In order to improve the email forwarding experience, the email system was updated in 2019 with a forwarding configuration that bypasses the on-premises Exchange email infrastructure that was responsible for normalizing / rewriting forwarded messages and invalidating DKIM signatures in the process. For more information, see: Email Delivery - Underlying Protocols.
The previous email routing was:
In the new configuration, the email routing is:
This new configuration is very similar to how email flow worked prior to the implementation of Exchange Online Protection and should be a strict improvement over the previous experience.
Spam is forwarded for the receiving system to handle according to their policies, but messages containing known malware or phishing attacks are not forwarded.