nanog mailing list archives
Re: Microsoft O365 labels nanog potential fraud?
From: Alan Hodgson <ahodgson () lists simkin ca>
Date: Wed, 29 Mar 2017 15:03:20 -0700
On Wednesday 29 March 2017 14:28:30 Carl Byington wrote:
For an example of that (unless I am misunderstanding something), we have: --> Hello marketo-email.box.com [192.28.147.169], pleased to meet you <-- MAIL FROM:<$MUNGED () marketo-email box com> <-- RCPT TO: ... dkim pass header.d=mktdns.com rfc2822 from header = $MUNGED () email box com dig _dmarc.email.box.com txt +short "v=DMARC1; p=reject; ..." dig email.box.com txt +short "v=spf1 ip4:192.28.147.168 -all" So given the dmarc reject policy, it needs to pass either spf (which fails 192.28.147.168 != 192.28.147.169), or dkim (which fails since it is not signed by anything related to email.box.com. Am I missing something, or is that just broken?
That appears to be broken. The -all on the SPF record alone breaks it, since receivers should refuse it at that point. But yeah the DMARC is also broken. Interestingly, the mail I've seen recently from email.box.com has multiple signatures, one of which is from email.box.com. And it originated from 192.28.147.168. Weird.
Current thread:
- Re: Microsoft O365 labels nanog potential fraud?, (continued)
- Re: Microsoft O365 labels nanog potential fraud? William Herrin (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Mel Beckman (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Grant Taylor via NANOG (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? William Herrin (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? DaKnOb (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Carl Byington (Mar 29)
- RE: Microsoft O365 labels nanog potential fraud? Keith Medcalf (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? William Herrin (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Alan Hodgson (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? William Herrin (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Carl Byington (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Alan Hodgson (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Mark Andrews (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Carl Byington (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Alan Hodgson (Mar 30)