Shame on you, stupid spammers.. Sh4meful  DMARC Spoof Detection
๐Ÿฆ‹ Bluesky ๐Ÿ˜ Mastodon

IP Address: 104.47.74.49 โš  IP Confounder

This page shows DMARC authentication failure data for this IP address. Learn more about this data.

Geolocation Information
Country:
US United States
Region:
Virginia
City:
Boydton
Coordinates:
36.6694, -78.3877
WHOIS Information
Network Name:
MSFT
CIDR:
104.40.0.0/13
Owner:
Microsoft Corporation
Org ID:
MSFT
Address:
One Microsoft Way, Redmond, WA 98052
Reverse DNS:
mail-bn8nam04lp2049.outbound.protection.outlook.com
Last updated: 2/5/2026

Analysis

This IP is classified as a confounder: Microsoft 365 Exchange Online Protection (EOP). Failures observed from this source are expected artifacts of legitimate mail-handling behavior, typically email forwarding or mailing-list processing, and do not indicate spoofing attempts.

The host is operated by Microsoft Corporation and geolocates to Boydton, United States. Its presence in DMARC aggregate reports is an artifact of how forwarded mail interacts with SPF and DKIM authentication, not a sign of abuse originating from this address.

Administrators observing this IP in their DMARC aggregate reports should not block or treat it as hostile. Microsoft Exchange Online Protection (EOP) and Office 365 relay addresses appear in DMARC reports for mail routed through Microsoft's filtering infrastructure. Ensure your SPF record includes Microsoft's published mail server ranges.

Microsoft Network (365 vs Azure)

Differentiating between Office 365, including email protection services, and Azure (public cloud) when diagnosing incidents is challenging because they utilize shared Microsoft-owned IP ranges. Most of this is probably O365/Outlook or Defender protection breaking DKIM and SPF authentication. Disambiguation is a work-in-progress.

Last updated: 1/29/2026

IP Confounder: Microsoft 365 Exchange Online Protection (EOP)

Exchange Online Protection (EOP) is a cloud-based email filtering service included with all Microsoft 365 subscriptions to protect against spam, malware, and phishing attacks. It automatically secures mailboxes by filtering incoming and outgoing messages in real-time using anti-spam, anti-malware, and content filters. During periods of active campaign activity, these can largely be ignored (esp. when recipients are on Exchange). However, forged emails have been observed from Microsoft infrastructure that have this signature too.

Network Topology

Failures Detected from this IP
Showing 1-11 of 11 failures, affecting 16 messages
Date โ–ผ Messages
9/12/2025 1
8/6/2025 1
6/6/2025 1
12/27/2024 1
12/19/2024 2
12/5/2024 2
11/21/2024 1
11/6/2024 1
10/30/2024 1
10/23/2024 3
9/13/2024 2
External Reputation Lookups

Look up this IP in external threat intelligence and reputation databases (opens in new tab):

AbuseIPDB Cisco Talos Project Honey Pot GreyNoise VirusTotal Shodan Censys Spamhaus

Nearby IPs

Other IPs in the 104.47.74.0/24 range observed failing DMARC:

104.47.74.43 (28 failures), 104.47.74.40 (27 failures), 104.47.74.48 (23 failures), 104.47.74.47 (22 failures), 104.47.74.44 (21 failures), 104.47.74.41 (21 failures), 104.47.74.46 (20 failures), 104.47.74.45 (16 failures)