[194276] in North American Network Operators' Group
RE: Microsoft O365 labels nanog potential fraud?
daemon@ATHENA.MIT.EDU (Keith Medcalf)
Wed Mar 29 17:06:06 2017
X-Original-To: nanog@nanog.org
Date: Wed, 29 Mar 2017 15:05:59 -0600
In-Reply-To: <470c9743-1f90-4b65-29d9-a4176dae4896@tnetconsulting.net>
From: "Keith Medcalf" <kmedcalf@dessus.com>
To: "Grant Taylor" <gtaylor@tnetconsulting.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
The purpose of SPF is to REJECT messages before the data phase. This canno=
t be done if you are checking the RFC-822 From: header since that requires =
accepting the message and invalidates the entire purpose of SPF.
I have never seen an SPF implementation that uses the RFC-822 header From. =
Doing so would be pointless.
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Grant Taylor vi=
a
> NANOG
> Sent: Wednesday, 29 March, 2017 09:26
> To: nanog@nanog.org
> Subject: Re: Microsoft O365 labels nanog potential fraud?
>
> On 03/29/2017 09:12 AM, William Herrin wrote:
> > Both SPF and DKIM are meant to be checked against the domain in the
> > envelope sender (SMTP protocol-level return address) which the NANOG
> list
> > sets to nanog-bounces@nanog.org. Checking against the message header
> "from"
> > address is an incorrect implementation which will break essentially all
> > mailing lists.
>
> That may be what the original intent was.
>
> Every SPF implementation I've seen has checked the SMTP envelope FROM
> address /and/ the RFC 822 From: header address.
>
> Granted, that does not mean that it's the correct behavior.
>
>
>
> --
> Grant. . . .
> unix || die
