Microsoft O365 labels nanog potential fraud?

• Previous message (by thread): Microsoft O365 labels nanog potential fraud?
• Next message (by thread): Microsoft O365 labels nanog potential fraud?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03/29/2017 09:12 AM, William Herrin wrote:
> Both SPF and DKIM are meant to be checked against the domain in the
> envelope sender (SMTP protocol-level return address) which the NANOG list
> sets to nanog-bounces at nanog.org. Checking against the message header "from"
> address is an incorrect implementation which will break essentially all
> mailing lists.

That may be what the original intent was.

Every SPF implementation I've seen has checked the SMTP envelope FROM 
address /and/ the RFC 822 From: header address.

Granted, that does not mean that it's the correct behavior.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3717 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20170329/4492fdd3/attachment.bin>

• Previous message (by thread): Microsoft O365 labels nanog potential fraud?
• Next message (by thread): Microsoft O365 labels nanog potential fraud?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]