nanog mailing list archives
Re: Microsoft O365 labels nanog potential fraud?
From: DaKnOb <daknob.mac () gmail com>
Date: Wed, 29 Mar 2017 18:38:34 +0300
Indeed, in more detail (which I omitted for simplicity), these checks are performed in a series of headers, the last of which is the From: header. I think the “envelope-from” is either the first or the second in this 5-point list. That said, there are a lot of implementations out there that do not respect that and treat the From address as the sender whose honesty must be verified. Every time I send mail to a mailing list from my own domain, due to DMARC I get back several reports of SPF and DKIM fail, mainly because the mailing list messed up something.
On 29 Mar 2017, at 18:32, William Herrin <bill () herrin us> wrote: On Wed, Mar 29, 2017 at 11:25 AM, Grant Taylor via NANOG <nanog () nanog org> wrote:Every SPF implementation I've seen has checked the SMTP envelope FROM address /and/ the RFC 822 From: header address.Hi Grant, The gold standard, Spamassassin, does not. Indeed, the message to which I reply was scored by spam assassin as "SPF_PASS" even though you do not include NANOG's servers in the SPF record for tnetconsulting.net. Regards, Bill Herrin -- William Herrin ................ herrin () dirtside com bill () herrin us Dirtside Systems ......... Web: <http://www.dirtside.com/>
Current thread:
- Re: Microsoft O365 labels nanog potential fraud?, (continued)
- Re: Microsoft O365 labels nanog potential fraud? DaKnOb (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Mel Beckman (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Grant Taylor via NANOG (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Leo Bicknell (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Brad Knowles (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Florian Weimer (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Mel Beckman (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? DaKnOb (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? William Herrin (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Mel Beckman (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Grant Taylor via NANOG (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? William Herrin (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? DaKnOb (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Carl Byington (Mar 29)
- RE: Microsoft O365 labels nanog potential fraud? Keith Medcalf (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Alan Hodgson (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? William Herrin (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Carl Byington (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Alan Hodgson (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Mark Andrews (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Carl Byington (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Alan Hodgson (Mar 30)