[194255] in North American Network Operators' Group
Re: Microsoft O365 labels nanog potential fraud?
daemon@ATHENA.MIT.EDU (William Herrin)
Wed Mar 29 11:14:12 2017
X-Original-To: nanog@nanog.org
X-Really-To: <nanog@nanog.org>
In-Reply-To: <94D4DAA8-34FD-4104-B233-84585C590900@gmail.com>
From: William Herrin <bill@herrin.us>
Date: Wed, 29 Mar 2017 11:12:33 -0400
To: DaKnOb <daknob.mac@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Mar 29, 2017 at 3:04 AM, DaKnOb <daknob.mac@gmail.com> wrote:
> Usually mailing lists act like e-mail spoofers as far as SPF and DKIM is
> concerned. These two systems above try to minimize spoofed e-mail by doing
> the following:
>
> SPF: Each domain adds a list of IP Addresses that are allowed to send
> e-mail on their behalf.
>
> DKIM: Each email sent by an "original" mail server is cryptographically
> signed with a key available, again, in the DNS.
>
> When you send an e-mail to a list, you send it to the mailing list mail
> server. After that, of the server forwards that e-mail to the recipients,
> its original address is shown, therefore if Outlook checks for SPF records,
> that check will fail. An easy way to get around this is for the list to
> change the From field to something else, like "Mel Beckman via NANOG" and a
> local email address.
>
> However, when you send that email, it may also be signed with DKIM: any
> change in subject (say "[NANOG]" is added) or the body (say "You received
> this email because you subscribed to NANOG" is appended) will also cause
> that check to fail.
>
Hello,
Both SPF and DKIM are meant to be checked against the domain in the
envelope sender (SMTP protocol-level return address) which the NANOG list
sets to nanog-bounces@nanog.org. Checking against the message header "from"
address is an incorrect implementation which will break essentially all
mailing lists.
Regards,
Bill Herrin
--
William Herrin ................ herrin@dirtside.com bill@herrin.us
Dirtside Systems ......... Web: <http://www.dirtside.com/>
