Hi, is it possible hotmail is now using outlook.com to route and process their email? Or perhaps this user is using outlook to send their hotmail mail? If so, I believe the FORGED_HOTMAIL_RCVD2 rule is not considering this possibility.
Received: from BN3NAM04FT034.eop-NAM04.prod.protection.outlook.com (10.152.92.51) by BN3NAM04HT147.eop-NAM04.prod.protection.outlook.com (10.152.93.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.961.10; Thu, 27 Apr 2017 23:59:03 +0000 Received: from CY4PR22MB0454.namprd22.prod.outlook.com (10.152.92.56) by BN3NAM04FT034.mail.protection.outlook.com (10.152.92.65) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1047.9 via Frontend Transport; Thu, 27 Apr 2017 23:59:03 +0000 Received: from CY4PR22MB0454.namprd22.prod.outlook.com ([10.173.195.136]) by CY4PR22MB0454.namprd22.prod.outlook.com ([10.173.195.136]) with mapi id 15.01.1047.021; Thu, 27 Apr 2017 23:59:03 +0000 From: Hafiz Damani <hafizdam...@hotmail.com> Full headers here: https://pastebin.com/aWrREsFt
