On 10/05/2018, 13:46, "David Jones" <djo...@ena.com> wrote:
>Do you have a reason to think that that's possible?
>It doesn't seem very likely, but there are some default whitelist
>entries that should go if it is.
Which part is possible? The trial accounts blasting spam or the
toysrus.com SPF matching? Anyone on O365 not using webmail or Outlook
can spoof any other O365 customer using authenticated SMTP to
smtp.office365.com where they can control the envelope-from and From:
header and the SPF check will pass. The only thing stopping it is
Microsoft's ability to detect unusual activity.
Not only is it possible - I've had actual examples of this happening on our
platform, spoofed Envelope-From spam sent through O365 and the SPF passing...
Paul
--
Paul Stead
Senior Engineer (Tools & Technology)
Zen Internet
Direct: 01706 902018
Web: zen.co.uk
Winner of 'Services Company of the Year' at the UK IT Industry Awards
This message is private and confidential. If you have received this message in
error, please notify us and remove it from your system.
Zen Internet Limited may monitor email traffic data to manage billing, to
handle customer enquiries and for the prevention and detection of fraud. We may
also monitor the content of emails sent to and/or from Zen Internet Limited for
the purposes of security, staff training and to monitor quality of service.
Zen Internet Limited is registered in England and Wales, Sandbrook Park,
Sandbrook Way, Rochdale, OL11 1RY Company No. 03101568 VAT Reg No. 686 0495 01
