Mail from Teams forwarded to Gmail marked as spam due to DMARC failure

Question

When I write a chat message in Microsoft Teams the receiver gets an e-mail notification on her Office 365 account (receiver@htlvb.at) when she is offline in Teams. The receiver set it up so that all her mails are forwarded to her personal Gmail account (receiver@gmail.com). For normal mails sent to receiver@htlvb.at this works as expected. But all Teams notifications are marked as spam. Google says that DMARC fails (see below).

We have a custom DNS server with the following TXT records:

Google shows the following details for the received mail:

And the following message source:

Delivered-To: receiver@gmail.com
Received: by 2002:a05:6102:22c6:0:0:0:0 with SMTP id a6csp126141vsh;
        Tue, 28 Sep 2021 20:57:32 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzoIoMngWwglBmEptt30Zo9LbSYdi+h60ylB7JYY70zFSXHQNhbDjrM0JhFd+XgdPAeZKJj
X-Received: by 2002:a92:ca4e:: with SMTP id q14mr3941013ilo.233.1632887852170;
        Tue, 28 Sep 2021 20:57:32 -0700 (PDT)
ARC-Seal: i=4; a=rsa-sha256; t=1632887852; cv=pass;
        d=google.com; s=arc-20160816;
        b=uZnSPh2our1xDKqBgznYVmLU4MHkWy+9WfIBcYxGbuAOiHypyYi2pU3yByqTWDxC3m
         XD8lQzitQmtWzWPozdJmWv6DFJW5eSVogISaSrA6i8qY2wBhk8ZlukHsKjWLlRTsWD/Q
         TJa+99FG/eIio0EDYtVW+2d+WlVN9qMei8Ap/aaA1snA27wHv91lUsAGLNI2kUUvwsMA
         omJAMvTBBCgGtEa6V8s4Z7nWhkGGpwwRnxaCefPwqBCZ8QMVy8zYmk/JGTVcSSTSQdQk
         bqWRkoJlrscnt3JLAA4WUpYdNcpORAi8WuuoXs+w6uxzNxfg2EpcvNWIOwBFvOm/WVVq
         FoUg==
ARC-Message-Signature: i=4; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=message-id:subject:date:to:from:mime-version
         :authentication-results-original:dkim-signature:resent-from
         :dkim-signature;
        bh=E55te+wP9yN3LiE6nhkfEQO75W71gJHR8kTe2/Df0Tw=;
        b=tD4Bp23ESAoj05NCp/jRzInE1sMlGqNZXOsi+nnUWfyER5TWbdIsKLsKelvGxJ7Hr9
         nFt6HHQPcLHU8rzXLLZPYxDpx4AawW5jYgM3JDKxYxyPYN5NNgBqiI2GL7Vfj5QyLDS8
         /+ABSoHsePowqp/x3y9RnTtmcv6XQAr8vZ0EoUMhr3udPI0Hi4z0orBjT9aHnfT9BDHK
         v0AX75QnZ8zZ16Y3yNCnYLj9xc9lJaZMwzZsE4zmddCI7d2GGvdXJXueJf/R29Ev+uPy
         Pcb2C4OnukH2eA4vPQ7HVvoyZiAlEyO79Ijb7mUkv697n+k+2N33g5GD5dz7bpPPKOP5
         VXvw==
ARC-Authentication-Results: i=4; mx.google.com;
       dkim=pass header.i=@htlvbat.onmicrosoft.com header.s=selector2-htlvbat-onmicrosoft-com header.b=oGc7014X;
       dkim=fail header.i=@email.teams.microsoft.com header.s=selector1 header.b=ljvyhPFv;
       arc=pass (i=3 spf=pass spfdomain=email.teams.microsoft.com dkim=pass dkdomain=email.teams.microsoft.com dmarc=pass fromdomain=email.teams.microsoft.com);
       spf=pass (google.com: domain of receiver@htlvb.at designates 40.107.22.86 as permitted sender) smtp.mailfrom=receiver@htlvb.at;
       dmarc=fail (p=REJECT sp=REJECT dis=QUARANTINE) header.from=microsoft.com
Return-Path: <receiver@htlvb.at>
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2086.outbound.protection.outlook.com. [40.107.22.86])
        by mx.google.com with ESMTPS id d71si1114034jac.48.2021.09.28.20.57.31
        for <receiver@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 28 Sep 2021 20:57:31 -0700 (PDT)
Received-SPF: pass (google.com: domain of receiver@htlvb.at designates 40.107.22.86 as permitted sender) client-ip=40.107.22.86;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@htlvbat.onmicrosoft.com header.s=selector2-htlvbat-onmicrosoft-com header.b=oGc7014X;
       dkim=fail header.i=@email.teams.microsoft.com header.s=selector1 header.b=ljvyhPFv;
       arc=pass (i=3 spf=pass spfdomain=email.teams.microsoft.com dkim=pass dkdomain=email.teams.microsoft.com dmarc=pass fromdomain=email.teams.microsoft.com);
       spf=pass (google.com: domain of receiver@htlvb.at designates 40.107.22.86 as permitted sender) smtp.mailfrom=receiver@htlvb.at;
       dmarc=fail (p=REJECT sp=REJECT dis=QUARANTINE) header.from=microsoft.com
ARC-Seal: i=3; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=b+84dTGQqJMxRJKr8rYlWitQtwVGW2kp+a6GE5F5iSIj0PYQPep5WRaZHRSogvC5ls4vqdRJy3jlh9c+Zrz/K79huChB6ukIfw7HARZlgA5CKId+HvDzIRuemRfA/mxIwTjagVz1jw4AmeR1TPAdcG53snUGO/mDuuA7Ys8RZGmXCmAJfABGfyHQb/intViZUCYqt/mQqjcOM5/OaAeJUfOwzq3ekqvBa31Tl5R4JBuSWrtOrlpwoiIUe4lFZLGKpltpal/78cnJ/0uZ7YduremGJQBsSLxgUEYgsyE6NzSNH0CBpPrhGtFVoFMf9ntav6WMvo9Y6qFX1ywNlB7eXg==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=E55te+wP9yN3LiE6nhkfEQO75W71gJHR8kTe2/Df0Tw=; b=SYnqBFHFzvqDK90FmxKlOYC0bYq2uYl6B+mdZl24zrxgHOoEnLca8n1ITM/+M6eq0yXOzpWJXSqHCUmA/FRm//MoIMs4ob/ItGcL3tF/2LSdAwAX87QQZRaolNUos6r/UTACzkgwq5J+bC20//qkCX9GT2Y+eT3fidJtd9keokM99Veh8eNz40fhF7pgoQJkY1HlPLSbuEddB6ubPEw4EvU96J8oFZrxIC8L74Yr1ffhya1e538snyRWhOLytaeJhcQbjX6mUMrAvYncQwURCcF2/8qxqOgumP+LFGg+ipa9SdXmrRlR4IYS9fqVwqW6MpRtlo64N+jLBk5yXqFn0g==
ARC-Authentication-Results: i=3; mx.microsoft.com 1; spf=pass (sender ip is 40.107.244.74) smtp.rcpttodomain=htlvb.at smtp.mailfrom=email.teams.microsoft.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=email.teams.microsoft.com; dkim=pass (signature was verified) header.d=email.teams.microsoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=email.teams.microsoft.com] dmarc=[1,1,header.from=email.teams.microsoft.com])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=htlvbat.onmicrosoft.com; s=selector2-htlvbat-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=E55te+wP9yN3LiE6nhkfEQO75W71gJHR8kTe2/Df0Tw=; b=oGc7014X1+Xj25a1pciXq6R30XWnUOXIK7WKXpZYFhnL4qKYecdNRR6yOmNxGGyELGM+XJeDVbNkDK8ovcUq5xImeR0MhRB0eaoBeJ8ym+YkNQp+uH+V1NSh6kJr1gJPPg+d5NTYKNWTjKivjEJhsa26KW1FLDU5zaCjWPTHJ5E=
Resent-From: <receiver@htlvb.at>
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=dvpLCi52bG/QTgI6BkP3kkpbW1QbZrV2Q0/PAuSCC/7mGLhLSrDte8Pm8+sdw+UU1Vl7aM+UoIhpIh+9jBC/G7Sy8VPBPqINbCTm7oLwBbmsNuW69HtCTW2wO/B6W/AUpEZFsnnnLWBJNV2LIF1i8oD5fonJzMW9zSPNFuKPlLtEoDuNG9TLs5wd+bd8fX0nmdz97c2Gx6l8DN6/8ixg/cMP4U47bB/mrtTe1sJXzpqCVmbLjk/ntvDyy8PMJfcY/ppg301HuYLglAniO85mxyKgwR1af0EEHbkJ5dV/CBpxFzDcGqaYXmVUUarILtWzl6gjN4yw57T9wo+X3tultA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=E55te+wP9yN3LiE6nhkfEQO75W71gJHR8kTe2/Df0Tw=; b=GaDbstOQWFP9Prnc3xX3BRtSNw7Z/gKFUdSmcJDF22BtGftNV+PfSUWPf+BuC8Hcxe9DlC0aI+V2RxBb2WCaf8WDg+QrJq+1KtbwLLKhmbK8iGc+QZ+0WPHieEskSVy5X0u4UIkCFvM4DCHKKlfZNU9yCFXplHC5HxCPtS9sGPCCjbeExQ0V0fL6EYjI6OjKcIif9V8Kf17HJhpEBtj4LWATbCH8b+V/1Uo9K/9jGJmVcdfpFYgaCeLiskG4ts70VRtztj+4Z8Lg/pKKKhg2rWbzfz6Qa9V+0XRLRns+Q59N3VxQ1DP400nHy0FmU/Cg6SbuH2oMyfRaLOe2DZob1w==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 40.107.244.74) smtp.rcpttodomain=htlvb.at smtp.mailfrom=email.teams.microsoft.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=email.teams.microsoft.com; dkim=pass (signature was verified) header.d=email.teams.microsoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=email.teams.microsoft.com] dmarc=[1,1,header.from=email.teams.microsoft.com])
Received: from SV0P279CA0027.NORP279.PROD.OUTLOOK.COM (2603:10a6:f10:12::14) by HE1PR0101MB2284.eurprd01.prod.exchangelabs.com (2603:10a6:3:24::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.18; Wed, 29 Sep 2021 03:57:25 +0000
Received: from HE1EUR01FT063.eop-EUR01.prod.protection.outlook.com (2603:10a6:f10:12:cafe::15) by SV0P279CA0027.outlook.office365.com (2603:10a6:f10:12::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4566.14 via Frontend Transport; Wed, 29 Sep 2021 03:57:25 +0000
Authentication-Results: spf=pass (sender IP is 40.107.244.74) smtp.mailfrom=email.teams.microsoft.com; htlvb.at; dkim=pass (signature was verified) header.d=email.teams.microsoft.com;htlvb.at; dmarc=pass action=none header.from=email.teams.microsoft.com;
Received-SPF: Pass (protection.outlook.com: domain of email.teams.microsoft.com designates 40.107.244.74 as permitted sender) receiver=protection.outlook.com; client-ip=40.107.244.74; helo=NAM12-MW2-obe.outbound.protection.outlook.com;
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (40.107.244.74) by HE1EUR01FT063.mail.protection.outlook.com (10.152.1.51) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.13 via Frontend Transport; Wed, 29 Sep 2021 03:57:24 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RscPHkD9NUWEZDU6mMlRUlnrkr10VueiAbO5UCtKQESHJGV8/MXj7WUe3MTz4TTZ85CG0fPo7A6xegE85fEiCo7OeW1MExWfcaiOI3D/TVx3kxN4eCQ8jZDHpvM8Wj/6TBMqv0QT8l1v/Pj0DyEuNUktExRfWdCLnBMommkZSAVc11Pr0RuLt+NOpNnv7GHiZKyYW04RxiwaWLaDQlg8VCMtSrjDqVr9sT9MiihEhRrrlwkuU08OWHRRUSFQvL7robHFWJfmWsWBcuBrK2/SQPmCcsgvd8qyX8JDYrh/OSBf2AfXYNjGP4FKFffWDg14LOaJ/JtxwOSu8kw+xZtz8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=E55te+wP9yN3LiE6nhkfEQO75W71gJHR8kTe2/Df0Tw=; b=GAACYoHRtSgpZSnvtRg/AqWzgagFvrGsAdZYP2lTwLjksAtr2HU6+xsL8/6ot/8TPYxHFMnIm6ZECCy97dcRi3WMzP61ZK8sgrnpgmSrdYs5nHXn5Ss1+wAE+Y3r31IKjQl+JXjdMXBbq3q/L+TCZg5b5XAdPG4zN2ZqIwkx+RCtJ254eI1J0amt+mnU5/kubHr1SpnGFOOH9UNCCGCvlkUEqXBHjHPwTUXXf7hA8v8c7bBifaoBwEqsxbzj8hlRkXm5588xLoYDiFCYVSP3CDX2nKw4EgrQzQZhs4RNMBUioHbNthecNr54f6BTKG0ZdyyLJA73uUZGABErIqwcAw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 52.169.9.119) smtp.rcpttodomain=htlvb.at smtp.mailfrom=email.teams.microsoft.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=email.teams.microsoft.com; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.teams.microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=E55te+wP9yN3LiE6nhkfEQO75W71gJHR8kTe2/Df0Tw=; b=ljvyhPFvTOVOMZ8FnU0+gaKZ584PM1fgE/iFYRhdSuxqweo1cjiyQB7WKIxAByvytt49b4SeCGLs234qzjqNtNtoE2O/2KdDhcQYcWJJ1fNT7zhdKMo1dtMyxXshOPtz6IyibKjQl/qXDgMO1pWp70J7M/UK57ZhK4HxiNPBa0s=
Received: from BN0PR04CA0116.namprd04.prod.outlook.com (2603:10b6:408:ec::31) by BN6PR2001MB1028.namprd20.prod.outlook.com (2603:10b6:404:a5::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.18; Wed, 29 Sep 2021 03:57:21 +0000
Received: from BN8NAM12FT067.eop-nam12.prod.protection.outlook.com (2603:10b6:408:ec:cafe::f2) by BN0PR04CA0116.outlook.office365.com (2603:10b6:408:ec::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4566.14 via Frontend Transport; Wed, 29 Sep 2021 03:57:21 +0000
Authentication-Results-Original: spf=pass (sender IP is 52.169.9.119) smtp.mailfrom=email.teams.microsoft.com; htlvb.at; dkim=none (message not signed) header.d=none;htlvb.at; dmarc=pass action=none header.from=email.teams.microsoft.com;
Received-SPF: Pass (protection.outlook.com: domain of email.teams.microsoft.com designates 52.169.9.119 as permitted sender) receiver=protection.outlook.com; client-ip=52.169.9.119; helo=RD2818788C64D3;
Received: from RD2818788C64D3 (52.169.9.119) by BN8NAM12FT067.mail.protection.outlook.com (10.13.182.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4566.7 via Frontend Transport; Wed, 29 Sep 2021 03:57:20 +0000
MIME-Version: 1.0
From: Teamsuser in Teams <noreply@email.teams.microsoft.com>
To: receiver@htlvb.at
Date: 29 Sep 2021 03:57:20 +0000
Subject: Teamsuser sent a message
Content-Type: multipart/related; type="text/html"; boundary=--boundary_1532582_b1ce148d-f829-4e2c-bdd5-7c28f0654e00
Message-ID: <c939c21d-...@BN8NAM12FT067.eop-nam12.prod.protection.outlook.com>
Return-Path: noreply@email.teams.microsoft.com
X-EOPAttributedMessage: 1
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: f530b62b-f065-4402-534b-08d982fd3f5e
X-MS-TrafficTypeDiagnostic: BN6PR2001MB1028:|HE1PR0101MB2284:
X-Microsoft-Antispam-PRVS: <HE1PR0101MB2284639849CCE83E988AE61CB0A99@HE1PR0101MB2284.eurprd01.prod.exchangelabs.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:741;OLM:741;
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: h/7Tw6AbOKIHHYkQBtHZfNkSxgOMVt8CrtiVq6s0bx6F986IyxuAroO9U85klZ3YmnfQcT7bswk+uvuHaV3LOtsN3UwNShznERu4oz2rz1vhK/fHBH/uNxKcImO9YxjMX2WBrpFj1vJdJ2h4mQr2XWiShPwEfs8tD19T2h3pyQIYXzK58IIHlV6f3Q+xn55NTSXjpX/TEnJkptcN6KrsuF+9WksjKhl8p7WhiItZjLbz/K9M7HtogJoTwoybcdRCbG3mfNNBPY+ABUYrVm01bbkRgTduVdOHEEv/PUmLajB2cwW45EGT5ykmWv7rpOf8E8R1BXuegUEYhvW8WTdV9LdAG86Y4vWv6pjfXpABlmtEH15XxJRVx9xqa0/WpJZs0b1uQxmhCO/oRcdMX/pcgKsYNI8hiwvRHvca5Y4KA3oSSVTm4s7SG9yHtC8i5Wfjn5CX4GpcHL4m8dwX6tgnwAG4qQfloM17gcUP1MRo2p0UN9OtPJXwcFi4jUSBMYmpXBw8HQIalj234k+VNJFD0ilPrfromhWlklekO9e+OCJkwV34VaVMGBpLPTSOSbb4365D7Giqvi63HpSFks4iHWhz42fyUU5F7oTzvudzTOj9WuwqeD1G2FtEzEvaI2Nb0grtESjzBHJvezkL24D0LrcKJ7GbF3vHZSsgFZcckyf+oX9CMXfRWsqWoXoyx5SMPnzKfE3vmpg157bX92nVBeGOMfmj6wIlk2oXllEGKPThmjtklmJxLCSIUU9bI2LO
X-Forefront-Antispam-Report-Untrusted: CIP:52.169.9.119;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:RD2818788C64D3;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(316002)(7066003)(2906002)(9686003)(36906005)(83380400001)(956004)(508600001)(15650500001)(336012)(6916009)(36736006)(31696002)(5660300002)(166002)(8936002)(6496006)(186003)(81166007)(33964004)(31686004)(10290500003)(52230400001)(19627405001)(121820200001)(26005)(6486002)(68406010)(66576008)(8676002)(86362001)(356005)(18121605002);DIR:OUT;SFP:1101;
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR2001MB1028
X-EOPTenantAttributedMessage: 81de7086-f6b3-4e4b-9faf-18d4a406e66d:0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: HE1EUR01FT063.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted: HE1EUR01FT063.eop-EUR01.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: a3122bf3-1f58-4a70-b044-08d982fd3cc8
X-LD-Processed: 81de7086-f6b3-4e4b-9faf-18d4a406e66d,ExtFwd
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: T4eFMp/jMeVmho5YpcyGuy83bu7Ez80FJyv75fXrnABkWlotQUCpo7T3mi64vRaltFHz1NXjFn0yV2z85TezXO0YQR+KeIx1/nEVnZE37LpAiKKGbvONwl3QhTt90HNZSnT8sHY+zfbdUUXlAtQi5JBOOZ3YQcpj/h/7F0h1f4naRFFFlKEQXNyffZZChzVEEAy2wdyCKtN/FtppRbLEFedf187DpRYG3uBzxKdWNiFEMM8Jx/E4/kUmqIkRuM4z7FnO1bxXoKThZIKvQ5jhgzL5yILBnjpzKE5gtqBnTu3DTmDusLOADcc4sLTCHb31xSiRepzjCnYBknqwKMtD5S1Y33Mg+1FDfEFpezPYylQ6mUSzOfBXkZ5r0/M8AsSP7haegpy3CSciwoAebhoBPhuSYTi0QFJJjlTTnMsUiR5KFCYnsWqgLWbmCtzW9sF27t26g1kQMIYQGkZGpSRbHI9kxatE5uXRi476ykGIp0lz62wltpV2Ay+cDvY6DdVa4LvCS4u0QdL1BJiJxASynNqlDPPFF17uF7fDeTjqYc4l+aGcS7lsNRAPQwmQOvKFJ1ET3RfHEAD1uOQ2P+pTLRtyCOXwJmfD7aI4QmZqrNd8PnIaSR99clB01elvc62Nr7xPlxHMnetGCeqjdG12yRIkV0bcRVH3AlqWqa+5TgHFiYD3lOzg4J3Ty+oeE4UB7AlNAA75h5IgNpIj0Sy+j/L9AvPU4Dg9Mp/AV/4DqoauBloHFozC6RMNIgawLv3dM+/EYLqTFSNAhF58rUEkZXveRi4NBuQC0qpEUS38m7c=
X-Forefront-Antispam-Report: CIP:40.107.244.74;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:NAM12-MW2-obe.outbound.protection.outlook.com;PTR:mail-mw2nam12on2074.outbound.protection.outlook.com;CAT:NONE;SFS:(7066003)(8676002)(33964004)(336012)(19627405001)(15650500001)(6496006)(9686003)(7636003)(34206002)(83380400001)(70586007)(5660300002)(956004)(26005)(36736006)(31696002)(121820200001)(36906005)(6486002)(10290500003)(31686004)(786003)(68406010)(316002)(2906002)(166002)(66576008)(86362001)(52230400001)(508600001)(18121605002);DIR:OUT;SFP:1101;
X-ExternalRecipientOutboundConnectors: 81de7086-f6b3-4e4b-9faf-18d4a406e66d
X-MS-Exchange-ForwardingLoop: receiver@htlvb.at;81de7086-f6b3-4e4b-9faf-18d4a406e66d
X-OriginatorOrg: htlvb.at
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Sep 2021 03:57:24.6461 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f530b62b-f065-4402-534b-08d982fd3f5e
X-MS-Exchange-CrossTenant-Id: 81de7086-f6b3-4e4b-9faf-18d4a406e66d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=e36bbca1-9fe2-47ad-87fe-6012ed72a406;Ip=[52.169.9.119];Helo=[RD2818788C64D3]
X-MS-Exchange-CrossTenant-AuthSource: HE1EUR01FT063.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0101MB2284

----boundary_1532582_b1ce148d-f829-4e2c-bdd5-7c28f0654e00
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64

... body truncated ...

The receiver not only forwards the mail, but she also keeps the original message in her Office 365 mailbox. Here are the headers of the same mail:

Received: from HE1PR0101MB2284.eurprd01.prod.exchangelabs.com
 (2603:10a6:3:24::24) by AM9PR01MB8298.eurprd01.prod.exchangelabs.com with
 HTTPS; Wed, 29 Sep 2021 03:57:30 +0000
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
 b=dvpLCi52bG/QTgI6BkP3kkpbW1QbZrV2Q0/PAuSCC/7mGLhLSrDte8Pm8+sdw+UU1Vl7aM+UoIhpIh+9jBC/G7Sy8VPBPqINbCTm7oLwBbmsNuW69HtCTW2wO/B6W/AUpEZFsnnnLWBJNV2LIF1i8oD5fonJzMW9zSPNFuKPlLtEoDuNG9TLs5wd+bd8fX0nmdz97c2Gx6l8DN6/8ixg/cMP4U47bB/mrtTe1sJXzpqCVmbLjk/ntvDyy8PMJfcY/ppg301HuYLglAniO85mxyKgwR1af0EEHbkJ5dV/CBpxFzDcGqaYXmVUUarILtWzl6gjN4yw57T9wo+X3tultA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=E55te+wP9yN3LiE6nhkfEQO75W71gJHR8kTe2/Df0Tw=;
 b=GaDbstOQWFP9Prnc3xX3BRtSNw7Z/gKFUdSmcJDF22BtGftNV+PfSUWPf+BuC8Hcxe9DlC0aI+V2RxBb2WCaf8WDg+QrJq+1KtbwLLKhmbK8iGc+QZ+0WPHieEskSVy5X0u4UIkCFvM4DCHKKlfZNU9yCFXplHC5HxCPtS9sGPCCjbeExQ0V0fL6EYjI6OjKcIif9V8Kf17HJhpEBtj4LWATbCH8b+V/1Uo9K/9jGJmVcdfpFYgaCeLiskG4ts70VRtztj+4Z8Lg/pKKKhg2rWbzfz6Qa9V+0XRLRns+Q59N3VxQ1DP400nHy0FmU/Cg6SbuH2oMyfRaLOe2DZob1w==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
 40.107.244.74) smtp.rcpttodomain=htlvb.at
 smtp.mailfrom=email.teams.microsoft.com; dmarc=pass (p=reject sp=reject
 pct=100) action=none header.from=email.teams.microsoft.com; dkim=pass
 (signature was verified) header.d=email.teams.microsoft.com; arc=pass (0
 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=email.teams.microsoft.com]
 dmarc=[1,1,header.from=email.teams.microsoft.com])
Received: from SV0P279CA0027.NORP279.PROD.OUTLOOK.COM (2603:10a6:f10:12::14)
 by HE1PR0101MB2284.eurprd01.prod.exchangelabs.com (2603:10a6:3:24::24) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.18; Wed, 29 Sep
 2021 03:57:25 +0000
Received: from HE1EUR01FT063.eop-EUR01.prod.protection.outlook.com
 (2603:10a6:f10:12:cafe::15) by SV0P279CA0027.outlook.office365.com
 (2603:10a6:f10:12::14) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4566.14 via Frontend
 Transport; Wed, 29 Sep 2021 03:57:25 +0000
Authentication-Results: spf=pass (sender IP is 40.107.244.74)
 smtp.mailfrom=email.teams.microsoft.com; htlvb.at; dkim=pass (signature was
 verified) header.d=email.teams.microsoft.com;htlvb.at; dmarc=pass action=none
 header.from=email.teams.microsoft.com;compauth=pass reason=100
Received-SPF: Pass (protection.outlook.com: domain of
 email.teams.microsoft.com designates 40.107.244.74 as permitted sender)
 receiver=protection.outlook.com; client-ip=40.107.244.74;
 helo=NAM12-MW2-obe.outbound.protection.outlook.com;
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (40.107.244.74)
 by HE1EUR01FT063.mail.protection.outlook.com (10.152.1.51) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4544.13 via Frontend Transport; Wed, 29 Sep 2021 03:57:24 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=RscPHkD9NUWEZDU6mMlRUlnrkr10VueiAbO5UCtKQESHJGV8/MXj7WUe3MTz4TTZ85CG0fPo7A6xegE85fEiCo7OeW1MExWfcaiOI3D/TVx3kxN4eCQ8jZDHpvM8Wj/6TBMqv0QT8l1v/Pj0DyEuNUktExRfWdCLnBMommkZSAVc11Pr0RuLt+NOpNnv7GHiZKyYW04RxiwaWLaDQlg8VCMtSrjDqVr9sT9MiihEhRrrlwkuU08OWHRRUSFQvL7robHFWJfmWsWBcuBrK2/SQPmCcsgvd8qyX8JDYrh/OSBf2AfXYNjGP4FKFffWDg14LOaJ/JtxwOSu8kw+xZtz8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=E55te+wP9yN3LiE6nhkfEQO75W71gJHR8kTe2/Df0Tw=;
 b=GAACYoHRtSgpZSnvtRg/AqWzgagFvrGsAdZYP2lTwLjksAtr2HU6+xsL8/6ot/8TPYxHFMnIm6ZECCy97dcRi3WMzP61ZK8sgrnpgmSrdYs5nHXn5Ss1+wAE+Y3r31IKjQl+JXjdMXBbq3q/L+TCZg5b5XAdPG4zN2ZqIwkx+RCtJ254eI1J0amt+mnU5/kubHr1SpnGFOOH9UNCCGCvlkUEqXBHjHPwTUXXf7hA8v8c7bBifaoBwEqsxbzj8hlRkXm5588xLoYDiFCYVSP3CDX2nKw4EgrQzQZhs4RNMBUioHbNthecNr54f6BTKG0ZdyyLJA73uUZGABErIqwcAw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 52.169.9.119) smtp.rcpttodomain=htlvb.at
 smtp.mailfrom=email.teams.microsoft.com; dmarc=pass (p=reject sp=reject
 pct=100) action=none header.from=email.teams.microsoft.com; dkim=none
 (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=email.teams.microsoft.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=E55te+wP9yN3LiE6nhkfEQO75W71gJHR8kTe2/Df0Tw=;
 b=ljvyhPFvTOVOMZ8FnU0+gaKZ584PM1fgE/iFYRhdSuxqweo1cjiyQB7WKIxAByvytt49b4SeCGLs234qzjqNtNtoE2O/2KdDhcQYcWJJ1fNT7zhdKMo1dtMyxXshOPtz6IyibKjQl/qXDgMO1pWp70J7M/UK57ZhK4HxiNPBa0s=
Received: from BN0PR04CA0116.namprd04.prod.outlook.com (2603:10b6:408:ec::31)
 by BN6PR2001MB1028.namprd20.prod.outlook.com (2603:10b6:404:a5::23) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.18; Wed, 29 Sep
 2021 03:57:21 +0000
Received: from BN8NAM12FT067.eop-nam12.prod.protection.outlook.com
 (2603:10b6:408:ec:cafe::f2) by BN0PR04CA0116.outlook.office365.com
 (2603:10b6:408:ec::31) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4566.14 via Frontend
 Transport; Wed, 29 Sep 2021 03:57:21 +0000
Authentication-Results-Original: spf=pass (sender IP is 52.169.9.119)
 smtp.mailfrom=email.teams.microsoft.com; htlvb.at; dkim=none (message not
 signed) header.d=none;htlvb.at; dmarc=pass action=none
 header.from=email.teams.microsoft.com;
Received-SPF: Pass (protection.outlook.com: domain of
 email.teams.microsoft.com designates 52.169.9.119 as permitted sender)
 receiver=protection.outlook.com; client-ip=52.169.9.119; helo=RD2818788C64D3;
Received: from RD2818788C64D3 (52.169.9.119) by
 BN8NAM12FT067.mail.protection.outlook.com (10.13.182.153) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4566.7 via Frontend Transport; Wed, 29 Sep 2021 03:57:20 +0000
MIME-Version: 1.0
From: "=?utf-8?B?el90ZXN0c2NodWVsZXIgel90ZXN0c2NodWVsZXIgaW4gVGVhbXM=?="
 <noreply@email.teams.microsoft.com>
To: receiver@htlvb.at
Date: 29 Sep 2021 03:57:20 +0000
Subject: =?utf-8?B?el90ZXN0c2NodWVsZXIgc2VudCBhIG1lc3NhZ2U=?=
Content-Type: multipart/related; type="text/html";
 boundary=--boundary_1532582_b1ce148d-f829-4e2c-bdd5-7c28f0654e00
Message-ID:
 <c939c21d-...@BN8NAM12FT067.eop-nam12.prod.protection.outlook.com>
Return-Path: noreply@email.teams.microsoft.com
X-EOPAttributedMessage: 1
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: f530b62b-f065-4402-534b-08d982fd3f5e
X-MS-TrafficTypeDiagnostic: BN6PR2001MB1028:|HE1PR0101MB2284:
X-Microsoft-Antispam-PRVS:
 <BN6PR2001MB10281AD7543FDFF6DA55E203B0A99@BN6PR2001MB1028.namprd20.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:741;OLM:741;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original:
 h/7Tw6AbOKIHHYkQBtHZfNkSxgOMVt8CrtiVq6s0bx6F986IyxuAroO9U85klZ3YmnfQcT7bswk+uvuHaV3LOtsN3UwNShznERu4oz2rz1vhK/fHBH/uNxKcImO9YxjMX2WBrpFj1vJdJ2h4mQr2XWiShPwEfs8tD19T2h3pyQIYXzK58IIHlV6f3Q+xn55NTSXjpX/TEnJkptcN6KrsuF+9WksjKhl8p7WhiItZjLbz/K9M7HtogJoTwoybcdRCbG3mfNNBPY+ABUYrVm01bbkRgTduVdOHEEv/PUmLajB2cwW45EGT5ykmWv7rpOf8E8R1BXuegUEYhvW8WTdV9LdAG86Y4vWv6pjfXpABlmtEH15XxJRVx9xqa0/WpJZs0b1uQxmhCO/oRcdMX/pcgKsYNI8hiwvRHvca5Y4KA3oSSVTm4s7SG9yHtC8i5Wfjn5CX4GpcHL4m8dwX6tgnwAG4qQfloM17gcUP1MRo2p0UN9OtPJXwcFi4jUSBMYmpXBw8HQIalj234k+VNJFD0ilPrfromhWlklekO9e+OCJkwV34VaVMGBpLPTSOSbb4365D7Giqvi63HpSFks4iHWhz42fyUU5F7oTzvudzTOj9WuwqeD1G2FtEzEvaI2Nb0grtESjzBHJvezkL24D0LrcKJ7GbF3vHZSsgFZcckyf+oX9CMXfRWsqWoXoyx5SMPnzKfE3vmpg157bX92nVBeGOMfmj6wIlk2oXllEGKPThmjtklmJxLCSIUU9bI2LO
X-Forefront-Antispam-Report-Untrusted:
 CIP:52.169.9.119;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:RD2818788C64D3;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(316002)(7066003)(2906002)(9686003)(36906005)(83380400001)(956004)(508600001)(15650500001)(336012)(6916009)(36736006)(31696002)(5660300002)(166002)(8936002)(6496006)(186003)(81166007)(33964004)(31686004)(10290500003)(52230400001)(19627405001)(121820200001)(26005)(6486002)(68406010)(66576008)(8676002)(86362001)(356005)(18121605002);DIR:OUT;SFP:1101;
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR2001MB1028
X-MS-Exchange-Organization-ExpirationStartTime: 29 Sep 2021 03:57:25.1118
 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
 f530b62b-f065-4402-534b-08d982fd3f5e
X-EOPTenantAttributedMessage: 81de7086-f6b3-4e4b-9faf-18d4a406e66d:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-Exchange-Transport-CrossTenantHeadersStripped:
 HE1EUR01FT063.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted:
 HE1EUR01FT063.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthSource:
 HE1EUR01FT063.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Office365-Filtering-Correlation-Id-Prvs:
 a3122bf3-1f58-4a70-b044-08d982fd3cc8
X-LD-Processed: 81de7086-f6b3-4e4b-9faf-18d4a406e66d,ExtFwd
X-MS-Exchange-Transport-Forked: True
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Antispam: BCL:1;
X-Forefront-Antispam-Report:
 CIP:40.107.244.74;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:NAM12-MW2-obe.outbound.protection.outlook.com;PTR:mail-mw2nam12on2074.outbound.protection.outlook.com;CAT:NONE;SFS:(286005)(7066003)(8676002)(33964004)(336012)(19627405001)(15650500001)(6496006)(9686003)(7636003)(8636004)(83380400001)(956004)(26005)(6916009)(36736006)(31696002)(36906005)(6486002)(10290500003)(31686004)(166002)(58800400005)(86362001)(52230400001)(1096003)(18121605002);DIR:INB;
X-MS-Exchange-ForwardingLoop:
 ForwardingHandled;81de7086-f6b3-4e4b-9faf-18d4a406e66d
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Sep 2021 03:57:24.6461
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f530b62b-f065-4402-534b-08d982fd3f5e
X-MS-Exchange-CrossTenant-Id: 81de7086-f6b3-4e4b-9faf-18d4a406e66d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=e36bbca1-9fe2-47ad-87fe-6012ed72a406;Ip=[52.169.9.119];Helo=[RD2818788C64D3]
X-MS-Exchange-CrossTenant-AuthSource:
 HE1EUR01FT063.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0101MB2284
X-MS-Exchange-Transport-EndToEndLatency: 00:00:05.6837007
X-MS-Exchange-Processed-By-BccFoldering: 15.20.4566.014
X-Microsoft-Antispam-Mailbox-Delivery:
    ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506458)(944626604)(750132)(520011016);
X-Microsoft-Antispam-Message-Info: ... omitted because of a serverfault limit ...

Why does the message fail the DMARC check? Is this a problem I can fix (e.g. with another entry in our DNS server) or is this Microsoft's fault? I don't think it's Google's fault because I also tried forwarding to an iCloud account which rejects the message entirely.

Answer 1

I would assume its Microsofts fault for breaking their signature. The headers clearly say that the signature was good before forwarding, and then broken on receipt by Google. Checking the signed headers, one sticks out:

From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck

Please check the value of the X-MS-Exchange-SenderADCheck on the mail as it was submitted (e.g. in a similar mail as received by a non-forwarding recipient).

If I am correct, and Microsoft changed that particular header on forwarding, this breaking its original DKIM signature before handing it over to Google, then consult o365/exchange documentation or ask Microsoft about the purpose of this field and the reason for changing it before forwarding signed mail.