Re: Microsoft O365 labels nanog potential fraud?

[Grant Taylor via NANOG <nanog () nanog org>]

On 03/29/2017 04:17 AM, Mel Beckman wrote:
> Thanks for the very clear explanation. I use DKIM and SPF, but didn't
> know about this corner case. I'm surprised the SPF, etc architects
> missed it, or seem to have. In any event, I seem to be getting all
> the messages.

I don't think they did miss it per say.  SPF is specifically meant to 
say where senders are allowed to send from.  Mailing lists (in some 
configurations), forwarders, et. al. (inadvertently) violate this when 
they re-send the message with the original sender from a 
not-explicitly-allowed source.

Sender Rewriting Scheme is a way that these forwarding services can 
re-write the SMTP Envelope From address to not run afoul of SPF (et al).

Mailing list managers, in particular, can also change the message in a 
few different ways to avoid some of these pitfalls.

 - Remove all but a subset of headers.
 - Alter the RFC 822 From: header such that the message appears to come 
from the mailing list its self.

I also strongly recommend that mailing lists be viewed as an entity unto 
themselves.  I.e. they receive the email, process it, and generate a new 
email /from/ /their/ /own/ /address/ with very similar content as the 
message they received.

I strongly encourage mailing list admins to enable Variable Envelope 
Return Path to help identify which subscribed recipient causes each 
individual bounce, even if the problem is from downstream forwards.

The problem with this is that it takes more processing power and 
bandwidth.  Most people simply want an old school expansion that 
re-sends the same, unmodified, message to multiple recipients.  -  That 
methodology's heyday has come and mostly gone.



--
Grant. . . .
unix || die

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature