[194254] in North American Network Operators' Group
Re: Microsoft O365 labels nanog potential fraud?
daemon@ATHENA.MIT.EDU (Grant Taylor via NANOG)
Wed Mar 29 10:58:44 2017
X-Original-To: nanog@nanog.org
To: nanog@nanog.org
Date: Wed, 29 Mar 2017 08:58:38 -0600
In-Reply-To: <E61F2B9F-8712-4DB4-BCB4-ED03563DBA34@beckman.org>
From: Grant Taylor via NANOG <nanog@nanog.org>
Reply-To: Grant Taylor <gtaylor@tnetconsulting.net>
Errors-To: nanog-bounces@nanog.org
This is a cryptographically signed message in MIME format.
--------------ms030509040608010809040507
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: quoted-printable
On 03/29/2017 04:17 AM, Mel Beckman wrote:
> Thanks for the very clear explanation. I use DKIM and SPF, but didn't
> know about this corner case. I'm surprised the SPF, etc architects
> missed it, or seem to have. In any event, I seem to be getting all
> the messages.
I don't think they did miss it per say. SPF is specifically meant to=20
say where senders are allowed to send from. Mailing lists (in some=20
configurations), forwarders, et. al. (inadvertently) violate this when=20
they re-send the message with the original sender from a=20
not-explicitly-allowed source.
Sender Rewriting Scheme is a way that these forwarding services can=20
re-write the SMTP Envelope From address to not run afoul of SPF (et al).
Mailing list managers, in particular, can also change the message in a=20
few different ways to avoid some of these pitfalls.
- Remove all but a subset of headers.
- Alter the RFC 822 From: header such that the message appears to come =
from the mailing list its self.
I also strongly recommend that mailing lists be viewed as an entity unto =
themselves. I.e. they receive the email, process it, and generate a new =
email /from/ /their/ /own/ /address/ with very similar content as the=20
message they received.
I strongly encourage mailing list admins to enable Variable Envelope=20
Return Path to help identify which subscribed recipient causes each=20
individual bounce, even if the problem is from downstream forwards.
The problem with this is that it takes more processing power and=20
bandwidth. Most people simply want an old school expansion that=20
re-sends the same, unmodified, message to multiple recipients. - That=20
methodology's heyday has come and mostly gone.
--=20
Grant. . . .
unix || die
--------------ms030509040608010809040507
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC
CgIwggSvMIIDl6ADAgECAhEA4CPLFRKDU4mtYW56VGdrITANBgkqhkiG9w0BAQsFADBvMQsw
CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4
dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTE0MTIyMjAwMDAwMFoXDTIwMDUzMDEwNDgzOFowgZsxCzAJBgNVBAYTAkdCMRswGQYD
VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP
TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu
dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAImxDdp6UxlOcFIdvFamBia3uEngludRq/HwWhNJFaO0jBtgvHpRQqd5jKQi3xdh
TpHVdiMKFNNKAn+2HQmAbqUEPdm6uxb+oYepLkNSQxZ8rzJQyKZPWukI2M+TJZx7iOgwZOak
+FaA/SokFDMXmaxE5WmLo0YGS8Iz1OlAnwawsayTQLm1CJM6nCpToxDbPSBhPFUDjtlOdiUC
ISn6o3xxdk/u4V+B6ftUgNvDezVSt4TeIj0sMC0xf1m9UjewM2ktQ+v61qXxl3dnUYzZ7ifr
vKUHOHaMpKk4/9+M9QOsSb7K93OZOg8yq5yVOhM9DkY6V3RhUL7GQD/L5OKfoiECAwEAAaOC
ARcwggETMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBSSYWuC
4aKgqk/sZ/HCo/e0gADB7DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAd
BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFs
Q0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVz
ZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQELBQADggEBABsqbqxVwTqriMXY7c1V86prYSvACRAj
mQ/FZmpvsfW0tXdeDwJhAN99Bf4Ss6SAgAD8+x1banICCkG8BbrBWNUmwurVTYT7/oKYz1gb
4yJjnFL4uwU2q31Ypd6rO2Pl2tVz7+zg+3vio//wQiOcyraNTT7kSxgDsqgt1Ni7QkuQaYUQ
26Y3NOh74AEQpZzKOsefT4g0bopl0BqKu6ncyso20fT8wmQpNa/WsadxEdIDQ7GPPprsnjJT
9HaSyoY0B7ksyuYcStiZDcGG4pCS+1pCaiMhEOllx/XVu37qjIUgAmLq0ToHLFnFmTPyOInl
tukWeh95FPZKEBom+nyK+5swggVLMIIEM6ADAgECAhBWFNl+TpTaXY4YBuKunuW7MA0GCSqG
SIb3DQEBCwUAMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy
MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE
AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h
aWwgQ0EwHhcNMTYxMTIyMDAwMDAwWhcNMTcxMTIyMjM1OTU5WjArMSkwJwYJKoZIhvcNAQkB
FhpndGF5bG9yQHRuZXRjb25zdWx0aW5nLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALQOeB9QxYwFjGM8smbnZihDiEsKsBBX0H1M9WC/HjeHf+AO26QH4mdiN+XpFMVy
yVyZqEbgheL49o7qcRPf2PPVck+E67zn8b/kef1LbWde++QDMg56zZvAU4CbF7/v98WnHpzY
LP+3AWK0z/7IfBwujQE8xW6E0vTZznq8GGP5z6pGSap4gKh/a8erEVcoYdK2IuWYa4sNxOvo
FICiOoCMJhvU1F92yuuXCRZcZwFyav7P3+M36jHdViH2fuZuOhZBWb419mmhtUWS8r6aVdfk
Vq+Pz3NdvLdo6AsUZpf7dZr/LeLW6gr2VoDQ5+j1JtI24wzl42RAVTsANoH/OusCAwEAAaOC
AfgwggH0MB8GA1UdIwQYMBaAFJJha4LhoqCqT+xn8cKj97SAAMHsMB0GA1UdDgQWBBSxNT5f
50Ax2YRcuiCuDfxHUlkuGjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUE
GTAXBggrBgEFBQcDBAYLKwYBBAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/
MD0wOwYMKwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9k
by5uZXQvQ1BTMF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NP
TU9ET1NIQTI1NkNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgZAG
CCsGAQUFBwEBBIGDMIGAMFgGCCsGAQUFBzAChkxodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9D
T01PRE9TSEEyNTZDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wJQYDVR0RBB4wHIEaZ3RheWxv
ckB0bmV0Y29uc3VsdGluZy5uZXQwDQYJKoZIhvcNAQELBQADggEBACCtfMI0hVAiQKvOx9Br
ffT4YUPJRlXcs6yoDHfg0bnVw/ucEJ1neOi/aIUdA6EypUMNrshmgJTNaj6CsRH8c0yXOeGd
nO5tNrPMYAhVvCQo/gpliYhIs2RAKXgFNtkUufwTqOQOLZva4LLVxSuSYncAgxdaj6TcORsd
9NEKPUC03F8yW0hk2M6WqvOpyIG4CWAP8Tmrxs0OKZuQeAoI3bs103EuMiMBTFIeEm8Obvx+
svg+UhK0CaMjEH92AwZ4blouFxqGTlgE/wclDCe+tZr/FvBP4Vflm/o82IkvyiNff8Qwz/BS
z1hTRwSc7JexXVTms1cS7rMBRFwcvU2Le6kxggRBMIIEPQIBATCBsDCBmzELMAkGA1UEBhMC
R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENsaWVu
dCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhBWFNl+TpTaXY4YBuKunuW7
MA0GCWCGSAFlAwQCAQUAoIICYTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3
DQEJBTEPFw0xNzAzMjkxNDU4MzhaMC8GCSqGSIb3DQEJBDEiBCDGFW/ZU5ufvxsJct9ySOk8
3WW6hYA9BasNGTcYfye6KzBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgB
ZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsO
AwIHMA0GCCqGSIb3DQMCAgEoMIHBBgkrBgEEAYI3EAQxgbMwgbAwgZsxCzAJBgNVBAYTAkdC
MRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNV
BAoTEUNPTU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQg
QXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIQVhTZfk6U2l2OGAbirp7luzCB
wwYLKoZIhvcNAQkQAgsxgbOggbAwgZsxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVy
IE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1p
dGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVudGljYXRpb24gYW5k
IFNlY3VyZSBFbWFpbCBDQQIQVhTZfk6U2l2OGAbirp7luzANBgkqhkiG9w0BAQEFAASCAQBu
Uhumoo8niHV6Qrye8by90zI6yFLwUA4fUiunZ4+qCItbpQ+dUWVEm9XTYeX00K2s16aFrQm6
xFriEXLbpSTlo/SnoYNGMaJT4sCj0lUP5jBYQ6GkOdIWEfS8fMXGozakAmeB5jVFiywYIQgU
g2LFB0wtNeGiokuVHKDSBfkYEXsppceXFyAN2aQtOEzpJBWZ1dQgstBiMNlBPDr/ye/0kycJ
2duBtyBaZcWakVsVob9Ao4BKoAzXVDCudRDaCo7qHFaitGywWXqFmhp8GrL8mkHv4ImnU/aM
4jNoXPPAffKO8mg1JKY6pTHwDsVmIqnq7/G0qsWtCjzDcxBaPs7IAAAAAAAA
--------------ms030509040608010809040507--
