email forgery: DMARC policy application (reject) in an Office 365 tenant

The domain and the tenant have SPF and DKIM configured correctly and the DMARC policy set to p=reject. Still, fake emails with the domain in the From the header is not rejected, but appears in the Unwanted email folder in Office 365. People check your spam for false positives, and are still reading all the CEO scams, sex distortion letters, etc.

This seems like a feature instead of an error, as described in the Microsoft documentation:

How Office 365 handles incoming email that fails DMARC

If the DMARC policy of the sending server is p=reject, EOP marks the
message as spam instead of rejecting it. In other words, for incoming
email, Office 365 treats p=reject Y p=quarantine in the same way

Office 365 is set up this way because some legitimate emails can
fail DMARC. For example, a message may fail DMARC if it is sent to a
mailing list that then transmits the message to all participants in the list. Yes
Office 365 rejected these messages, people could lose legitimate emails
and I have no way of recovering it. Instead, these messages will follow
fail DMARC but they will be marked as spam and not rejected.

However, this reasoning has some flaws:

  • DKIM protects legitimate mail; Signed DKIM messages pass through the DMARC policy even if they do not line up with the SPF when they are forwarded to a mailing list. (Mailing lists should change the envelope sender to pass the SPF controls, anyway, so the SPF controls are likely to be passed, but not aligned).

  • Implementing p=reject instead of p=quarantine The domain owner has stated that emails must be rejected. Therefore, Microsoft's implementation is against RFC 7489, 6.3:

    p: Requested Mail Receiver policy ...
       reject:  The Domain Owner wishes for Mail Receivers to reject
          email that fails the DMARC mechanism check.  Rejection SHOULD
          occur during the SMTP transaction.

Is there any configuration in Office 365 to alter this behavior and reject these messages?

email – Send mail classified as important from python

From python I would like to send an email giving the classification of "important", for example in Outlook the mail arrives with the symbol! activated.

I currently use the smtplib library, however, I can't find any parameters that I can assign to the class so that I can classify the mail as Urgent or Important.

I would greatly appreciate your help.

identity management: someone is using my email to create online accounts; That I have to do?

I suspect it is an attempt to log into an existing account using a filtered email / password combo. I update my passwords regularly and don't reuse them, so I don't think the attack is successful, but it's still frustrating. At this time, I am changing the password of the created accounts and activating two-factor authentication to make sure I keep track of the accounts using my email. Then I communicate with the customer service of the different services to inform them what happened. Is this a good idea?

I am thinking of moving on to a new email; Is it worth the trouble? What else should or could I do?

Email Marketing | Forum Promotion

Has anyone considered email marketing? Keep in mind that it used to be a great thing in the 2000s. However, today I think it has been replaced by social media marketing. Social networks act similarly to an email list.

Anyway, I guess the main problem with email is that many people ignore commercial emails, even if they registered to receive them, but I could be wrong.

flow – Send emails from the SharePoint Online application from a specific email address

We have several applications created in SharePoint Online. Those applications are using Microsoft Flow (Power Automate) in some cases to alert people about events in the application. These email alerts are sent from SharePoint Online to our internal users of our organization. By default, the emails come from the email address "". These emails are often marked as spam by our perimeter email software.

Our requirement is to change the source address to be a specific email address for each application, e.g. "".

Is there a way to change the address where emails come from in SharePoint Online?

email – relay denied – why sendmail authenticates the sender instead of the recipient

I am trying to set up an email server that receives email from an mx server using the sendmail software on Fedora 30.
When the mx forwards the email to the email server, the logs show an error Rejected relay: proper authentication is required and they also indicate that sendmail is trying to authenticate the sender instead of the recipient. I have never seen him do this. Why would sendmail try to authenticate the sender? is it possible to use multiple brands in a single email in Mac Mail?

I am still using El Capitan, for several reasons.

So, in Mac Mail, I have the option of six banners of different colors. I want to be able to mark emails more than once, that is, with several colors.

Actual use case: I run an online literary magazine and I am marking emails such as Orange (to read), Green (accepted) and Red (rejected). BUT I would love to be able to add a gray label to accepted and rejected emails (for example, green and gray – accepted and published, red and gray – rejected and notified to the recipient). Anyway, there are multiple cases in which this would be useful.

It's possible?

Oddly enough, when I sent emails from one place to another, I have seen several banners! But they are not in the usual place (left side of the user's email, top email) but to the right of the user's email (bottom email, green and gray!) I have no idea how this happened and I haven't could reply but it's exactly what I want

Thank you!

multiple banners in an email

HTML email click address link

I have a little puzzle with which I hoped the community could help me. I am developing an HTML email at this time with physical address text (123 Main st. Citytown, Michigan 48484). I can certainly make it a clickable link to help improve the user experience, but that would force the user to go to a specific mapping service. I know that some mobile devices automatically detect addresses and link them to any default mapping software used by your system.

What would be the best course of action here? Should I force a href to a map service (Google Maps) in a physical address? Should I leave it like this and let people copy and paste the address in a mapping service? Thoughts?