Before someone suggests that I post this on the Office 365 forum, I just want to say I already did and the moderators there didn't get what I was trying to tell them and this is WAY over their heads.  With the technical minds on this forum, maybe something can get done about this.

It was brought to my attention that emails coming from Office 365 tenants to our on site Exchange 2013 system were being tagged as Possible SPAM and some were being sent directly to the "Junk Email" folder in Outlook.  I did a quick investigation and found that the Office 365 email servers were failing the reverse DNS lookups. 

We had to implement reverse DNS checks do to the increase in "Zero Day" spoofed/malicious emails we were receiving.  What was happening is a fake server would send a couple thousand emails to our system with either a new variant of an exploit or new fake phishing URL.  Our Spam Filters would start catching them after about 10-20 got through.  Well all you need is 1 "Zero Day" exploit to get through to take down your system before AV and Malware detection updates to catch it.

Now, back to the problem at hand.  The Office 365 email servers are sending emails to us using a configured host name that doesn't match the published public DNS records.

Example 1:

The Office365 email server "na01-bl2-obe.outbound.protection.outlook.com" sends email to our email servers on IP Address 207.46.163.212.

If I do a public DNS lookup on IP Address 207.46.163.212, it's registered to the host "mail-bl2lp0212.outbound.protection.outlook.com".  "na01-bl2-obe" is not the same as "mail-bl2lp0212".  If I do a DNS lookup for "na01-bl2-obe.outbound.protection.outlook.com", it resolves to 65.55.169.29.  This is a serious DNS misconfiguration.

Example 2:

The Office365 email server "na01-bn1-obe.outbound.protection.outlook.com" sends email to our email servers on IP Address 207.46.163.186.

If I do a public DNS lookup on IP Address 207.46.163.186, it's registered to the host "mail-bn1blp0186.outbound.protection.outlook.com" which again doesn't match the name of the server sending us the email.  If I do a public DNS lookup for "na01-bn1-obe.outbound.protection.outlook.com", it resolves to 207.46.163.155.

The response I got back on the Office 365 forum was to whitelist the Office 365 IP's.  That's over 300 IP's and IP Subnets and would also effectively whitelist all of Hotmail and Outlook.com.  At that point, why have email protection.

My hope is that this will be brought to the attention of someone who could get this massive issue fixed.  Otherwise, what's stopping someone from setting up a fake SMTP server claiming to be "mailserver01.outbound.protection.outlook.com" and start blasting emails out.  As long as the emails don't trigger any spam flags, they will get through. 

I also want to note that this DNS issue is probably causing emails from Office 365 Tenants to get placed in quarantine or even blocked when they shouldn't be.

• Edited by Corey Riley Friday, August 21, 2015 1:49 PM

Hi,

For your description, I understand that the message from Office 365 tagged as Possible SPAM to On-premise Exchange 2013.
If I misunderstand your concern, please do not hesitate to let me know.

Is this issue arise when send message from Office 365 to other Exchange server?

If you have change MX record from On-premise Exchange to Office 365, we might be configured relevant connector between Exchange server and Office 365. Also ensure your firewall accepts connections from all Office 365 IP addresses. More details about it, please refer to: https://technet.microsoft.com/en-us/library/dn751020(v=exchg.150).aspx#Prereqemailserver

If this issue persists, please collect protocol log and message header without sensitive message for further analysis.