Spoofing senders from Microsoft's own domain should never be possible on an email service as established as outlook. This is just a personal email and I'm unable to report this correctly as this breaks the report functionality. This email successfully identifies the sender as though it is from me in the web client.