> On Mar 17, 2018, at 5:38 AM, postmas...@akxnet.de wrote: > > Hi! > > In my mail server logs, I notice for weeks attemps of 40.92.6x.xx IPs > (outbound.protection.outlook.com) to deliver mails for the > facebookmail.com domain despite that these Microsoft IPs are not listed > in the SPF record of facebookmail.com. > > A report of the problem to the Microsoft CERT a week ago remained > unanswered and without any other reaction. > > Some examples: > > 1 Mar 16 09:51:21 frodo postfix/policy-spf[7616]: Policy action=550 > Please see > http://www.openspf.net/Why?s=mfrom;id=update%2Bzj4o9%3Dzsy6t9%40facebookmail.com;ip=40.92.66.106;r=frodo.akxnet.de > 1 Mar 16 15:12:55 frodo postfix/policy-spf[14982]: Policy > action=550 Please see > http://www.openspf.net/Why?s=mfrom;id=notification%2Bzj4o9%3Dzsy6t9%40facebookmail.com;ip=40.92.69.92;r=frodo.akxnet.de > 1 Mar 16 09:42:08 frodo postfix/policy-spf[6563]: Policy > action=550 Please see > http://www.openspf.net/Why?s=mfrom;id=notification%2Bzj4o9%3Dzsy6t9%40facebookmail.com;ip=40.92.65.65;r=frodo.akxnet.de > > Does anyone else has that problem? And if yes, is there any other way to > get Microsoft aware of that and stop those attempts?
There's probably nothing to stop, it's probably all working as designed - just someone forwarding email. Whether DMARC comes in to play depends on the mail's 822.From and DKIM signatures. If there's no DMARC issue you should probably deliver the mail to the recipient. Cheers, Steve _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
