LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L
Options: Use Monospaced Font
Show HTML Part by Default
Show All Mail Headers

Topic: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Re: Office 365 and fraud detection errors
Bryan Bradsby <[log in to unmask]>
Tue, 22 Nov 2016 12:04:40 -0600
text/plain (5 kB) , text/html (14 kB) 
We saw the O365 pink fraud detection notice on the top of an email that
one of our customers sent to one of our mailing lists. 
The fraud notice was only in the copy relayed by the mailing list
server, and delivered back to the originator. 

We asked the Exchange admin to whitelist the list server by IP, and
that seems to have solved it for now.

We will be re-configuring the mailing list server to change the
envelope sender to the list server domain, instead of allowing it to
appear to be the submitter's address.


At your service,
Bryan Bradsby


512.936.2248 
Texas State Government Network


On Tue, 2016-11-22 at 16:54 +0000, Silcox, Matthew wrote:
> 
> 
> 
> <!--
> p
> 	{margin-top:0;
> 	margin-bottom:0}
> -->
> 
> 
> 
> > > > Same thing happening at Kent State University. We've assumed it's
related to lack of SPF and DKIM, as GMail has been causing us similar
grief. We're reviewing weekly DMARC reports to get our email auth
plan underway, but getting information out of either
> >  vendor (Google and Microsoft) about a definitive cause is like
pulling teeth.
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Respectfully,
> Matthew Silcox
> 
> 
> 
> 
> Senior Systems Administrator
> 
> Client Infrastructure Group | Information Services
> 
> Kent State University
> 
> 
>  
>    330.672.1290
>  
>    [log in to unmask]
> 
> 
> 
> 
> 
>  
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> > > From: LISTSERV Site Administrators' Forum <[log in to unmask]
COM> on behalf of F J Kelley <[log in to unmask]>
> 
> Sent: Tuesday, November 22, 2016 11:51:26 AM
> 
> To: [log in to unmask]
> 
> Subject: Re: Office 365 and fraud detection errors
>  
> 
> 
> 
> 
> 
> 
> > > > I have seen on Listserv mail too.  It has also shown up on posts to
the Office 365 list (Mailman list, hosted at UCDavis).  Had a rather
hostile session with someone from MS yesterday (in fairness, I was
not exactly in a good mood) and
> > >  went after them on RFC822 Sec 4.4.1 and 4.4.2 (yes, there are more
current, but I don't believe these sections have been superseded -
yet)
> 
> > > > It kind of culminated with me asking if his recommendation was the
UGA SPF designate UCDavis.  As I say, it was not altogether friendly,
and I wasn't in such a good mood (though I do feel bad venting on the
tech support folks).  At the conclusion, I believe
> > > >  he actually did read the sections.  Even so, this is coming from
Exchange Online Protection (EOP).  It seems *like* (but not quite)
the beloved DMARC issue of 2014, and I doubt there is any good
resolution.
> 
> --joe
> 
> 
> 
> ________________________________________
> 
> > > From: LISTSERV Site Administrators' Forum <[log in to unmask]
COM> on behalf of Helmke,Richard A <[log in to unmask]>
> 
> Sent: Monday, November 21, 2016 9:18 PM
> 
> To: [log in to unmask]
> 
> Subject: Office 365 and fraud detection errors
> 
> 
> 
> > > We are running a RedHat/Postfix configuration of LISTSERV 16.0-
2014B.  Within the last 20 days a number of our subscribers on
various lists have started receiving:
> 
> 
> 
> > “This sender failed our fraud detection checks and may not be who
they appear to be. Learn about spoofing at
> 
> > > > https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Faka.m
s%2FLearnAboutSpoofing&data=01%7C01%7Cmsilcox%40KENT.EDU%7C7d83ec17f9
6b4f1cca5008d412f7d28b%7Ce5a06f4a1ec44d018f73e7dd15f26134%7C1&sdata=X
cm5zafNplZTVGqx4E8jgh6JlCi%2BZpaEixi6DBgKoBY%3D&reserved=0”
> 
> 
> 
> > > > This occurs after the subscriber on Office 365 has submitted a
posting and after distribution his copy is sent to him with this flag
-- no other subscribers on other domains see this error, but other
subscribers in his domain also see this warning.
> 
> 
> 
> 
> 
> > > We have a valid SPF record in place for listserv.cuis.edu, but have
not implemented any kind of DKIM or DMARC records on LISTSERV (or
elsewhere).
> 
> 
> 
> > > > Is this a 'new' common problem?  Is there a workaround (there are
many domains affected because many of our subscribers are Office 365
users)?  Both LSoft and Microsoft have suggested that a valid SPF
record for our LISTSERV should be enough, but that is obviously
>  not working for us.
> 
> 
> 
> -Rich Helmke
> 
> 
> 
> ________________________________
> 
> 
> 
> To unsubscribe from the LSTSRV-L list, click the following link:
> 
> > > > > https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpeach
.ease.lsoft.com%2Fscripts%2Fwa-PEACH.exe%3FSUBED1%3DLSTSRV-
L%26A%3D1&data=01%7C01%7Cmsilcox%40KENT.EDU%7C7d83ec17f96b4f1cca5008d
412f7d28b%7Ce5a06f4a1ec44d018f73e7dd15f26134%7C1&sdata=BxvEap0u%2BQ4F
cFzFPfXmhgb7Adcqomif3%2B8cjOWarTM%3D&reserved=0
> 
> 
> 
> ############################
> 
> 
> 
> To unsubscribe from the LSTSRV-L list:
> 
> write to: mailto:[log in to unmask]
> 
> or click the following link:
> 
> > > > > https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpeach
.ease.lsoft.com%2Fscripts%2Fwa-PEACH.exe%3FSUBED1%3DLSTSRV-
L%26A%3D1&data=01%7C01%7Cmsilcox%40KENT.EDU%7C7d83ec17f96b4f1cca5008d
412f7d28b%7Ce5a06f4a1ec44d018f73e7dd15f26134%7C1&sdata=BxvEap0u%2BQ4F
cFzFPfXmhgb7Adcqomif3%2B8cjOWarTM%3D&reserved=0
> 
> 
> 
> 
> 
> 
> 
> 
> 
> To unsubscribe from the LSTSRV-L list, click the following link:
> 
> http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1
> 

############################

To unsubscribe from the LSTSRV-L list:
write to: mailto:[log in to unmask]
or click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1

ATOM RSS1 RSS2