Skip to main content
All CollectionsGeneralTroubleshooting
M365 overriding DMARC results
M365 overriding DMARC results

Why is Microsoft 365 overriding DMARC results?

Updated over 7 months ago

If an email is delivered to the inbox in M365 even though the email fails DMARC, the first thing to look for is the Antispam Report in the headers of the email. If the Spam Confidence Level is set to -1, this means that the email was delivered due to a rule defined in M365 as shown below.

X-Forefront-Antispam-Report:

CIP:10.23.45.67;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:SKA;H:o5.notifications.acme.com;PTR:o5.notifications.citrix.com;CAT:NONE;SFTY:;SFS:;DIR:INB;SFP:;

There are two main places to look for these rules.

To find the rules, log into M365 as an admin and go to mail flow and click on 'rules':

a screenshot of a computer

Examine each rule to see if the IP, From address or other information in the email is listed in a mail rule. By clicking on a rule, you can see the configuration as shown below:

a screenshot of a computer

Another place to look is the spam settings. Specifically, look at the allowed domains and allowed senders to ensure that the email was not allowed based on it's domain

a screenshot of a computer

Did this answer your question?