Microsoft O365 labels nanog potential fraud?

William Herrin bill at herrin.us
Wed Mar 29 15:12:33 UTC 2017


On Wed, Mar 29, 2017 at 3:04 AM, DaKnOb <daknob.mac at gmail.com> wrote:

> Usually mailing lists act like e-mail spoofers as far as SPF and DKIM is
> concerned. These two systems above try to minimize spoofed e-mail by doing
> the following:
>
> SPF: Each domain adds a list of IP Addresses that are allowed to send
> e-mail on their behalf.
>
> DKIM: Each email sent by an "original" mail server is cryptographically
> signed with a key available, again, in the DNS.
>
> When you send an e-mail to a list, you send it to the mailing list mail
> server. After that, of the server forwards that e-mail to the recipients,
> its original address is shown, therefore if Outlook checks for SPF records,
> that check will fail. An easy way to get around this is for the list to
> change the From field to something else, like "Mel Beckman via NANOG" and a
> local email address.
>
> However, when you send that email, it may also be signed with DKIM: any
> change in subject (say "[NANOG]" is added) or the body (say "You received
> this email because you subscribed to NANOG" is appended) will also cause
> that check to fail.
>

Hello,

Both SPF and DKIM are meant to be checked against the domain in the
envelope sender (SMTP protocol-level return address) which the NANOG list
sets to nanog-bounces at nanog.org. Checking against the message header "from"
address is an incorrect implementation which will break essentially all
mailing lists.

Regards,
Bill Herrin



-- 
William Herrin ................ herrin at dirtside.com  bill at herrin.us
Dirtside Systems ......... Web: <http://www.dirtside.com/>



More information about the NANOG mailing list