Microsoft O365 labels nanog potential fraud?

Alan Hodgson ahodgson at
Wed Mar 29 22:03:20 UTC 2017

On Wednesday 29 March 2017 14:28:30 Carl Byington wrote:
> For an example of that (unless I am misunderstanding something), we
> have:
>  --> Hello [], pleased to meet you
>  <-- MAIL FROM:<$MUNGED at>
>  <-- RCPT TO: ...
> dkim pass
> rfc2822 from header = $MUNGED at
> dig txt +short
> "v=DMARC1; p=reject; ..."
> dig txt +short
> "v=spf1 ip4: -all"
> So given the dmarc reject policy, it needs to pass either spf (which
> fails !=, or dkim (which fails since it
> is not signed by anything related to
> Am I missing something, or is that just broken?

That appears to be broken. The -all on the SPF record alone breaks it, since 
receivers should refuse it at that point. But yeah the DMARC is also broken.

Interestingly, the mail I've seen recently from has multiple 
signatures, one of which is from And it originated from Weird.

More information about the NANOG mailing list