nanog mailing list archives
Re: Microsoft O365 labels nanog potential fraud?
From: Mel Beckman <mel () beckman org>
Date: Wed, 29 Mar 2017 10:17:17 +0000
Antonia's, Thanks for the very clear explanation. I use DKIM and SPF, but didn't know about this corner case. I'm surprised the SPF, etc architects missed it, or seem to have. In any event, I seem to be getting all the messages. -mel beckman
On Mar 29, 2017, at 12:04 AM, DaKnOb <daknob.mac () gmail com> wrote: Usually mailing lists act like e-mail spoofers as far as SPF and DKIM is concerned. These two systems above try to minimize spoofed e-mail by doing the following: SPF: Each domain adds a list of IP Addresses that are allowed to send e-mail on their behalf. DKIM: Each email sent by an "original" mail server is cryptographically signed with a key available, again, in the DNS. When you send an e-mail to a list, you send it to the mailing list mail server. After that, of the server forwards that e-mail to the recipients, its original address is shown, therefore if Outlook checks for SPF records, that check will fail. An easy way to get around this is for the list to change the From field to something else, like "Mel Beckman via NANOG" and a local email address. However, when you send that email, it may also be signed with DKIM: any change in subject (say "[NANOG]" is added) or the body (say "You received this email because you subscribed to NANOG" is appended) will also cause that check to fail. Typically the behavior of the recipient if one or both of these checks failed is described in yet another DNS record, called a DMARC Policy. Some set this to very strict levels (reject e-mail / send to spam), some others to warn the user (like what you saw?), and some others, knowing this happens, to ignore/notify. This message probably appears because of the above SPF / DKIM / DMARC combo but I can't be 100% sure from the provided info. In any case, this is likely not your fault. If you want to be sure, verify the contents of the e-mail against the public NANOG archive which is available over HTTPS. My guess is that nothing has been changed. Thanks, AntoniosOn 29 Mar 2017, at 03:22, Mel Beckman <mel () beckman org> wrote: Is anyone else getting this message on every nanog post today? "This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing<http://aka.ms/LearnAboutSpoofing]>" I don't know if this link itself is malware, as it goes to the MS store, or if something is broken in the Nanog Mail machine. If it's just me, never mind. I'll figure it out. -mel beckman
Current thread:
- Microsoft O365 labels nanog potential fraud? Mel Beckman (Mar 28)
- Re: Microsoft O365 labels nanog potential fraud? DaKnOb (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Mel Beckman (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Grant Taylor via NANOG (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Leo Bicknell (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Brad Knowles (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Florian Weimer (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Mel Beckman (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? DaKnOb (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? William Herrin (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Mel Beckman (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Grant Taylor via NANOG (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? William Herrin (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? DaKnOb (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Carl Byington (Mar 29)