Microsoft does do domain verification on Office 365, usually via TXT (MS=999999999)
It's also possible it can be due to a forwarder on one of the recipient's mailboxes. *Faisal Misle* Customer Success Engineer | Red Sift On Mon, Sep 14, 2020 at 12:49 PM Phil Pennock via mailop <mailop@mailop.org> wrote: > Folks, > > One of the sources of mail for a domain I need to care about (nats.io) > per DMARC reports is office.com; eg: > > cwlgbr01ft010.eop-gbr01.prod.protection.office.com. > > 5.188.213.206 5.188.213.198 > > Do Microsoft do domain verification before allowing a sender domain to > be used? > > I'm trying to figure out if this is: > > 1. Crud being correctly filtered out? > 2. Someone internally using > a) an MS Office cloud product which is sending notifications/invites, > b) or hosted email using SMTP/POP3 to the regular mail service > and that person doesn't realize that my requests for "hey y'all, is > this you" really does mean them and they need to speak up? > 3. Something else? > > I'm probably going to up the DMARC p= level to quarantine and would like > to not inconvenience (more than absolutely necessary) legitimate users. > This domain is seeing enough spoofing to have caused deliverability > issues in the past. > > Thanks, > -Phil > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > -- Red Sift is the power behind OnDMARC and OnINBOX. You can find us at 21A Noel Street, 4th Floor, London, W1F 8GR. Red Sift is a limited company registered in England and Wales. Registered number: 09240956. Registered office: Kemp House, 152 City Road, London, EC1V 2NX.
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop