Hi,
As per MS Email Authentication in Exchange Online "Microsoft uses implicit email authentication to check inbound email".
Implicit email authentication is an extension of regular email authentication policies. These extensions include: sender reputation, sender history, recipient history, behavioral analysis, and other advanced techniques. In the absence of other signals from these extensions, messages sent from domains that don't use email authentication policies are marked as spoofing.
Check this link for detailed info on Implicit and Explicit - https://knowledge.validity.com/hc/en-us/articles/360040763112-What-is-Microsoft-s-anti-spoofing-protection-change-and-how-does-it-impact-me-
Hope this helps.
JS
==
Please accept as answer and do a Thumbs-up to upvote this response if you are satisfied with the community help. Your upvote will be beneficial for the community users facing similar issues.