I am see a weird behavior of Exchange Online for none-existing email address, wondering if anyone can explain it.
I am setting up a Fortimail Cloud service ( third party email protection service ) to Exchange Online, but noticed one function "Recipient address Verification" (using RCPT method) doesn't work as I thought. I did some troubleshooting, my understanding is Fortimail will send a "RCPT TO:" to Exchange Online to verify if the recipient is a valid email.
I did traffic capture from Fortimail to Exchange Online :
Somehow Exchange Online replied with "250 2.1.5" for the fake email !
But when I do a manual test from a random azure machine, with all the same input, same recipient, Exchange Online return "550 5.4.1" :
Now I am really confused why this is happenning.
I tested with a second test M365 tenant with a different email domain and it behave same way, the test domain 's MX and TXT SPF record doesn't have any reference to Fortimail Cloud, so there shouldn't be any reason it's treated differently.