Microsoft O365 labels nanog potential fraud?
carl at five-ten-sg.com
Wed Mar 29 16:00:02 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 2017-03-29 at 11:32 -0400, William Herrin wrote:
> The gold standard, Spamassassin, does not. Indeed, the message to
> which I reply was scored by spam assassin as "SPF_PASS" even though
> you do not include NANOG's servers in the SPF record for
The message from Mr. Taylor (to which Mr. Herrin is replying) arrived
Return-path: <nanog-bounces at nanog.org>
From: Grant Taylor via NANOG <nanog at nanog.org>
Reply-to: Grant Taylor <gtaylor at tnetconsulting.net>
So an SPF implementation that checks either or both of the (rfc2821
envelope from / rfc2822 header from) domains will pass.
The original was DKIM signed by d=tnetconsulting.net (c=simple/simple -
you might want to change that) but of course that signature was broken
by the nanog list handling.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the NANOG