Microsoft O365 labels nanog potential fraud?

• Previous message (by thread): Microsoft O365 labels nanog potential fraud?
• Next message (by thread): Microsoft O365 labels nanog potential fraud?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Indeed, in more detail (which I omitted for simplicity), these checks are performed in a series of headers, the last of which is the From: header. I think the “envelope-from” is either the first or the second in this 5-point list.
That said, there are a lot of implementations out there that do not respect that and treat the From address as the sender whose honesty must be verified. Every time I send mail to a mailing list from my own domain, due to DMARC I get back several reports of SPF and DKIM fail, mainly because the mailing list messed up something. 

> On 29 Mar 2017, at 18:32, William Herrin <bill at herrin.us> wrote:
> 
> On Wed, Mar 29, 2017 at 11:25 AM, Grant Taylor via NANOG <nanog at nanog.org>
> wrote:
> 
>> Every SPF implementation I've seen has checked the SMTP envelope FROM
>> address /and/ the RFC 822 From: header address.
>> 
> 
> Hi Grant,
> 
> The gold standard, Spamassassin, does not. Indeed, the message to which I
> reply was scored by spam assassin as "SPF_PASS" even though you do not
> include NANOG's servers in the SPF record for tnetconsulting.net.
> 
> Regards,
> Bill Herrin
> 
> 
> -- 
> William Herrin ................ herrin at dirtside.com  bill at herrin.us
> Dirtside Systems ......... Web: <http://www.dirtside.com/>

• Previous message (by thread): Microsoft O365 labels nanog potential fraud?
• Next message (by thread): Microsoft O365 labels nanog potential fraud?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]