Same thing happening at Kent State University. We've assumed it's related to lack of SPF and DKIM, as GMail has been causing us similar grief. We're reviewing weekly DMARC reports to get our email auth plan underway, but getting information out of either vendor (Google and Microsoft) about a definitive cause is like pulling teeth.
|
Respectfully, Matthew Silcox |
||
|
Senior Systems Administrator Client Infrastructure Group | Information Services Kent State University |
|
|
From: LISTSERV Site Administrators' Forum <[log in to unmask]> on behalf of F J Kelley <[log in to unmask]>
Sent: Tuesday, November 22, 2016 11:51:26 AM
To: [log in to unmask]
Subject: Re: Office 365 and fraud detection errors
Sent: Tuesday, November 22, 2016 11:51:26 AM
To: [log in to unmask]
Subject: Re: Office 365 and fraud detection errors
I have seen on Listserv mail too. It has also shown up on posts to the Office 365 list (Mailman list, hosted at UCDavis). Had a rather hostile session with someone from MS yesterday (in fairness, I was not exactly in a good mood) and
went after them on RFC822 Sec 4.4.1 and 4.4.2 (yes, there are more current, but I don't believe these sections have been superseded - yet)
It kind of culminated with me asking if his recommendation was the UGA SPF designate UCDavis. As I say, it was not altogether friendly, and I wasn't in such a good mood (though I do feel bad venting on the tech support folks). At the conclusion, I believe he actually did read the sections. Even so, this is coming from Exchange Online Protection (EOP). It seems *like* (but not quite) the beloved DMARC issue of 2014, and I doubt there is any good resolution.
--joe
________________________________________
From: LISTSERV Site Administrators' Forum <[log in to unmask]> on behalf of Helmke,Richard A <[log in to unmask]>
Sent: Monday, November 21, 2016 9:18 PM
To: [log in to unmask]
Subject: Office 365 and fraud detection errors
We are running a RedHat/Postfix configuration of LISTSERV 16.0-2014B. Within the last 20 days a number of our subscribers on various lists have started receiving:
“This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing at https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Faka.ms%2FLearnAboutSpoofing&data=01%7C01%7Cmsilcox%40KENT.EDU%7C7d83ec17f96b4f1cca5008d412f7d28b%7Ce5a06f4a1ec44d018f73e7dd15f26134%7C1&sdata=Xcm5zafNplZTVGqx4E8jgh6JlCi%2BZpaEixi6DBgKoBY%3D&reserved=0”
This occurs after the subscriber on Office 365 has submitted a posting and after distribution his copy is sent to him with this flag -- no other subscribers on other domains see this error, but other subscribers in his domain also see this warning.
We have a valid SPF record in place for listserv.cuis.edu, but have not implemented any kind of DKIM or DMARC records on LISTSERV (or elsewhere).
Is this a 'new' common problem? Is there a workaround (there are many domains affected because many of our subscribers are Office 365 users)? Both LSoft and Microsoft have suggested that a valid SPF record for our LISTSERV should be enough, but that is obviously not working for us.
-Rich Helmke
________________________________
To unsubscribe from the LSTSRV-L list, click the following link:
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpeach.ease.lsoft.com%2Fscripts%2Fwa-PEACH.exe%3FSUBED1%3DLSTSRV-L%26A%3D1&data=01%7C01%7Cmsilcox%40KENT.EDU%7C7d83ec17f96b4f1cca5008d412f7d28b%7Ce5a06f4a1ec44d018f73e7dd15f26134%7C1&sdata=BxvEap0u%2BQ4FcFzFPfXmhgb7Adcqomif3%2B8cjOWarTM%3D&reserved=0
############################
To unsubscribe from the LSTSRV-L list:
write to: mailto:[log in to unmask]
or click the following link:
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpeach.ease.lsoft.com%2Fscripts%2Fwa-PEACH.exe%3FSUBED1%3DLSTSRV-L%26A%3D1&data=01%7C01%7Cmsilcox%40KENT.EDU%7C7d83ec17f96b4f1cca5008d412f7d28b%7Ce5a06f4a1ec44d018f73e7dd15f26134%7C1&sdata=BxvEap0u%2BQ4FcFzFPfXmhgb7Adcqomif3%2B8cjOWarTM%3D&reserved=0
It kind of culminated with me asking if his recommendation was the UGA SPF designate UCDavis. As I say, it was not altogether friendly, and I wasn't in such a good mood (though I do feel bad venting on the tech support folks). At the conclusion, I believe he actually did read the sections. Even so, this is coming from Exchange Online Protection (EOP). It seems *like* (but not quite) the beloved DMARC issue of 2014, and I doubt there is any good resolution.
--joe
________________________________________
From: LISTSERV Site Administrators' Forum <[log in to unmask]> on behalf of Helmke,Richard A <[log in to unmask]>
Sent: Monday, November 21, 2016 9:18 PM
To: [log in to unmask]
Subject: Office 365 and fraud detection errors
We are running a RedHat/Postfix configuration of LISTSERV 16.0-2014B. Within the last 20 days a number of our subscribers on various lists have started receiving:
“This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing at https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Faka.ms%2FLearnAboutSpoofing&data=01%7C01%7Cmsilcox%40KENT.EDU%7C7d83ec17f96b4f1cca5008d412f7d28b%7Ce5a06f4a1ec44d018f73e7dd15f26134%7C1&sdata=Xcm5zafNplZTVGqx4E8jgh6JlCi%2BZpaEixi6DBgKoBY%3D&reserved=0”
This occurs after the subscriber on Office 365 has submitted a posting and after distribution his copy is sent to him with this flag -- no other subscribers on other domains see this error, but other subscribers in his domain also see this warning.
We have a valid SPF record in place for listserv.cuis.edu, but have not implemented any kind of DKIM or DMARC records on LISTSERV (or elsewhere).
Is this a 'new' common problem? Is there a workaround (there are many domains affected because many of our subscribers are Office 365 users)? Both LSoft and Microsoft have suggested that a valid SPF record for our LISTSERV should be enough, but that is obviously not working for us.
-Rich Helmke
________________________________
To unsubscribe from the LSTSRV-L list, click the following link:
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpeach.ease.lsoft.com%2Fscripts%2Fwa-PEACH.exe%3FSUBED1%3DLSTSRV-L%26A%3D1&data=01%7C01%7Cmsilcox%40KENT.EDU%7C7d83ec17f96b4f1cca5008d412f7d28b%7Ce5a06f4a1ec44d018f73e7dd15f26134%7C1&sdata=BxvEap0u%2BQ4FcFzFPfXmhgb7Adcqomif3%2B8cjOWarTM%3D&reserved=0
############################
To unsubscribe from the LSTSRV-L list:
write to: mailto:[log in to unmask]
or click the following link:
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpeach.ease.lsoft.com%2Fscripts%2Fwa-PEACH.exe%3FSUBED1%3DLSTSRV-L%26A%3D1&data=01%7C01%7Cmsilcox%40KENT.EDU%7C7d83ec17f96b4f1cca5008d412f7d28b%7Ce5a06f4a1ec44d018f73e7dd15f26134%7C1&sdata=BxvEap0u%2BQ4FcFzFPfXmhgb7Adcqomif3%2B8cjOWarTM%3D&reserved=0
To unsubscribe from the LSTSRV-L list, click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1