[194259] in North American Network Operators' Group
Re: Microsoft O365 labels nanog potential fraud?
daemon@ATHENA.MIT.EDU (DaKnOb)
Wed Mar 29 11:38:42 2017
X-Original-To: nanog@nanog.org
From: DaKnOb <daknob.mac@gmail.com>
In-Reply-To: <CAP-guGXrbRRgYsbxWGRtnwhkxYKYfN2Ex7B_hjhoy+NGHM0YbQ@mail.gmail.com>
Date: Wed, 29 Mar 2017 18:38:34 +0300
To: William Herrin <bill@herrin.us>
Cc: "nanog@nanog.org" <nanog@nanog.org>,
Grant Taylor <gtaylor@tnetconsulting.net>
Errors-To: nanog-bounces@nanog.org
Indeed, in more detail (which I omitted for simplicity), these checks =
are performed in a series of headers, the last of which is the From: =
header. I think the =E2=80=9Cenvelope-from=E2=80=9D is either the first =
or the second in this 5-point list.
That said, there are a lot of implementations out there that do not =
respect that and treat the =46rom address as the sender whose honesty =
must be verified. Every time I send mail to a mailing list from my own =
domain, due to DMARC I get back several reports of SPF and DKIM fail, =
mainly because the mailing list messed up something.=20
> On 29 Mar 2017, at 18:32, William Herrin <bill@herrin.us> wrote:
>=20
> On Wed, Mar 29, 2017 at 11:25 AM, Grant Taylor via NANOG =
<nanog@nanog.org>
> wrote:
>=20
>> Every SPF implementation I've seen has checked the SMTP envelope FROM
>> address /and/ the RFC 822 From: header address.
>>=20
>=20
> Hi Grant,
>=20
> The gold standard, Spamassassin, does not. Indeed, the message to =
which I
> reply was scored by spam assassin as "SPF_PASS" even though you do not
> include NANOG's servers in the SPF record for tnetconsulting.net.
>=20
> Regards,
> Bill Herrin
>=20
>=20
> --=20
> William Herrin ................ herrin@dirtside.com bill@herrin.us
> Dirtside Systems ......... Web: <http://www.dirtside.com/>
