Network: MSFT

ℹ️ Annotation: Microsoft Network (365 vs Azure)

Differentiating between Office 365, including email protection services, and Azure (public cloud) when diagnosing incidents is challenging because they utilize shared Microsoft-owned IP ranges. Most of this is probably O365/Outlook or Defender protection breaking DKIM and SPF authentication. Disambiguation is a work-in-progress.

Last updated: 1/29/2026

This page shows DMARC authentication failures originating from the MSFT network. Learn more about this data.

Network Information

Owner:: Microsoft
Org ID:: MSFT
Address:: One Microsoft Way, Redmond, WA 98052
Countries:: IN NL US

Unique IPs:: 5

CIDRs:: 20.192.0.0/10, 20.33.0.0/16, 20.48.0.0/12, 20.64.0.0/10, 20.128.0.0/16, 20.40.0.0/13, 20.34.0.0/15, 20.36.0.0/14, (more)

Analysis

This network has contributed 5 unique IP addresses across 6 failed authentication events, accounting for 8 messages. Activity spans from March 12, 2024 to May 5, 2026, with peak volume in February 2025 (2 events). The top countries by failure volume are United States (63%), The Netherlands (25%), India (13%). The most active source IPs from this network include 40.74.181.208 (2 failures), 4.240.39.194 (1 failure), 20.241.204.101 (1 failure). The distribution across MSFT (Microsoft) suggests mixed or general-purpose infrastructure.

Failures Detected from this Network

Showing 1-6 of 6 failures, affecting 8 messages

Show Confoundersⓘ

Date ▼	Source IP	Country	Messages
5/5/2026	20.61.126.208	NL	1
5/1/2026	4.210.177.128	NL	1
3/5/2026	4.240.39.194	IN	1
2/27/2026	20.241.204.101	US	1
2/26/2025	40.74.181.208	US	2
2/14/2025	40.74.181.208	US	2

Countries