ON PREM Outbound emails showing in dummy non-configured office 365 account message flow trace

Dear Community,

We have an on-prem exchange 2013 server and an office 365 account which is completly standalone.

Whilst the office 365 account is standalone, it does feature the email address we use for on-prem (Ie. the domain name in office 365 account is not active for any office 365 services however has passed ownership verification thus it's just sitting there)

We DON'T use EOP nor do we have any connector rules on our on-prem system that go to office 365 however when I randomly went into the 'Message Flow Trace' section in our office 365 account, there is recorded outbound mail which was sent from our On-prem server.

The ONLY mail that was recorded in the message Trace in Office 365 was emails we had sent from On-prem to other office 365 accounts (For example btconnect.com, and some of our clients whom also use office 365) .

How is office 365 picking up mail we've sent from our On-Prem server? Is there integration out of the box in exchange 2013 which auto interfaces with office 365? What on earth has happened here?

I'm really confused.

-------- For troubleshooting purposes...

Headers in the email which arrived in my personal office 365 account from the ON-PREM SERVER

Received: from AMSPR05MB065.eurprd05.prod.outlook.com (10.242.89.142) by

DBXPR05MB079.eurprd05.prod.outlook.com (10.242.138.22) with Microsoft SMTP

Server (TLS) id 15.1.93.16 via Mailbox Transport; Thu, 5 Mar 2015 16:16:31

+0000

Received: from DBXPR05CA0014.eurprd05.prod.outlook.com (10.255.178.14) by

AMSPR05MB065.eurprd05.prod.outlook.com (10.242.89.142) with Microsoft SMTP

Server (TLS) id 15.1.99.14; Thu, 5 Mar 2015 16:16:30 +0000

Received: from DB3FFO11FD028.protection.gbl (2a01:111:f400:7e04::145) by

DBXPR05CA0014.outlook.office365.com (2a01:111:e400:9434::14) with Microsoft

SMTP Server (TLS) id 15.1.106.15 via Frontend Transport; Thu, 5 Mar 2015

16:16:29 +0000

Received: from emea01-am1-obe.outbound.protection.outlook.com (157.56.112.128)

by DB3FFO11FD028.mail.protection.outlook.com (10.47.217.59) with Microsoft

SMTP Server (TLS) id 15.1.99.6 via Frontend Transport; Thu, 5 Mar 2015

16:16:28 +0000

Received: from DB4PR04CA0010.eurprd04.prod.outlook.com (25.160.41.20) by

DB3PR04MB236.eurprd04.prod.outlook.com (10.242.130.24) with Microsoft SMTP

Server (TLS) id 15.1.99.14; Thu, 5 Mar 2015 16:16:26 +0000

Received: from DB3FFO11FD040.protection.gbl (2a01:111:f400:7e04::184) by

DB4PR04CA0010.outlook.office365.com (2a01:111:e400:9852::20) with Microsoft

SMTP Server (TLS) id 15.1.106.15 via Frontend Transport; Thu, 5 Mar 2015

16:16:26 +0000

Received: from mail.localdomainhere (<IP OF OUR ON-PREM SERVER GOES HERE>) by

DB3FFO11FD040.mail.protection.outlook.com (10.47.217.71) with Microsoft SMTP

Server (TLS) id 15.1.99.6 via Frontend Transport; Thu, 5 Mar 2015 16:16:25

+0000

Received: from INT-EX-01.localdomainhere (192.168.142.20) by

INT-EX-01.localdomainhere (192.168.142.20) with Microsoft SMTP Server (TLS) id

15.0.913.22; Thu, 5 Mar 2015 16:15:55 +0000

Received: from INT-EX-01.localdomainhere ([fe80::aca4:88cf:3eaf:57dc]) by

INT-EX-01.localdomainhere ([fe80::aca4:88cf:3eaf:57dc%12]) with mapi id

15.00.0913.011; Thu, 5 Mar 2015 16:15:55 +0000

From: Jake Ives <Jake.Ives@domain.com>

To: Jake Ives <jake@ives.gb.net>

Subject: Test01

Thread-Topic: Test01

Thread-Index: AdBXX6dyI5u99OGoSKmXroKKyMA3Tg==

Date: Thu, 5 Mar 2015 16:15:54 +0000

Message-ID: <081f834d85b7436193fa887613b9dac7@INT-EX-01.localdomainhere>

Accept-Language: en-US, en-GB

Content-Language: en-US

X-MS-Has-Attach: yes

X-MS-TNEF-Correlator:

x-originating-ip: [192.168.142.73]

Content-Type: multipart/related;

            boundary="_004_081f834d85b7436193fa887613b9dac7INTEX01localdomainhere_";

            type="multipart/alternative"

MIME-Version: 1.0

Return-Path: jake.ives@domain.com

X-EOPAttributedMessage: 1

Received-SPF: Pass (protection.outlook.com: domain of domain.com

designates <IP OF ONPREM SERVER HERE> as permitted sender)

receiver=protection.outlook.com; client-ip=<IP OF OUR ON-PREM SERVER GOES HERE;

helo=mail.domain.co.uk;

Authentication-Results: spf=pass (sender IP is <IP OF OUR ON-PREM SERVER GOES HERE>)

smtp.mailfrom=Jake.Ives@DOMAIN.co.uk; ives.gb.net; dkim=none (message not

signed) header.d=none;ives.gb.net; dkim=none (message not signed)

header.d=none;ives.gb.net; dmarc=none action=none header.from=domain.com;

X-Forefront-Antispam-Report-Untrusted: CIP:<IP OF ON PREM SERVER HERE>;CTRY:GB;IPV:NLI;EFV:NLI;BMV:0;SFV:NSPM;SFS:(10019020)(438002)(189002)(199003)(71364002)(87936001)(2656002)(98436002)(92726002)(102836002)(108616004)(19625215002)(19618635001)(512954002)(92566002)(229853001)(107886001)(66926002)(18206015028)(84326002)(16796002)(19300405004)(450100001)(19580395003)(2900100001)(77156002)(15974865002)(62966003)(5250100002)(5310100001)(99936001)(15395725005)(16236675004)(110136001)(17760045003)(67866002)(86362001)(19617315012)(19627595001)(15975445007)(19580405001)(54356999)(22756005)(50986999)(6806004)(46102003)(74482002)(106466001)(33646002)(7099025)(24736002)(15669805003);DIR:OUT;SFP:1102;SCL:1;SRVR:DB3PR04MB236;H:mail.domain.co.uk;FPR:;SPF:Pass;MLV:ovrnspm;MX:1;A:1;PTR:mail.domain.co.uk;LANG:en;

X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB3PR04MB236;UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AMSPR05MB065;

X-Microsoft-Antispam-PRVS: <DB3PR04MB2361563F5226475182B0CCD8C1F0@DB3PR04MB236.eurprd04.prod.outlook.com>

X-Exchange-Antispam-Report-Test: UriScan:;UriScan:;

X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(601004)(5001007)(5005006);SRVR:DB3PR04MB236;BCL:0;PCL:0;RULEID:;SRVR:DB3PR04MB236;BCL:0;PCL:0;RULEID:(601004);SRVR:AMSPR05MB065;BCL:0;PCL:0;RULEID:;SRVR:AMSPR05MB065;

X-Forefront-PRVS: 05066DEDBB

X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR04MB236

X-MS-Exchange-Organization-MessageDirectionality: Incoming

Received-SPF: Fail (protection.outlook.com: domain of domain.com does not

designate 157.56.112.128 as permitted sender)

receiver=protection.outlook.com; client-ip=157.56.112.128;

helo=emea01-am1-obe.outbound.protection.outlook.com;

Authentication-Results: spf=fail (sender IP is 157.56.112.128)

smtp.mailfrom=jake.ives@DOMAIN.co.uk;

X-Forefront-Antispam-Report: CIP:157.56.112.128;CTRY:US;IPV:NLI;IPV:NLI;EFV:NLI;SFV:NSPM;SFS:(339900001)(489007)(189002)(71364002)(199003)(102836002)(92726002)(15975445007)(92566002)(17760045003)(62966003)(106466001)(15395725005)(16236675004)(77156002)(110136001)(107886001)(450100001)(5310100001)(229853001)(22756005)(98436002)(2900100001)(5250100002)(19625215002)(66926002)(99936001)(33646002)(15974865002)(19617315012)(19627595001)(67866002)(54356999)(108616004)(19300405004)(19618635001)(87836001)(2656002)(18206015028)(85426001)(512954002)(86362001)(6806004)(46102003)(74482002)(84326002)(19580395003)(50986999)(19580405001)(7099025)(24736002)(15669805003);DIR:INB;SFP:;SCL:1;SRVR:AMSPR05MB065;H:emea01-am1-obe.outbound.protection.outlook.com;FPR:;SPF:Fail;MLV:ovrnspm;MX:1;A:1;PTR:mail-am1on0128.outbound.protection.outlook.com;LANG:en;

X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB3FFO11FD028.protection.gbl

X-MS-Exchange-Transport-CrossTenantHeadersPromoted: DB3FFO11FD028.protection.gbl

X-MS-Exchange-Organization-Network-Message-Id: 927151e3-02c4-4c46-5539-08d22576df82

X-MS-Exchange-Organization-AVStamp-Service: 1.0

X-MS-Exchange-Organization-SCL: 1

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Mar 2015 16:16:28.9728

(UTC)

X-MS-Exchange-CrossTenant-Id: cd52bfe2-da2e-446d-b8f1-e78db861d489

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bfa61dad-1543-4f3b-8075-03498e9f4fcb;Ip=[IP OF ON PREM SERVER HERE]

X-MS-Exchange-CrossTenant-FromEntityHeader: Internet

X-MS-Exchange-Transport-CrossTenantHeadersStamped: AMSPR05MB065

X-MS-Exchange-Organization-AuthSource: DB3FFO11FD028.protection.gbl

X-MS-Exchange-Organization-AuthAs: Anonymous

X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.5565465