nanog mailing list archives
Re: Microsoft O365 labels nanog potential fraud?
From: Grant Taylor via NANOG <nanog () nanog org>
Date: Wed, 29 Mar 2017 08:58:38 -0600
On 03/29/2017 04:17 AM, Mel Beckman wrote:
Thanks for the very clear explanation. I use DKIM and SPF, but didn't know about this corner case. I'm surprised the SPF, etc architects missed it, or seem to have. In any event, I seem to be getting all the messages.
I don't think they did miss it per say. SPF is specifically meant to say where senders are allowed to send from. Mailing lists (in some configurations), forwarders, et. al. (inadvertently) violate this when they re-send the message with the original sender from a not-explicitly-allowed source.
Sender Rewriting Scheme is a way that these forwarding services can re-write the SMTP Envelope From address to not run afoul of SPF (et al).
Mailing list managers, in particular, can also change the message in a few different ways to avoid some of these pitfalls.
- Remove all but a subset of headers.- Alter the RFC 822 From: header such that the message appears to come from the mailing list its self.
I also strongly recommend that mailing lists be viewed as an entity unto themselves. I.e. they receive the email, process it, and generate a new email /from/ /their/ /own/ /address/ with very similar content as the message they received.
I strongly encourage mailing list admins to enable Variable Envelope Return Path to help identify which subscribed recipient causes each individual bounce, even if the problem is from downstream forwards.
The problem with this is that it takes more processing power and bandwidth. Most people simply want an old school expansion that re-sends the same, unmodified, message to multiple recipients. - That methodology's heyday has come and mostly gone.
-- Grant. . . . unix || die
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Microsoft O365 labels nanog potential fraud? Mel Beckman (Mar 28)
- Re: Microsoft O365 labels nanog potential fraud? DaKnOb (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Mel Beckman (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Grant Taylor via NANOG (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Leo Bicknell (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Brad Knowles (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Florian Weimer (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Mel Beckman (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? DaKnOb (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? William Herrin (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Mel Beckman (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Grant Taylor via NANOG (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? William Herrin (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? DaKnOb (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Carl Byington (Mar 29)
- RE: Microsoft O365 labels nanog potential fraud? Keith Medcalf (Mar 29)