[radlad]

I saw one of these emails too. It was sent by an onmicrosoft.com server, linked to a phishing site, but passed SPF/DKIM/DMARC for Paypal.

Microsoft obviously isn't "forging" it. It's valid: https://labs.guard.io/echospoofing-a-massive-phishing-campai...