On 05/10/2018 09:39 AM, RW wrote:
On Thu, 10 May 2018 13:49:15 +0000 (UTC)
Pedro David Marco wrote:
David Jones wrote:>It's not only compromised well-established
accounts. Based on the odd
domain names I have seen, I am pretty sure that Microsoft allows
trials of O365 so spammers are signing up and blasting out
junk/phishing emails until they are discovered. These spammers can
spoof anyone on O365 like toysrus.com and the SPF checks will pass.
I totally agree with David, i have seen trial periods of 45 days for
O365, then spoofingany other O365 customer is trivial with SPF
totally pointless.
But have you actually tried it? I had a concern about travelodge.co.uk
being whitelisted when its SPF includes gmail, but I tried spoofing it
through smtp.gmail.com and it didn't work.
It was said on this thread that Google rewrites/forces the envelope-from
address to be the same as the authenticated sender so Google handles
this properly. Microsoft does not. If you can authenticate, then you
can send as whatever you want with any headers you want to add/spoof
including the From:.
Microsoft has a list of domains it hosts and a list of hosted domains
(and/or its own addresses) tied to each account. Given how much
reliance MS place on DMARC's preventing spoofing, and how easy it would
be for them to prevent one user spoofing another's domain on submission,
I'd be very surprised if they allow it.
They do. I saw an example a few weeks ago.
Paul Stead claims to have seen it, but it's important to positively
identify it as spoofing and not hacking.
Not sure what the difference is from a mail filtering perspective. From
Microsoft's perspective it is both. A spammer got someone's password
and started sending a bunch of invoice phishing emails pretending to be
a local construction company that happens to host their email on O365 so
their SPF record is good.
--
David Jones
