The bug being described is that Microsoft will run spam checkers when receiving emails for Microsoft customers, and they will check domain ownership when sending outgoing emails, but they won't run spam checkers or check ownership when email are received to an address which is used for email forwarding.

In addition, other major email services such like Gmail will not run spam checkers against Microsoft since they assume that Microsoft has done their due diligence when sending emails.

This doesn't seem correct, if Microsoft truly does not do so in this scenario then it's impossible for it not to have been known by many many thousands of people well before 2023.

There's nothing inconsistent with that. Spear fishing techniques that rely on a number of bad practices, where thousands of people know what's wrong, survive as long as high volume spam is largely frustrated by post fact remediation, i.e. forcing some domain to disable open forwarding or suspending some account on too much of it.

Just to be clear for any future readers, they don't mean forwarding the email as in the forward button (which quotes or attaches it), they mean setting up mail forwarding on the entire inbox

Each Office 365 tenant does not have a personal Exhange server. The sending smtp server is being shared and can be verified with the email headers. That is how this flaw works.

I feel like an idiot because I see the same behavior with the variable 'not in my organization' with transport rules and how many false positives I've had. I can clearly see the usage of different exchange servers being used in my environment when my company acquires a bunch of users. It falsely flags them because they are using a different shared exchange resource.

You can't use Office 365 to send email that appears to be from a different org. It is an authenticated mail relay, and it'll just reject your email.

You have to verify that you own the domains that you use in the from address to send mail via their service.