nanog mailing list archives
Re: Microsoft O365 labels nanog potential fraud?
From: William Herrin <bill () herrin us>
Date: Wed, 29 Mar 2017 15:52:15 -0400
On Wed, Mar 29, 2017 at 12:24 PM, Alan Hodgson <ahodgson () lists simkin ca> wrote:
On Wednesday 29 March 2017 11:12:33 William Herrin wrote:Both SPF and DKIM are meant to be checked against the domain in the envelope sender (SMTP protocol-level return address) which the NANOG list sets to nanog-bounces () nanog org. Checking against the message header"from"address is an incorrect implementation which will break essentially all mailing lists.This is incomplete. TL;DR: SPF checks the envelope sender. DKIM doesn't check anything except to test that parts of the message haven't been altered. DMARC adds policy to both to check them against the header From:. Mailing list software may not work with DMARC-reject senders (but Nanog does).
Hi Alan, I accept your explanation as the correct one. Regards, Bill Herrin -- William Herrin ................ herrin () dirtside com bill () herrin us Dirtside Systems ......... Web: <http://www.dirtside.com/>
Current thread:
- Re: Microsoft O365 labels nanog potential fraud?, (continued)
- Re: Microsoft O365 labels nanog potential fraud? Brad Knowles (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Florian Weimer (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? William Herrin (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Mel Beckman (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Grant Taylor via NANOG (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? William Herrin (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? DaKnOb (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Carl Byington (Mar 29)
- RE: Microsoft O365 labels nanog potential fraud? Keith Medcalf (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Alan Hodgson (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? William Herrin (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Carl Byington (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Alan Hodgson (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Mark Andrews (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Carl Byington (Mar 29)
- Re: Microsoft O365 labels nanog potential fraud? Alan Hodgson (Mar 30)