Email abuse reports for outbound.protection.outlook.com

Question

I've recently set up a DMARC record for my domain and now I'm receiving email abuse reports from hotmail.com that state:

This is an email abuse report for an email message received from IP 104.47.126.207 on Sun, 14 Feb 2016 07:20:43 -0800. The message below did not meet the sending domain's authentication policy.

104.47.126.207 resolves to mail-pu1apc01hn0248.outbound.protection.outlook.com

My SPF record is

v=spf1 ip4:{my MX IP} -all

So what does it mean? Does Hotmail try to relay an E-mail in some way? Should I worry about it?

It also states that both SPF and DKIM checks have failed

Authentication-Results: hotmail.com; spf=fail (sender IP is 104.47.126.207; identity alignment result is pass and alignment mode is relaxed) smtp.mailfrom=bounce@domain.com; dkim=fail (identity alignment result is pass and alignment mode is relaxed) header.d=domain.com; x-hmca=fail header.id=site@domain.com

UPDATE

An e-mail attached to the abuse report is an automated notification to the customer that MUST be sent from my server.

UPDATE

These are the Received headers from the attached e-mail

Received: from APC01-PU1-obe.outbound.protection.outlook.com ([104.47.126.228]) by COL004-MC5F8.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143); Sun, 14 Feb 2016 06:00:47 -0800

Received: from HK2PR03CA0006.apcprd03.prod.outlook.com (10.165.52.16) by HKXPR03MB0568.apcprd03.prod.outlook.com (10.161.50.18) with Microsoft SMTP Server (TLS) id 15.1.403.16; Sun, 14 Feb 2016 14:00:43 +0000

Received: from PU1APC01FT034.eop-APC01.prod.protection.outlook.com (2a01:111:f400:7ebd::208) by HK2PR03CA0006.outlook.office365.com (2a01:111:e400:78f7::16) with Microsoft SMTP Server (TLS) id 15.1.409.15 via Frontend Transport; Sun, 14 Feb 2016 14:00:43 +0000

Received: from BLU004-MC1F25.hotmail.com (10.152.252.54) by PU1APC01FT034.mail.protection.outlook.com (10.152.252.218) with Microsoft SMTP Server (TLS) id 15.1.415.6 via Frontend Transport; Sun, 14 Feb 2016 14:00:41 +0000

Received: from domain.com ([{my MX IP}]) by BLU004-MC1F25.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143); Sun, 14 Feb 2016 06:00:38 -0800

@Michael Hampton, no, and an e-mail attached to the abuse report is an automated notification to the customer that MUST be sent from my server. I've updated the question with "Received" headers from the e-mail. It shows that the message did originate from my server. — CamaroSS, Feb 15 '16 at 07:45
It might be possible. I've changed the SPF policy to ~all instead of -all, maybe it would help in such case. — CamaroSS, Feb 15 '16 at 08:16
Not quite, the tilde rule will result in a softfail which may be a classifying factor. — CamaroSS, Feb 15 '16 at 08:29

Jacob Evans · Accepted Answer · 2016-05-05T13:44:57.797

Not much you can do, Microsoft does not use SPF and DMARC to reject, only mark the Spam Confidence Level accordingly and lets the customer decide.

You could message @tzink7 on twitter, he should know, but this is an old post and I doubt they fixed it yet. https://blogs.msdn.microsoft.com/tzink/2015/01/09/an-update-on-dkim-on-ipv4-and-dmarc-in-office-365/

Essentially, O365 breaks email authentication (DMARC, DKIM, SPF, SPF, SPF, SPF)

Email abuse reports for outbound.protection.outlook.com

1 Answers1