Microsoft O365 labels nanog potential fraud?

Keith Medcalf kmedcalf at
Wed Mar 29 21:05:59 UTC 2017

The purpose of SPF is to REJECT messages before the data phase.  This cannot be done if you are checking the RFC-822 From: header since that requires accepting the message and invalidates the entire purpose of SPF.

I have never seen an SPF implementation that uses the RFC-822 header From.  Doing so would be pointless.

> -----Original Message-----
> From: NANOG [mailto:nanog-bounces at] On Behalf Of Grant Taylor via
> Sent: Wednesday, 29 March, 2017 09:26
> To: nanog at
> Subject: Re: Microsoft O365 labels nanog potential fraud?
> On 03/29/2017 09:12 AM, William Herrin wrote:
> > Both SPF and DKIM are meant to be checked against the domain in the
> > envelope sender (SMTP protocol-level return address) which the NANOG
> list
> > sets to nanog-bounces at Checking against the message header
> "from"
> > address is an incorrect implementation which will break essentially all
> > mailing lists.
> That may be what the original intent was.
> Every SPF implementation I've seen has checked the SMTP envelope FROM
> address /and/ the RFC 822 From: header address.
> Granted, that does not mean that it's the correct behavior.
> --
> Grant. . . .
> unix || die

More information about the NANOG mailing list