I've recently set up a DMARC record for my domain and now I'm receiving email abuse reports from hotmail.com that state:
This is an email abuse report for an email message received from IP 104.47.126.207 on Sun, 14 Feb 2016 07:20:43 -0800.
The message below did not meet the sending domain's authentication policy.
104.47.126.207 resolves to mail-pu1apc01hn0248.outbound.protection.outlook.com
My SPF record is
v=spf1 ip4:{my MX IP} -all
So what does it mean? Does Hotmail try to relay an E-mail in some way? Should I worry about it?
It also states that both SPF and DKIM checks have failed
Authentication-Results: hotmail.com; spf=fail (sender IP is 104.47.126.207; identity alignment result is pass and alignment mode is relaxed) smtp.mailfrom=bounce@domain.com; dkim=fail (identity alignment result is pass and alignment mode is relaxed) header.d=domain.com; x-hmca=fail header.id=site@domain.com
UPDATE
An e-mail attached to the abuse report is an automated notification to the customer that MUST be sent from my server.
UPDATE
These are the Received headers from the attached e-mail
Received: from APC01-PU1-obe.outbound.protection.outlook.com ([104.47.126.228]) by COL004-MC5F8.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143);
Sun, 14 Feb 2016 06:00:47 -0800Received: from HK2PR03CA0006.apcprd03.prod.outlook.com (10.165.52.16) by
HKXPR03MB0568.apcprd03.prod.outlook.com (10.161.50.18) with Microsoft SMTP
Server (TLS) id 15.1.403.16; Sun, 14 Feb 2016 14:00:43 +0000Received: from PU1APC01FT034.eop-APC01.prod.protection.outlook.com
(2a01:111:f400:7ebd::208) by HK2PR03CA0006.outlook.office365.com
(2a01:111:e400:78f7::16) with Microsoft SMTP Server (TLS) id 15.1.409.15 via
Frontend Transport; Sun, 14 Feb 2016 14:00:43 +0000Received: from BLU004-MC1F25.hotmail.com (10.152.252.54) by
PU1APC01FT034.mail.protection.outlook.com (10.152.252.218) with Microsoft
SMTP Server (TLS) id 15.1.415.6 via Frontend Transport; Sun, 14 Feb 2016
14:00:41 +0000Received: from domain.com ([{my MX IP}]) by BLU004-MC1F25.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143);
Sun, 14 Feb 2016 06:00:38 -0800
Best Answer
Not much you can do, Microsoft does not use SPF and DMARC to reject, only mark the Spam Confidence Level accordingly and lets the customer decide.
You could message @tzink7 on twitter, he should know, but this is an old post and I doubt they fixed it yet. https://blogs.msdn.microsoft.com/tzink/2015/01/09/an-update-on-dkim-on-ipv4-and-dmarc-in-office-365/
Essentially, O365 breaks email authentication (DMARC, DKIM, SPF, SPF, SPF, SPF)