Re: [mailop] [EXTERNAL] Re: Reasons ISPs (Microsoft) ignore DMARC policy?

2019-11-20 Thread Michael Rathbun via mailop
On Wed, 20 Nov 2019 19:53:07 -0500, Matt Vernhout via mailop wrote: >If a sender asked you to reject that mail with their policy do them a favour >and send a bounce that says something like ‘your DMARC said to bounce failed >messages, if this is wrong fix your authentication and try again’

Re: [mailop] [EXTERNAL] Re: Reasons ISPs (Microsoft) ignore DMARC policy?

2019-11-20 Thread Michael Wise via mailop
It's still Backscatter if you can’t do it at time-of-acceptance. Aloha, Michael. -- Michael J Wise Microsoft Corporation| Spam Analysis "Your Spam Specimen Has Been Processed." Open a ticket for Hotmail ? -Original Message- From: mailop

Re: [mailop] [EXTERNAL] Re: Reasons ISPs (Microsoft) ignore DMARC policy?

2019-11-20 Thread Matt Vernhout via mailop
If a sender asked you to reject that mail with their policy do them a favour and send a bounce that says something like ‘your DMARC said to bounce failed messages, if this is wrong fix your authentication and try again’ Bounces like this tend to get people attention. ~ Matt > On Nov 20, 2

Re: [mailop] [EXTERNAL] Re: Reasons ISPs (Microsoft) ignore DMARC policy?

2019-11-20 Thread Michael Wise via mailop
And, of course, "Reject" only works if you are checking SPF/DKIM/DMARC at the edge, before sending the final 250 ok. Afterwards, it's just another source of backscatter. Aloha, Michael. -- Michael J Wise Microsoft Corporation| Spam Analysis "Your Spam Specimen Has Been Processed." Open a ticke

Re: [mailop] Reasons ISPs (Microsoft) ignore DMARC policy?

2019-11-20 Thread Chris Wedgwood via mailop
> I don't know if mass-market ISPs view it this way, but in my roles > with email hosting providers I have never seen DMARC policies taken > seriously except as a nuisance for the operation of discussion > mailing lists. this matches my experience if i rejected messages on dmarc failure, i would

Re: [mailop] Reasons ISPs (Microsoft) ignore DMARC policy?

2019-11-20 Thread Jaroslaw Rafa via mailop
Dnia 20.11.2019 o godz. 16:11:07 Jon Burke via mailop pisze: > > For business email it makes absolute sense to quarantine emails despite > the policy being reject; but not so for consumer email I thought.. And what actually differentiates "business email" from "consumer email" in this aspect? Th

Re: [mailop] Reasons ISPs (Microsoft) ignore DMARC policy?

2019-11-20 Thread Jon Burke via mailop
Hi Vladimir, I should have specified this, but this email was received by a hotmail.com address. I was search how Hotmail (or outlook.com) handles DMARC but did not find much. For business email it makes absolute sense to quarantine emails despite the policy being reject; but not so for consum

Re: [mailop] Reasons ISPs (Microsoft) ignore DMARC policy?

2019-11-20 Thread Bill Cole via mailop
On 20 Nov 2019, at 8:17, Jon Burke via mailop wrote: I know ISPs can enforce a stricter policy (e.g. reject although policy is p=quarantine) but I don't often see ISPs applying a more lenient response than stated in the DMARC policy. I can think of one reason for doing so (user added the sende

Re: [mailop] Reasons ISPs (Microsoft) ignore DMARC policy?

2019-11-20 Thread Vladimir Dubrovin via mailop
Any forwarding without RFC5322.From munging breaks SPF authentication for DMARC. With SRS message passes SPF but fails DMARC/SPF check because SPF domain after SRS is not aligned with RFC5322.From. DKIM is supposed to solve the problem of MTA-level forwarding. But, mailing lists also break DKIM,

Re: [mailop] Reasons ISPs (Microsoft) ignore DMARC policy?

2019-11-20 Thread Paul Smith via mailop
On 20/11/2019 13:17, Jon Burke via mailop wrote:  I know ISPs can enforce a stricter policy (e.g. reject although policy is p=quarantine) but I don’t often see ISPs applying a more lenient response than stated in the DMARC policy. I can think of one reason for doing so (user added the sender to

Re: [mailop] Reasons ISPs (Microsoft) ignore DMARC policy?

2019-11-20 Thread Vladimir Dubrovin via mailop
quick googling: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dmarc-to-validate-email#inbounddmarcfail How Office 365 handles inbound email that fails DMARC If the DMARC policy of the sending server is p=reject, EOP marks the message as spam instead of re

[mailop] Reasons ISPs (Microsoft) ignore DMARC policy?

2019-11-20 Thread Jon Burke via mailop
Hi Mailop, Below is a spoofed email; it fails SPF, has no DKIM, and fails the DMARC or the 5322.From address: Received: from MW2NAM12HT207.eop-nam12.prod.protection.outlook.com (2603:10a6:6:2d::33) by DB7PR10MB1996.EURPRD10.PROD.OUTLOOK.COM with HTTPS via DB6PR07CA0023.EURPRD07.PROD.OUTLOOK.CO

Re: [mailop] delivery problems from mimecast.com

2019-11-20 Thread Suresh Ramasubramanian via mailop
Ask Nat Borenstein, he runs Mimecast :). That said there are plenty of free CAs available that should work for you. —srs From: mailop on behalf of Claus Assmann via mailop Sent: Wednesday, November 20, 2019 2:55 PM To: mailop@mailop.org Subject: [mailop] delive

[mailop] delivery problems from mimecast.com

2019-11-20 Thread Claus Assmann via mailop
Maybe someone can tell me how to avoid delivery problems from mimecst.com. Here's what I noticed so far: If my server offers STARTTLS mimecast aborts the handshake with a protocol error Info about cipher and cert offered by mimecast as client: cipher=ECDHE-RSA-AES256-GCM-SHA384, cert_subject