IP Address: 2001:489a:2202:c::60d โ IP Confounder
Dormant. IP address 2001:489a:2202:c::60d is registered to Microsoft Corporation and geolocates to Boydton, United States. It was observed in sh4meful's dataset on July 30, 2025. Over the observation window, it has failed DMARC alignment once, targeting one sender domain. Its reverse DNS resolves to mail-bn3usg02on060d.outbound.protection.office365.us. Network context: this address sits within MICROSOFT-IPV6-BLK (Microsoft Corporation).
Failure Activity Over Time
This page shows DMARC authentication failure data for this IP address. Learn more about this data.
Geolocation Information
- Country:
- US United States
- Region:
- Virginia
- City:
- Boydton
- Coordinates:
- 36.6694, -78.3877
WHOIS Information
- Network Name:
- MICROSOFT-IPV6-BLK
- CIDR:
2001:489A::/32, 2001:4898::/31- Owner:
- Microsoft Corporation
- Org ID:
MSFT- Address:
- One Microsoft Way, Redmond, WA 98052
- Reverse DNS:
-
mail-bn3usg02on060d.outbound.protection.office365.us
Last updated: 2/5/2026
Analysis
This IP is classified as a confounder: Microsoft 365 Exchange Online Protection (EOP). Failures observed from this source are expected artifacts of legitimate mail-handling behavior, typically email forwarding or mailing-list processing, and do not indicate spoofing attempts.
The host is operated by Microsoft Corporation and geolocates to Boydton, United States. Its presence in DMARC aggregate reports is an artifact of how forwarded mail interacts with SPF and DKIM authentication, not a sign of abuse originating from this address.
Administrators observing this IP in their DMARC aggregate reports should not block or treat it as hostile. Microsoft Exchange Online Protection (EOP) and Office 365 relay addresses appear in DMARC reports for mail routed through Microsoft's filtering infrastructure. Ensure your SPF record includes Microsoft's published mail server ranges.
IP Confounder: Microsoft 365 Exchange Online Protection (EOP)
EOP US Government / GCC Cloud outbound IPv6. PTR pattern: mail-*.outbound.protection.office365.us (bn3usg02on* and cy1usg02on* hostnames). 53 unique IPs observed across failures, all confirmed EOP by rDNS.
External Reputation Lookups
Look up this IP in external threat intelligence and reputation databases (opens in new tab):
Recommended Action
If this IP appears in your own DMARC reports, treat it as an unauthorized sender unless you have specifically verified it as a legitimate service you use. Ensure your DMARC policy is at p=quarantine or p=reject to prevent delivery of messages this IP claims to send from your domain. If you're new to DMARC, our complete guide walks through the mechanics.