Hi Vladimir, I should have specified this, but this email was received by a hotmail.com address. I was search how Hotmail (or outlook.com) handles DMARC but did not find much.
For business email it makes absolute sense to quarantine emails despite the policy being reject; but not so for consumer email I thought.. Kind regards, Jon - - - - - Jon Burke Deliverability Consultant email [email protected]<mailto:[email protected]> mobile +44 7990 069 027 SELLIGENT MARKETING CLOUD CONSUMER-FIRST MARKETING www.selligent.com<http://www.selligent.com/> [cid:[email protected]] From: Vladimir Dubrovin <[email protected]> Sent: 20 November 2019 14:03 To: Jon Burke <[email protected]>; [email protected] Subject: Re: [mailop] Reasons ISPs (Microsoft) ignore DMARC policy? quick googling: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dmarc-to-validate-email#inbounddmarcfail How Office 365 handles inbound email that fails DMARC If the DMARC policy of the sending server is p=reject, EOP marks the message as spam instead of rejecting it. In other words, for inbound email, Office 365 treats p=reject and p=quarantine the same way. Office 365 is configured like this because some legitimate email may fail DMARC. For example, a message might fail DMARC if it is sent to a mailing list that then relays the message to all list participants. If Office 365 rejected these messages, people could lose legitimate email and have no way to retrieve it. Instead, these messages will still fail DMARC but they will be marked as spam and not rejected. If desired, users can still get these messages in their inbox through these methods: * Users add safe senders individually by using their email client * Administrators create an Exchange mail flow rule (also known as a transport rule) for all users that allows messages for those particular senders. 20.11.2019 16:17, Jon Burke via mailop пишет: Hi Mailop, Below is a spoofed email; it fails SPF, has no DKIM, and fails the DMARC or the 5322.From address: Received: from MW2NAM12HT207.eop-nam12.prod.protection.outlook.com (2603:10a6:6:2d::33) by DB7PR10MB1996.EURPRD10.PROD.OUTLOOK.COM with HTTPS via DB6PR07CA0023.EURPRD07.PROD.OUTLOOK.COM; Mon, 18 Nov 2019 16:51:15 +0000 Received: from MW2NAM12FT068.eop-nam12.prod.protection.outlook.com (10.13.180.52) by MW2NAM12HT207.eop-nam12.prod.protection.outlook.com (10.13.181.223) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.23; Mon, 18 Nov 2019 16:51:14 +0000 Authentication-Results: spf=fail (sender IP is 79.101.7.133) smtp.mailfrom=e.zulily.com; hotmail.com; dkim=none (message not signed) header.d=none;hotmail.com; dmarc=fail action=oreject header.from=ocadomail.com The DMARC policy of ocadomail.com has p=reject as policy, but Microsoft’s EOP seems to have overruled this policy (see action=oreject) and delivered the email to the recipient anyway. I know ISPs can enforce a stricter policy (e.g. reject although policy is p=quarantine) but I don’t often see ISPs applying a more lenient response than stated in the DMARC policy. I can think of one reason for doing so (user added the sender to his / her safe-sender list) and wanted to ask if you know of some other reasons? Thank you, Jon - - - - - Jon Burke Deliverability Consultant email [email protected]<mailto:[email protected]> mobile +44 7990 069 027 SELLIGENT MARKETING CLOUD CONSUMER-FIRST MARKETING www.selligent.com<http://www.selligent.com/> [cid:[email protected]] _______________________________________________ mailop mailing list [email protected]<mailto:[email protected]> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Vladimir Dubrovin @ mail.ru
_______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
