same.  Nothing like that in the headers or body.

-nick

—
Nick Peelman
n...@peelman.us




> On Dec 8, 2016, at 9:59 AM, Adam Levin <levins...@gmail.com> wrote:
> 
> I received the message, and there has *not* been any message injected into 
> the body regarding failing fraud detection checks.
> 
> -Adam
> 
> On Thu, Dec 8, 2016 at 9:39 AM, Edward Ned Harvey (lopser) 
> <lop...@nedharvey.com <mailto:lop...@nedharvey.com>> wrote:
> Before anything else, can any of you confirm that when you receive this 
> message, there has or hasn't been a line injected into the message body 
> saying "This sender failed our fraud detection checks..." at the beginning of 
> the message body? And who is your mail service provider?
> 
> Ok, we know this much:
> 
> My SPF record is definitely set correctly.
> By looking at the message headers, we can see the message was sent
>         from NAM02-BL2-obe.outbound.protection.outlook.com 
> <http://nam02-bl2-obe.outbound.protection.outlook.com/> 
> (mail-bl2nam02on0092.outbound.protection.outlook.com 
> <http://mail-bl2nam02on0092.outbound.protection.outlook.com/>. [104.47.38.92])
>         received by mx.google.com <http://mx.google.com/>
> And when google receives it, it's an SPF pass
>         pass (google.com <http://google.com/>: domain of lop...@nedharvey.com 
> <mailto:lop...@nedharvey.com> designates 104.47.38.92 as permitted sender) 
> client-ip=104.47.38.92;
> 
> Then, google does some processing, and google delivers the message to 
> lopsa-sb1.lopsa.org <http://lopsa-sb1.lopsa.org/> (Postfix)
> Then, lopsa-sb1.lopsa.org <http://lopsa-sb1.lopsa.org/> delivers the message 
> to all the list members.
> 
> Finally, when I receive the message, it has this text injected into the 
> message body:
>         This sender failed our fraud detection checks and may not be who they 
> appear to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing 
> <http://aka.ms/LearnAboutSpoofing>
> 
> I am going to observe, that the URL is a link to an office365 information 
> article, which suggests, that the message is probably *not* being flagged as 
> spam by google or lopsa. It's probably being flagged only *after* lopsa 
> distributes it back to my office365 account.
> _______________________________________________
> Tech mailing list
> Tech@lists.lopsa.org <mailto:Tech@lists.lopsa.org>
> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech 
> <https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech>
> This list provided by the League of Professional System Administrators
>  http://lopsa.org/ <http://lopsa.org/>
> 
> _______________________________________________
> Tech mailing list
> Tech@lists.lopsa.org
> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
> This list provided by the League of Professional System Administrators
> http://lopsa.org/

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
 http://lopsa.org/

Reply via email to