nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft O365 labels nanog potential fraud?

From: William Herrin <bill () herrin us>
Date: Wed, 29 Mar 2017 15:52:15 -0400
On Wed, Mar 29, 2017 at 12:24 PM, Alan Hodgson <ahodgson () lists simkin ca>
wrote:


On Wednesday 29 March 2017 11:12:33 William Herrin wrote:

Both SPF and DKIM are meant to be checked against the domain in the
envelope sender (SMTP protocol-level return address) which the NANOG list
sets to nanog-bounces () nanog org. Checking against the message header

"from"

address is an incorrect implementation which will break essentially all
mailing lists.



This is incomplete.

TL;DR: SPF checks the envelope sender. DKIM doesn't check anything except
to
test that parts of the message haven't been altered. DMARC adds policy to
both
to check them against the header From:. Mailing list software may not work
with DMARC-reject senders (but Nanog does).



Hi Alan,

I accept your explanation as the correct one.

Regards,
Bill Herrin

-- 
William Herrin ................ herrin () dirtside com  bill () herrin us
Dirtside Systems ......... Web: <http://www.dirtside.com/>
Previous By Date Next
Previous By Thread Next

Current thread: