On Sep 20, 2024, at 12:02 PM, L. Mark Stone via mailop <mailop@mailop.org> wrote: > > FWIW, for a while now we have been outright blocking all email from any > subdomain of onmicrosoft.com <http://onmicrosoft.com/>, as well as email from > any azurewebsites.net <http://azurewebsites.net/>domain/subdomain. > > To my understanding, other than for any tenant who hasn't configured their > email domain's settings per Microsoft's guidance, what we do should result in > zero false positives.
That's right, except that there are some legitimate tenants who never configure their email domain per Microsoft guidance, and those will be false positives. An example: Return-Path: bounces+SRS=2m789=q...@deluxe.onmicrosoft.com X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 168.135.115.243) smtp.mailfrom=shopdeluxe.com; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=shopdeluxe.com; Date: Fri, 20 Sep 2024 10:53:37 +0000 From: Deluxe Corporation <customerserv...@shopdeluxe.com> Subject: Your Deluxe Order Has Shipped X-OriginatorOrg: Deluxe.onmicrosoft.com Now, one could certainly claim that messages that have no valid DKIM or SPF, and which have an "onmicrosoft.com" envelope sender that doesn't match the From header, should be rejected to give the sender a hint to fix their stuff. If I block this and one of my customers complained, I wouldn't lose sleep over the answer being "yeah, ideally that wouldn't have been blocked, but the sender is doing a really good job of looking like a spammer in several different ways". But that's the kind of thing you'll end up blocking. -- Robert L Mathews
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
