[RektBoy]

People, don't forget to properly set all these checks for DNS failover.

I saw companies got scammed, because they used default settings in Exchange Online.

And attacker just made the DNS "unavailable" for brief moment and all phishing emails passed. Because MS server responded with DNS "temp error" and pass all emails as not a spam. (detailed: received-spf: TempError (protection.outlook.com: error in processing during lookup of <phished domain>: DNS Timeout) and DKIM is checked on domain of sender's SMTP server, in this case attacker's server used for phishing )

Then I had the great experience with MS IT/security support, people there can't even understand how emails works, very funny and sad experience. I hope outsourcing works for them.