Microsoft O365 labels nanog potential fraud?
Grant Taylor
gtaylor at tnetconsulting.net
Wed Mar 29 14:58:38 UTC 2017
On 03/29/2017 04:17 AM, Mel Beckman wrote:
> Thanks for the very clear explanation. I use DKIM and SPF, but didn't
> know about this corner case. I'm surprised the SPF, etc architects
> missed it, or seem to have. In any event, I seem to be getting all
> the messages.
I don't think they did miss it per say. SPF is specifically meant to
say where senders are allowed to send from. Mailing lists (in some
configurations), forwarders, et. al. (inadvertently) violate this when
they re-send the message with the original sender from a
not-explicitly-allowed source.
Sender Rewriting Scheme is a way that these forwarding services can
re-write the SMTP Envelope From address to not run afoul of SPF (et al).
Mailing list managers, in particular, can also change the message in a
few different ways to avoid some of these pitfalls.
- Remove all but a subset of headers.
- Alter the RFC 822 From: header such that the message appears to come
from the mailing list its self.
I also strongly recommend that mailing lists be viewed as an entity unto
themselves. I.e. they receive the email, process it, and generate a new
email /from/ /their/ /own/ /address/ with very similar content as the
message they received.
I strongly encourage mailing list admins to enable Variable Envelope
Return Path to help identify which subscribed recipient causes each
individual bounce, even if the problem is from downstream forwards.
The problem with this is that it takes more processing power and
bandwidth. Most people simply want an old school expansion that
re-sends the same, unmodified, message to multiple recipients. - That
methodology's heyday has come and mostly gone.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3717 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20170329/720a9397/attachment.bin>
More information about the NANOG
mailing list