identify it as spam). Intra-org spoof detections take the regular spam action. This behavior does not need to be enabled, nor can it be disabled.

 

So, outright rejection is never the outcome. This makes sense from the perspective that Microsoft would not want to be discarding (losing) email from senders who have made a mistake with their DMARC records, and also because of the impact it would have on things like forwarding and mailing lists. But, the header info is written there for customers (you) to make more aggressive filtering decisions using mail flow rules if you wish.

 

The question is then why an SCL 5 mail made it to the user's inbox. That could be due to the spam filter policy that has been configured for that user, or as Support has suggested to you, a hidden mailbox rule. So keep investigating that angle.

Thank you for the information Sir. I was definitely under the Impression that a Reject policy would result in mail being dropped if non compliant with the policy. So, in all actuality, is there a difference in what happens with Reject Vs. Quarantine? Seems both policies would just result with mail being delivered to Junk.

Correct. Office 365 currently treats them the same, according to that doc I linked to.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
50 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
32 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
15 Replies
Dev channel update to 80.0.355.1 is live
josh_bodner in Discussions on
67 Replies