Antonia's, Thanks for the very clear explanation. I use DKIM and SPF, but didn't know about this corner case. I'm surprised the SPF, etc architects missed it, or seem to have. In any event, I seem to be getting all the messages.
-mel beckman > On Mar 29, 2017, at 12:04 AM, DaKnOb <[email protected]> wrote: > > Usually mailing lists act like e-mail spoofers as far as SPF and DKIM is > concerned. These two systems above try to minimize spoofed e-mail by doing > the following: > > SPF: Each domain adds a list of IP Addresses that are allowed to send e-mail > on their behalf. > > DKIM: Each email sent by an "original" mail server is cryptographically > signed with a key available, again, in the DNS. > > When you send an e-mail to a list, you send it to the mailing list mail > server. After that, of the server forwards that e-mail to the recipients, its > original address is shown, therefore if Outlook checks for SPF records, that > check will fail. An easy way to get around this is for the list to change the > From field to something else, like "Mel Beckman via NANOG" and a local email > address. > > However, when you send that email, it may also be signed with DKIM: any > change in subject (say "[NANOG]" is added) or the body (say "You received > this email because you subscribed to NANOG" is appended) will also cause that > check to fail. > > Typically the behavior of the recipient if one or both of these checks failed > is described in yet another DNS record, called a DMARC Policy. Some set this > to very strict levels (reject e-mail / send to spam), some others to warn the > user (like what you saw?), and some others, knowing this happens, to > ignore/notify. > > This message probably appears because of the above SPF / DKIM / DMARC combo > but I can't be 100% sure from the provided info. > > In any case, this is likely not your fault. If you want to be sure, verify > the contents of the e-mail against the public NANOG archive which is > available over HTTPS. My guess is that nothing has been changed. > > Thanks, > Antonios > >> On 29 Mar 2017, at 03:22, Mel Beckman <[email protected]> wrote: >> >> Is anyone else getting this message on every nanog post today? >> >> "This sender failed our fraud detection checks and may not be who they >> appear to be. Learn about spoofing at >> http://aka.ms/LearnAboutSpoofing<http://aka.ms/LearnAboutSpoofing]>" >> >> I don't know if this link itself is malware, as it goes to the MS store, or >> if something is broken in the Nanog Mail machine. >> >> If it's just me, never mind. I'll figure it out. >> >> -mel beckman
