Mail from Teams forwarded to Gmail marked as spam due to DMARC failure

Question

Score:6

Server

Mail from Teams forwarded to Gmail marked as spam due to DMARC failure

Johannes Egger

1/29/23, 5:29 AM

When I write a chat message in Microsoft Teams the receiver gets an e-mail notification on her Office 365 account ([email protected]) when she is offline in Teams. The receiver set it up so that all her mails are forwarded to her personal Gmail account ([email protected]). For normal mails sent to [email protected] this works as expected. But all Teams notifications are marked as spam. Google says that DMARC fails (see below).

We have a custom DNS server with the following TXT records:

Google shows the following details for the received mail:

And the following message source:

Delivered-To: [email protected]
Received: by 2002:a05:6102:22c6:0:0:0:0 with SMTP id a6csp126141vsh;
        Tue, 28 Sep 2021 20:57:32 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzoIoMngWwglBmEptt30Zo9LbSYdi+h60ylB7JYY70zFSXHQNhbDjrM0JhFd+XgdPAeZKJj
X-Received: by 2002:a92:ca4e:: with SMTP id q14mr3941013ilo.233.1632887852170;
        Tue, 28 Sep 2021 20:57:32 -0700 (PDT)
ARC-Seal: i=4; a=rsa-sha256; t=1632887852; cv=pass;
        d=google.com; s=arc-20160816;
        b=uZnSPh2our1xDKqBgznYVmLU4MHkWy+9WfIBcYxGbuAOiHypyYi2pU3yByqTWDxC3m
         XD8lQzitQmtWzWPozdJmWv6DFJW5eSVogISaSrA6i8qY2wBhk8ZlukHsKjWLlRTsWD/Q
         TJa+99FG/eIio0EDYtVW+2d+WlVN9qMei8Ap/aaA1snA27wHv91lUsAGLNI2kUUvwsMA
         omJAMvTBBCgGtEa6V8s4Z7nWhkGGpwwRnxaCefPwqBCZ8QMVy8zYmk/JGTVcSSTSQdQk
         bqWRkoJlrscnt3JLAA4WUpYdNcpORAi8WuuoXs+w6uxzNxfg2EpcvNWIOwBFvOm/WVVq
         FoUg==
ARC-Message-Signature: i=4; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=message-id:subject:date:to:from:mime-version
         :authentication-results-original:dkim-signature:resent-from
         :dkim-signature;
        bh=E55te+wP9yN3LiE6nhkfEQO75W71gJHR8kTe2/Df0Tw=;
        b=tD4Bp23ESAoj05NCp/jRzInE1sMlGqNZXOsi+nnUWfyER5TWbdIsKLsKelvGxJ7Hr9
         nFt6HHQPcLHU8rzXLLZPYxDpx4AawW5jYgM3JDKxYxyPYN5NNgBqiI2GL7Vfj5QyLDS8
         /+ABSoHsePowqp/x3y9RnTtmcv6XQAr8vZ0EoUMhr3udPI0Hi4z0orBjT9aHnfT9BDHK
         v0AX75QnZ8zZ16Y3yNCnYLj9xc9lJaZMwzZsE4zmddCI7d2GGvdXJXueJf/R29Ev+uPy
         Pcb2C4OnukH2eA4vPQ7HVvoyZiAlEyO79Ijb7mUkv697n+k+2N33g5GD5dz7bpPPKOP5
         VXvw==
ARC-Authentication-Results: i=4; mx.google.com;
       dkim=pass [email protected] header.s=selector2-htlvbat-onmicrosoft-com header.b=oGc7014X;
       dkim=fail [email protected] header.s=selector1 header.b=ljvyhPFv;
       arc=pass (i=3 spf=pass spfdomain=email.teams.microsoft.com dkim=pass dkdomain=email.teams.microsoft.com dmarc=pass fromdomain=email.teams.microsoft.com);
       spf=pass (google.com: domain of [email protected] designates 40.107.22.86 as permitted sender) [email protected];
       dmarc=fail (p=REJECT sp=REJECT dis=QUARANTINE) header.from=microsoft.com
Return-Path: <[email protected]>
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2086.outbound.protection.outlook.com. [40.107.22.86])
        by mx.google.com with ESMTPS id d71si1114034jac.48.2021.09.28.20.57.31
        for <[email protected]>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 28 Sep 2021 20:57:31 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 40.107.22.86 as permitted sender) client-ip=40.107.22.86;
Authentication-Results: mx.google.com;
       dkim=pass [email protected] header.s=selector2-htlvbat-onmicrosoft-com header.b=oGc7014X;
       dkim=fail [email protected] header.s=selector1 header.b=ljvyhPFv;
       arc=pass (i=3 spf=pass spfdomain=email.teams.microsoft.com dkim=pass dkdomain=email.teams.microsoft.com dmarc=pass fromdomain=email.teams.microsoft.com);
       spf=pass (google.com: domain of [email protected] designates 40.107.22.86 as permitted sender) [email protected];
       dmarc=fail (p=REJECT sp=REJECT dis=QUARANTINE) header.from=microsoft.com
ARC-Seal: i=3; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=b+84dTGQqJMxRJKr8rYlWitQtwVGW2kp+a6GE5F5iSIj0PYQPep5WRaZHRSogvC5ls4vqdRJy3jlh9c+Zrz/K79huChB6ukIfw7HARZlgA5CKId+HvDzIRuemRfA/mxIwTjagVz1jw4AmeR1TPAdcG53snUGO/mDuuA7Ys8RZGmXCmAJfABGfyHQb/intViZUCYqt/mQqjcOM5/OaAeJUfOwzq3ekqvBa31Tl5R4JBuSWrtOrlpwoiIUe4lFZLGKpltpal/78cnJ/0uZ7YduremGJQBsSLxgUEYgsyE6NzSNH0CBpPrhGtFVoFMf9ntav6WMvo9Y6qFX1ywNlB7eXg==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=E55te+wP9yN3LiE6nhkfEQO75W71gJHR8kTe2/Df0Tw=; b=SYnqBFHFzvqDK90FmxKlOYC0bYq2uYl6B+mdZl24zrxgHOoEnLca8n1ITM/+M6eq0yXOzpWJXSqHCUmA/FRm//MoIMs4ob/ItGcL3tF/2LSdAwAX87QQZRaolNUos6r/UTACzkgwq5J+bC20//qkCX9GT2Y+eT3fidJtd9keokM99Veh8eNz40fhF7pgoQJkY1HlPLSbuEddB6ubPEw4EvU96J8oFZrxIC8L74Yr1ffhya1e538snyRWhOLytaeJhcQbjX6mUMrAvYncQwURCcF2/8qxqOgumP+LFGg+ipa9SdXmrRlR4IYS9fqVwqW6MpRtlo64N+jLBk5yXqFn0g==
ARC-Authentication-Results: i=3; mx.microsoft.com 1; spf=pass (sender ip is 40.107.244.74) smtp.rcpttodomain=htlvb.at smtp.mailfrom=email.teams.microsoft.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=email.teams.microsoft.com; dkim=pass (signature was verified) header.d=email.teams.microsoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=email.teams.microsoft.com] dmarc=[1,1,header.from=email.teams.microsoft.com])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=htlvbat.onmicrosoft.com; s=selector2-htlvbat-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=E55te+wP9yN3LiE6nhkfEQO75W71gJHR8kTe2/Df0Tw=; b=oGc7014X1+Xj25a1pciXq6R30XWnUOXIK7WKXpZYFhnL4qKYecdNRR6yOmNxGGyELGM+XJeDVbNkDK8ovcUq5xImeR0MhRB0eaoBeJ8ym+YkNQp+uH+V1NSh6kJr1gJPPg+d5NTYKNWTjKivjEJhsa26KW1FLDU5zaCjWPTHJ5E=
Resent-From: <[email protected]>
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=dvpLCi52bG/QTgI6BkP3kkpbW1QbZrV2Q0/PAuSCC/7mGLhLSrDte8Pm8+sdw+UU1Vl7aM+UoIhpIh+9jBC/G7Sy8VPBPqINbCTm7oLwBbmsNuW69HtCTW2wO/B6W/AUpEZFsnnnLWBJNV2LIF1i8oD5fonJzMW9zSPNFuKPlLtEoDuNG9TLs5wd+bd8fX0nmdz97c2Gx6l8DN6/8ixg/cMP4U47bB/mrtTe1sJXzpqCVmbLjk/ntvDyy8PMJfcY/ppg301HuYLglAniO85mxyKgwR1af0EEHbkJ5dV/CBpxFzDcGqaYXmVUUarILtWzl6gjN4yw57T9wo+X3tultA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=E55te+wP9yN3LiE6nhkfEQO75W71gJHR8kTe2/Df0Tw=; b=GaDbstOQWFP9Prnc3xX3BRtSNw7Z/gKFUdSmcJDF22BtGftNV+PfSUWPf+BuC8Hcxe9DlC0aI+V2RxBb2WCaf8WDg+QrJq+1KtbwLLKhmbK8iGc+QZ+0WPHieEskSVy5X0u4UIkCFvM4DCHKKlfZNU9yCFXplHC5HxCPtS9sGPCCjbeExQ0V0fL6EYjI6OjKcIif9V8Kf17HJhpEBtj4LWATbCH8b+V/1Uo9K/9jGJmVcdfpFYgaCeLiskG4ts70VRtztj+4Z8Lg/pKKKhg2rWbzfz6Qa9V+0XRLRns+Q59N3VxQ1DP400nHy0FmU/Cg6SbuH2oMyfRaLOe2DZob1w==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 40.107.244.74) smtp.rcpttodomain=htlvb.at smtp.mailfrom=email.teams.microsoft.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=email.teams.microsoft.com; dkim=pass (signature was verified) header.d=email.teams.microsoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=email.teams.microsoft.com] dmarc=[1,1,header.from=email.teams.microsoft.com])
Received: from SV0P279CA0027.NORP279.PROD.OUTLOOK.COM (2603:10a6:f10:12::14) by HE1PR0101MB2284.eurprd01.prod.exchangelabs.com (2603:10a6:3:24::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.18; Wed, 29 Sep 2021 03:57:25 +0000
Received: from HE1EUR01FT063.eop-EUR01.prod.protection.outlook.com (2603:10a6:f10:12:cafe::15) by SV0P279CA0027.outlook.office365.com (2603:10a6:f10:12::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4566.14 via Frontend Transport; Wed, 29 Sep 2021 03:57:25 +0000
Authentication-Results: spf=pass (sender IP is 40.107.244.74) smtp.mailfrom=email.teams.microsoft.com; htlvb.at; dkim=pass (signature was verified) header.d=email.teams.microsoft.com;htlvb.at; dmarc=pass action=none header.from=email.teams.microsoft.com;
Received-SPF: Pass (protection.outlook.com: domain of email.teams.microsoft.com designates 40.107.244.74 as permitted sender) receiver=protection.outlook.com; client-ip=40.107.244.74; helo=NAM12-MW2-obe.outbound.protection.outlook.com;
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (40.107.244.74) by HE1EUR01FT063.mail.protection.outlook.com (10.152.1.51) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.13 via Frontend Transport; Wed, 29 Sep 2021 03:57:24 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RscPHkD9NUWEZDU6mMlRUlnrkr10VueiAbO5UCtKQESHJGV8/MXj7WUe3MTz4TTZ85CG0fPo7A6xegE85fEiCo7OeW1MExWfcaiOI3D/TVx3kxN4eCQ8jZDHpvM8Wj/6TBMqv0QT8l1v/Pj0DyEuNUktExRfWdCLnBMommkZSAVc11Pr0RuLt+NOpNnv7GHiZKyYW04RxiwaWLaDQlg8VCMtSrjDqVr9sT9MiihEhRrrlwkuU08OWHRRUSFQvL7robHFWJfmWsWBcuBrK2/SQPmCcsgvd8qyX8JDYrh/OSBf2AfXYNjGP4FKFffWDg14LOaJ/JtxwOSu8kw+xZtz8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=E55te+wP9yN3LiE6nhkfEQO75W71gJHR8kTe2/Df0Tw=; b=GAACYoHRtSgpZSnvtRg/AqWzgagFvrGsAdZYP2lTwLjksAtr2HU6+xsL8/6ot/8TPYxHFMnIm6ZECCy97dcRi3WMzP61ZK8sgrnpgmSrdYs5nHXn5Ss1+wAE+Y3r31IKjQl+JXjdMXBbq3q/L+TCZg5b5XAdPG4zN2ZqIwkx+RCtJ254eI1J0amt+mnU5/kubHr1SpnGFOOH9UNCCGCvlkUEqXBHjHPwTUXXf7hA8v8c7bBifaoBwEqsxbzj8hlRkXm5588xLoYDiFCYVSP3CDX2nKw4EgrQzQZhs4RNMBUioHbNthecNr54f6BTKG0ZdyyLJA73uUZGABErIqwcAw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 52.169.9.119) smtp.rcpttodomain=htlvb.at smtp.mailfrom=email.teams.microsoft.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=email.teams.microsoft.com; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.teams.microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=E55te+wP9yN3LiE6nhkfEQO75W71gJHR8kTe2/Df0Tw=; b=ljvyhPFvTOVOMZ8FnU0+gaKZ584PM1fgE/iFYRhdSuxqweo1cjiyQB7WKIxAByvytt49b4SeCGLs234qzjqNtNtoE2O/2KdDhcQYcWJJ1fNT7zhdKMo1dtMyxXshOPtz6IyibKjQl/qXDgMO1pWp70J7M/UK57ZhK4HxiNPBa0s=
Received: from BN0PR04CA0116.namprd04.prod.outlook.com (2603:10b6:408:ec::31) by BN6PR2001MB1028.namprd20.prod.outlook.com (2603:10b6:404:a5::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.18; Wed, 29 Sep 2021 03:57:21 +0000
Received: from BN8NAM12FT067.eop-nam12.prod.protection.outlook.com (2603:10b6:408:ec:cafe::f2) by BN0PR04CA0116.outlook.office365.com (2603:10b6:408:ec::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4566.14 via Frontend Transport; Wed, 29 Sep 2021 03:57:21 +0000
Authentication-Results-Original: spf=pass (sender IP is 52.169.9.119) smtp.mailfrom=email.teams.microsoft.com; htlvb.at; dkim=none (message not signed) header.d=none;htlvb.at; dmarc=pass action=none header.from=email.teams.microsoft.com;
Received-SPF: Pass (protection.outlook.com: domain of email.teams.microsoft.com designates 52.169.9.119 as permitted sender) receiver=protection.outlook.com; client-ip=52.169.9.119; helo=RD2818788C64D3;
Received: from RD2818788C64D3 (52.169.9.119) by BN8NAM12FT067.mail.protection.outlook.com (10.13.182.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4566.7 via Frontend Transport; Wed, 29 Sep 2021 03:57:20 +0000
MIME-Version: 1.0
From: Teamsuser in Teams <[email protected]>
To: [email protected]
Date: 29 Sep 2021 03:57:20 +0000
Subject: Teamsuser sent a message
Content-Type: multipart/related; type="text/html"; boundary=--boundary_1532582_b1ce148d-f829-4e2c-bdd5-7c28f0654e00
Message-ID: <[email protected]>
Return-Path: [email protected]
X-EOPAttributedMessage: 1
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: f530b62b-f065-4402-534b-08d982fd3f5e
X-MS-TrafficTypeDiagnostic: BN6PR2001MB1028:|HE1PR0101MB2284:
X-Microsoft-Antispam-PRVS: <HE1PR0101MB2284639849CCE83E988AE61CB0A99@HE1PR0101MB2284.eurprd01.prod.exchangelabs.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:741;OLM:741;
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: h/7Tw6AbOKIHHYkQBtHZfNkSxgOMVt8CrtiVq6s0bx6F986IyxuAroO9U85klZ3YmnfQcT7bswk+uvuHaV3LOtsN3UwNShznERu4oz2rz1vhK/fHBH/uNxKcImO9YxjMX2WBrpFj1vJdJ2h4mQr2XWiShPwEfs8tD19T2h3pyQIYXzK58IIHlV6f3Q+xn55NTSXjpX/TEnJkptcN6KrsuF+9WksjKhl8p7WhiItZjLbz/K9M7HtogJoTwoybcdRCbG3mfNNBPY+ABUYrVm01bbkRgTduVdOHEEv/PUmLajB2cwW45EGT5ykmWv7rpOf8E8R1BXuegUEYhvW8WTdV9LdAG86Y4vWv6pjfXpABlmtEH15XxJRVx9xqa0/WpJZs0b1uQxmhCO/oRcdMX/pcgKsYNI8hiwvRHvca5Y4KA3oSSVTm4s7SG9yHtC8i5Wfjn5CX4GpcHL4m8dwX6tgnwAG4qQfloM17gcUP1MRo2p0UN9OtPJXwcFi4jUSBMYmpXBw8HQIalj234k+VNJFD0ilPrfromhWlklekO9e+OCJkwV34VaVMGBpLPTSOSbb4365D7Giqvi63HpSFks4iHWhz42fyUU5F7oTzvudzTOj9WuwqeD1G2FtEzEvaI2Nb0grtESjzBHJvezkL24D0LrcKJ7GbF3vHZSsgFZcckyf+oX9CMXfRWsqWoXoyx5SMPnzKfE3vmpg157bX92nVBeGOMfmj6wIlk2oXllEGKPThmjtklmJxLCSIUU9bI2LO
X-Forefront-Antispam-Report-Untrusted: CIP:52.169.9.119;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:RD2818788C64D3;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(316002)(7066003)(2906002)(9686003)(36906005)(83380400001)(956004)(508600001)(15650500001)(336012)(6916009)(36736006)(31696002)(5660300002)(166002)(8936002)(6496006)(186003)(81166007)(33964004)(31686004)(10290500003)(52230400001)(19627405001)(121820200001)(26005)(6486002)(68406010)(66576008)(8676002)(86362001)(356005)(18121605002);DIR:OUT;SFP:1101;
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR2001MB1028
X-EOPTenantAttributedMessage: 81de7086-f6b3-4e4b-9faf-18d4a406e66d:0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: HE1EUR01FT063.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted: HE1EUR01FT063.eop-EUR01.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: a3122bf3-1f58-4a70-b044-08d982fd3cc8
X-LD-Processed: 81de7086-f6b3-4e4b-9faf-18d4a406e66d,ExtFwd
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: T4eFMp/jMeVmho5YpcyGuy83bu7Ez80FJyv75fXrnABkWlotQUCpo7T3mi64vRaltFHz1NXjFn0yV2z85TezXO0YQR+KeIx1/nEVnZE37LpAiKKGbvONwl3QhTt90HNZSnT8sHY+zfbdUUXlAtQi5JBOOZ3YQcpj/h/7F0h1f4naRFFFlKEQXNyffZZChzVEEAy2wdyCKtN/FtppRbLEFedf187DpRYG3uBzxKdWNiFEMM8Jx/E4/kUmqIkRuM4z7FnO1bxXoKThZIKvQ5jhgzL5yILBnjpzKE5gtqBnTu3DTmDusLOADcc4sLTCHb31xSiRepzjCnYBknqwKMtD5S1Y33Mg+1FDfEFpezPYylQ6mUSzOfBXkZ5r0/M8AsSP7haegpy3CSciwoAebhoBPhuSYTi0QFJJjlTTnMsUiR5KFCYnsWqgLWbmCtzW9sF27t26g1kQMIYQGkZGpSRbHI9kxatE5uXRi476ykGIp0lz62wltpV2Ay+cDvY6DdVa4LvCS4u0QdL1BJiJxASynNqlDPPFF17uF7fDeTjqYc4l+aGcS7lsNRAPQwmQOvKFJ1ET3RfHEAD1uOQ2P+pTLRtyCOXwJmfD7aI4QmZqrNd8PnIaSR99clB01elvc62Nr7xPlxHMnetGCeqjdG12yRIkV0bcRVH3AlqWqa+5TgHFiYD3lOzg4J3Ty+oeE4UB7AlNAA75h5IgNpIj0Sy+j/L9AvPU4Dg9Mp/AV/4DqoauBloHFozC6RMNIgawLv3dM+/EYLqTFSNAhF58rUEkZXveRi4NBuQC0qpEUS38m7c=
X-Forefront-Antispam-Report: CIP:40.107.244.74;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:NAM12-MW2-obe.outbound.protection.outlook.com;PTR:mail-mw2nam12on2074.outbound.protection.outlook.com;CAT:NONE;SFS:(7066003)(8676002)(33964004)(336012)(19627405001)(15650500001)(6496006)(9686003)(7636003)(34206002)(83380400001)(70586007)(5660300002)(956004)(26005)(36736006)(31696002)(121820200001)(36906005)(6486002)(10290500003)(31686004)(786003)(68406010)(316002)(2906002)(166002)(66576008)(86362001)(52230400001)(508600001)(18121605002);DIR:OUT;SFP:1101;
X-ExternalRecipientOutboundConnectors: 81de7086-f6b3-4e4b-9faf-18d4a406e66d
X-MS-Exchange-ForwardingLoop: [email protected];81de7086-f6b3-4e4b-9faf-18d4a406e66d
X-OriginatorOrg: htlvb.at
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Sep 2021 03:57:24.6461 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f530b62b-f065-4402-534b-08d982fd3f5e
X-MS-Exchange-CrossTenant-Id: 81de7086-f6b3-4e4b-9faf-18d4a406e66d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=e36bbca1-9fe2-47ad-87fe-6012ed72a406;Ip=[52.169.9.119];Helo=[RD2818788C64D3]
X-MS-Exchange-CrossTenant-AuthSource: HE1EUR01FT063.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0101MB2284

----boundary_1532582_b1ce148d-f829-4e2c-bdd5-7c28f0654e00
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64

... body truncated ...

The receiver not only forwards the mail, but she also keeps the original message in her Office 365 mailbox. Here are the headers of the same mail:

Received: from HE1PR0101MB2284.eurprd01.prod.exchangelabs.com
 (2603:10a6:3:24::24) by AM9PR01MB8298.eurprd01.prod.exchangelabs.com with
 HTTPS; Wed, 29 Sep 2021 03:57:30 +0000
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
 b=dvpLCi52bG/QTgI6BkP3kkpbW1QbZrV2Q0/PAuSCC/7mGLhLSrDte8Pm8+sdw+UU1Vl7aM+UoIhpIh+9jBC/G7Sy8VPBPqINbCTm7oLwBbmsNuW69HtCTW2wO/B6W/AUpEZFsnnnLWBJNV2LIF1i8oD5fonJzMW9zSPNFuKPlLtEoDuNG9TLs5wd+bd8fX0nmdz97c2Gx6l8DN6/8ixg/cMP4U47bB/mrtTe1sJXzpqCVmbLjk/ntvDyy8PMJfcY/ppg301HuYLglAniO85mxyKgwR1af0EEHbkJ5dV/CBpxFzDcGqaYXmVUUarILtWzl6gjN4yw57T9wo+X3tultA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=E55te+wP9yN3LiE6nhkfEQO75W71gJHR8kTe2/Df0Tw=;
 b=GaDbstOQWFP9Prnc3xX3BRtSNw7Z/gKFUdSmcJDF22BtGftNV+PfSUWPf+BuC8Hcxe9DlC0aI+V2RxBb2WCaf8WDg+QrJq+1KtbwLLKhmbK8iGc+QZ+0WPHieEskSVy5X0u4UIkCFvM4DCHKKlfZNU9yCFXplHC5HxCPtS9sGPCCjbeExQ0V0fL6EYjI6OjKcIif9V8Kf17HJhpEBtj4LWATbCH8b+V/1Uo9K/9jGJmVcdfpFYgaCeLiskG4ts70VRtztj+4Z8Lg/pKKKhg2rWbzfz6Qa9V+0XRLRns+Q59N3VxQ1DP400nHy0FmU/Cg6SbuH2oMyfRaLOe2DZob1w==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
 40.107.244.74) smtp.rcpttodomain=htlvb.at
 smtp.mailfrom=email.teams.microsoft.com; dmarc=pass (p=reject sp=reject
 pct=100) action=none header.from=email.teams.microsoft.com; dkim=pass
 (signature was verified) header.d=email.teams.microsoft.com; arc=pass (0
 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=email.teams.microsoft.com]
 dmarc=[1,1,header.from=email.teams.microsoft.com])
Received: from SV0P279CA0027.NORP279.PROD.OUTLOOK.COM (2603:10a6:f10:12::14)
 by HE1PR0101MB2284.eurprd01.prod.exchangelabs.com (2603:10a6:3:24::24) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.18; Wed, 29 Sep
 2021 03:57:25 +0000
Received: from HE1EUR01FT063.eop-EUR01.prod.protection.outlook.com
 (2603:10a6:f10:12:cafe::15) by SV0P279CA0027.outlook.office365.com
 (2603:10a6:f10:12::14) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4566.14 via Frontend
 Transport; Wed, 29 Sep 2021 03:57:25 +0000
Authentication-Results: spf=pass (sender IP is 40.107.244.74)
 smtp.mailfrom=email.teams.microsoft.com; htlvb.at; dkim=pass (signature was
 verified) header.d=email.teams.microsoft.com;htlvb.at; dmarc=pass action=none
 header.from=email.teams.microsoft.com;compauth=pass reason=100
Received-SPF: Pass (protection.outlook.com: domain of
 email.teams.microsoft.com designates 40.107.244.74 as permitted sender)
 receiver=protection.outlook.com; client-ip=40.107.244.74;
 helo=NAM12-MW2-obe.outbound.protection.outlook.com;
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (40.107.244.74)
 by HE1EUR01FT063.mail.protection.outlook.com (10.152.1.51) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4544.13 via Frontend Transport; Wed, 29 Sep 2021 03:57:24 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=RscPHkD9NUWEZDU6mMlRUlnrkr10VueiAbO5UCtKQESHJGV8/MXj7WUe3MTz4TTZ85CG0fPo7A6xegE85fEiCo7OeW1MExWfcaiOI3D/TVx3kxN4eCQ8jZDHpvM8Wj/6TBMqv0QT8l1v/Pj0DyEuNUktExRfWdCLnBMommkZSAVc11Pr0RuLt+NOpNnv7GHiZKyYW04RxiwaWLaDQlg8VCMtSrjDqVr9sT9MiihEhRrrlwkuU08OWHRRUSFQvL7robHFWJfmWsWBcuBrK2/SQPmCcsgvd8qyX8JDYrh/OSBf2AfXYNjGP4FKFffWDg14LOaJ/JtxwOSu8kw+xZtz8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=E55te+wP9yN3LiE6nhkfEQO75W71gJHR8kTe2/Df0Tw=;
 b=GAACYoHRtSgpZSnvtRg/AqWzgagFvrGsAdZYP2lTwLjksAtr2HU6+xsL8/6ot/8TPYxHFMnIm6ZECCy97dcRi3WMzP61ZK8sgrnpgmSrdYs5nHXn5Ss1+wAE+Y3r31IKjQl+JXjdMXBbq3q/L+TCZg5b5XAdPG4zN2ZqIwkx+RCtJ254eI1J0amt+mnU5/kubHr1SpnGFOOH9UNCCGCvlkUEqXBHjHPwTUXXf7hA8v8c7bBifaoBwEqsxbzj8hlRkXm5588xLoYDiFCYVSP3CDX2nKw4EgrQzQZhs4RNMBUioHbNthecNr54f6BTKG0ZdyyLJA73uUZGABErIqwcAw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 52.169.9.119) smtp.rcpttodomain=htlvb.at
 smtp.mailfrom=email.teams.microsoft.com; dmarc=pass (p=reject sp=reject
 pct=100) action=none header.from=email.teams.microsoft.com; dkim=none
 (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=email.teams.microsoft.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=E55te+wP9yN3LiE6nhkfEQO75W71gJHR8kTe2/Df0Tw=;
 b=ljvyhPFvTOVOMZ8FnU0+gaKZ584PM1fgE/iFYRhdSuxqweo1cjiyQB7WKIxAByvytt49b4SeCGLs234qzjqNtNtoE2O/2KdDhcQYcWJJ1fNT7zhdKMo1dtMyxXshOPtz6IyibKjQl/qXDgMO1pWp70J7M/UK57ZhK4HxiNPBa0s=
Received: from BN0PR04CA0116.namprd04.prod.outlook.com (2603:10b6:408:ec::31)
 by BN6PR2001MB1028.namprd20.prod.outlook.com (2603:10b6:404:a5::23) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.18; Wed, 29 Sep
 2021 03:57:21 +0000
Received: from BN8NAM12FT067.eop-nam12.prod.protection.outlook.com
 (2603:10b6:408:ec:cafe::f2) by BN0PR04CA0116.outlook.office365.com
 (2603:10b6:408:ec::31) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4566.14 via Frontend
 Transport; Wed, 29 Sep 2021 03:57:21 +0000
Authentication-Results-Original: spf=pass (sender IP is 52.169.9.119)
 smtp.mailfrom=email.teams.microsoft.com; htlvb.at; dkim=none (message not
 signed) header.d=none;htlvb.at; dmarc=pass action=none
 header.from=email.teams.microsoft.com;
Received-SPF: Pass (protection.outlook.com: domain of
 email.teams.microsoft.com designates 52.169.9.119 as permitted sender)
 receiver=protection.outlook.com; client-ip=52.169.9.119; helo=RD2818788C64D3;
Received: from RD2818788C64D3 (52.169.9.119) by
 BN8NAM12FT067.mail.protection.outlook.com (10.13.182.153) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4566.7 via Frontend Transport; Wed, 29 Sep 2021 03:57:20 +0000
MIME-Version: 1.0
From: "=?utf-8?B?el90ZXN0c2NodWVsZXIgel90ZXN0c2NodWVsZXIgaW4gVGVhbXM=?="
 <[email protected]>
To: [email protected]
Date: 29 Sep 2021 03:57:20 +0000
Subject: =?utf-8?B?el90ZXN0c2NodWVsZXIgc2VudCBhIG1lc3NhZ2U=?=
Content-Type: multipart/related; type="text/html";
 boundary=--boundary_1532582_b1ce148d-f829-4e2c-bdd5-7c28f0654e00
Message-ID:
 <[email protected]>
Return-Path: [email protected]
X-EOPAttributedMessage: 1
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: f530b62b-f065-4402-534b-08d982fd3f5e
X-MS-TrafficTypeDiagnostic: BN6PR2001MB1028:|HE1PR0101MB2284:
X-Microsoft-Antispam-PRVS:
 <BN6PR2001MB10281AD7543FDFF6DA55E203B0A99@BN6PR2001MB1028.namprd20.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:741;OLM:741;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original:
 h/7Tw6AbOKIHHYkQBtHZfNkSxgOMVt8CrtiVq6s0bx6F986IyxuAroO9U85klZ3YmnfQcT7bswk+uvuHaV3LOtsN3UwNShznERu4oz2rz1vhK/fHBH/uNxKcImO9YxjMX2WBrpFj1vJdJ2h4mQr2XWiShPwEfs8tD19T2h3pyQIYXzK58IIHlV6f3Q+xn55NTSXjpX/TEnJkptcN6KrsuF+9WksjKhl8p7WhiItZjLbz/K9M7HtogJoTwoybcdRCbG3mfNNBPY+ABUYrVm01bbkRgTduVdOHEEv/PUmLajB2cwW45EGT5ykmWv7rpOf8E8R1BXuegUEYhvW8WTdV9LdAG86Y4vWv6pjfXpABlmtEH15XxJRVx9xqa0/WpJZs0b1uQxmhCO/oRcdMX/pcgKsYNI8hiwvRHvca5Y4KA3oSSVTm4s7SG9yHtC8i5Wfjn5CX4GpcHL4m8dwX6tgnwAG4qQfloM17gcUP1MRo2p0UN9OtPJXwcFi4jUSBMYmpXBw8HQIalj234k+VNJFD0ilPrfromhWlklekO9e+OCJkwV34VaVMGBpLPTSOSbb4365D7Giqvi63HpSFks4iHWhz42fyUU5F7oTzvudzTOj9WuwqeD1G2FtEzEvaI2Nb0grtESjzBHJvezkL24D0LrcKJ7GbF3vHZSsgFZcckyf+oX9CMXfRWsqWoXoyx5SMPnzKfE3vmpg157bX92nVBeGOMfmj6wIlk2oXllEGKPThmjtklmJxLCSIUU9bI2LO
X-Forefront-Antispam-Report-Untrusted:
 CIP:52.169.9.119;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:RD2818788C64D3;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(316002)(7066003)(2906002)(9686003)(36906005)(83380400001)(956004)(508600001)(15650500001)(336012)(6916009)(36736006)(31696002)(5660300002)(166002)(8936002)(6496006)(186003)(81166007)(33964004)(31686004)(10290500003)(52230400001)(19627405001)(121820200001)(26005)(6486002)(68406010)(66576008)(8676002)(86362001)(356005)(18121605002);DIR:OUT;SFP:1101;
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR2001MB1028
X-MS-Exchange-Organization-ExpirationStartTime: 29 Sep 2021 03:57:25.1118
 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
 f530b62b-f065-4402-534b-08d982fd3f5e
X-EOPTenantAttributedMessage: 81de7086-f6b3-4e4b-9faf-18d4a406e66d:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-Exchange-Transport-CrossTenantHeadersStripped:
 HE1EUR01FT063.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted:
 HE1EUR01FT063.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthSource:
 HE1EUR01FT063.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Office365-Filtering-Correlation-Id-Prvs:
 a3122bf3-1f58-4a70-b044-08d982fd3cc8
X-LD-Processed: 81de7086-f6b3-4e4b-9faf-18d4a406e66d,ExtFwd
X-MS-Exchange-Transport-Forked: True
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Antispam: BCL:1;
X-Forefront-Antispam-Report:
 CIP:40.107.244.74;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:NAM12-MW2-obe.outbound.protection.outlook.com;PTR:mail-mw2nam12on2074.outbound.protection.outlook.com;CAT:NONE;SFS:(286005)(7066003)(8676002)(33964004)(336012)(19627405001)(15650500001)(6496006)(9686003)(7636003)(8636004)(83380400001)(956004)(26005)(6916009)(36736006)(31696002)(36906005)(6486002)(10290500003)(31686004)(166002)(58800400005)(86362001)(52230400001)(1096003)(18121605002);DIR:INB;
X-MS-Exchange-ForwardingLoop:
 ForwardingHandled;81de7086-f6b3-4e4b-9faf-18d4a406e66d
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Sep 2021 03:57:24.6461
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f530b62b-f065-4402-534b-08d982fd3f5e
X-MS-Exchange-CrossTenant-Id: 81de7086-f6b3-4e4b-9faf-18d4a406e66d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=e36bbca1-9fe2-47ad-87fe-6012ed72a406;Ip=[52.169.9.119];Helo=[RD2818788C64D3]
X-MS-Exchange-CrossTenant-AuthSource:
 HE1EUR01FT063.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0101MB2284
X-MS-Exchange-Transport-EndToEndLatency: 00:00:05.6837007
X-MS-Exchange-Processed-By-BccFoldering: 15.20.4566.014
X-Microsoft-Antispam-Mailbox-Delivery:
    ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506458)(944626604)(750132)(520011016);
X-Microsoft-Antispam-Message-Info: ... omitted because of a serverfault limit ...

Why does the message fail the DMARC check? Is this a problem I can fix (e.g. with another entry in our DNS server) or is this Microsoft's fault? I don't think it's Google's fault because I also tried forwarding to an iCloud account which rejects the message entirely.

1679

0 + 0

gmail

spf

dkim

dmarc

microsoft-teams

Mail from Teams forwarded to Gmail marked as spam due to DMARC failure

Post an answer