IP Address: 40.93.12.10 โ IP Confounder
IP address 40.93.12.10 is registered to Microsoft Corporation and geolocates to Boydton, United States. It first appeared in sh4meful's dataset on June 18, 2026 and was most recently observed on June 24, 2026. Over the observation window, it has failed DMARC alignment 2 times, targeting one sender domain. Its reverse DNS resolves to mail-eastus2azlp17011010.outbound.protection.outlook.com. Network context: this address sits within MSFT (Microsoft Corporation), a network sh4meful has observed producing 6 failures across 5 distinct IPs during the same window.
Failure Activity Over Time
Peak activity was observed in the week of June 15, 2026 with 1 failures recorded. Activity in the most recent 30-day window held roughly steady compared with the prior period (1 vs 1 failures).
This page shows DMARC authentication failure data for this IP address. Learn more about this data.
Geolocation Information
- Country:
- US United States
- Region:
- Virginia
- City:
- Boydton
- Coordinates:
- 36.6694, -78.3877
WHOIS Information
- Network Name:
- MSFT
- CIDR:
40.80.0.0/12, 40.112.0.0/13, 40.120.0.0/14, 40.125.0.0/17, 40.124.0.0/16, 40.96.0.0/12, 40.74.0.0/15, 40.76.0.0/14- Owner:
- Microsoft Corporation
- Org ID:
MSFT- Address:
- One Microsoft Way, Redmond, WA 98052
- Reverse DNS:
-
mail-eastus2azlp17011010.outbound.protection.outlook.com
Last updated: 6/20/2026
Analysis
This IP is classified as a confounder: Microsoft 365 Exchange Online Protection (EOP). Failures observed from this source are expected artifacts of legitimate mail-handling behavior, typically email forwarding or mailing-list processing, and do not indicate spoofing attempts.
The host is operated by Microsoft Corporation and geolocates to Boydton, United States. Its presence in DMARC aggregate reports is an artifact of how forwarded mail interacts with SPF and DKIM authentication, not a sign of abuse originating from this address.
Administrators observing this IP in their DMARC aggregate reports should not block or treat it as hostile. Microsoft Exchange Online Protection (EOP) and Office 365 relay addresses appear in DMARC reports for mail routed through Microsoft's filtering infrastructure. Ensure your SPF record includes Microsoft's published mail server ranges.
Microsoft Network (365 vs Azure)
Differentiating between Office 365, including email protection services, and Azure (public cloud) when diagnosing incidents is challenging because they utilize shared Microsoft-owned IP ranges. Most of this is probably O365/Outlook or Defender protection breaking DKIM and SPF authentication. Disambiguation is a work-in-progress.
IP Confounder: Microsoft 365 Exchange Online Protection (EOP)
Exchange Online Protection (EOP) is a cloud-based email filtering service included with all Microsoft 365 subscriptions to protect against spam, malware, and phishing attacks. It automatically secures mailboxes by filtering incoming and outgoing messages in real-time using anti-spam, anti-malware, and content filters. During periods of active campaign activity, these can largely be ignored (esp. when recipients are on Exchange). However, forged emails have been observed from Microsoft infrastructure that have this signature too.
Network Topology
This address is part of MSFT (Microsoft Corporation), announced from United States. 5 IPs in this network have been observed in sh4meful's dataset.
External Reputation Lookups
Look up this IP in external threat intelligence and reputation databases (opens in new tab):
Nearby IPs
The following IP addresses share the same /24 subnet as 40.93.12.10 and have appeared in sh4meful's dataset. Related activity in nearby addresses often indicates infrastructure operated by a single actor or provider.
- 40.93.12.21 โ 18 failures, first seen 1 year ago, 597 days before this address.
- 40.93.12.22 โ 17 failures, first seen 2 years ago, 828 days before this address.
- 40.93.12.7 โ 16 failures, first seen 1 year ago, 644 days before this address.
- 40.93.12.23 โ 15 failures, first seen 1 year ago, 584 days before this address.
- 40.93.12.19 โ 14 failures, first seen 1 year ago, 604 days before this address.
- 40.93.12.4 โ 13 failures, first seen 1 year ago, 644 days before this address.
- 40.93.12.28 โ 12 failures, first seen 1 year ago, 590 days before this address.
- 40.93.12.18 โ 12 failures, first seen 2 years ago, 828 days before this address.
Recommended Action
If this IP appears in your own DMARC reports, treat it as an unauthorized sender unless you have specifically verified it as a legitimate service you use. Ensure your DMARC policy is at p=quarantine or p=reject to prevent delivery of messages this IP claims to send from your domain. If you're new to DMARC, our complete guide walks through the mechanics.