OK. I will chase this up internally – I am surprised we make body encoding only changes, I can believe that the same encoding is used but the encoding results differ.
If you can reply off list with more specific examples (customer detail not required) then that would be good. In terms of the option to switch off. They should for the “pass through policy” which can be set to cause to preserve the original message as received (invalid linefeeds might change sometimes) as long as a more aggressive policy doesn’t override it. This can be set at as fine a granularity as they wish. Simon [ YouTube: http://www.youtube.com/user/mimecast#p/u/15/_523kC3lcNQ] [ Twitter: http://twitter.com/mimecast ] [ Our Blog: http://blog.mimecast.com/ ] Simon Tyler VP of Engineering and Product Research c: +44 7590 735958 p: +44 207 847 8700 http://www.mimecast.com Johannesburg Map GPS: 26' 05.940" S, 18o 28' 04.278" E (http://maps.google.com/maps/ms?hl=en&ie=UTF8&msa=0&msid=104153695170153523925.000469102c74a808b138c≪=-26.099685,28.069403&spn=0.011986,0.026178&z=16) Cape Town Map GPS: 33o 56.068" S, 18o 28.320" E (http://maps.google.com/maps/ms?source=s_q&hl=en≥ocode=&mrt=all&ie=UTF8&g=Fir+Street,+Observatory,Cape+Town&msa=0≪=-33.934753,18.4721&spn=0.00413,0.009656&z=17&msid=100887237870528382628.00046a80a3916c933dad3) ==================================================================================================================================================================== Disclaimer This email, sent at 11:56:40 on 2018-04-27 from sty...@mimecast.com to dmarc-discuss@dmarc.org has been scanned for viruses and malware by Mimecast, an innovator in software as a service (SaaS) for business. 's email continuity, security, archiving and compliancy is managed by Mimecast's unified email management platform. To find out more, email i...@mimecast.co.za or request a demo. Mimecast SA (Pty) Ltd is a registered company within the Republic of South Africa, company registration number: 2004/000965/07 VAT No. 4650210547 From: Roland Turner <rol...@rolandturner.com> Date: Thursday, 26 April 2018 at 07:39 To: Simon Tyler <sty...@mimecast.com>, "dmarc-discuss@dmarc.org" <dmarc-discuss@dmarc.org> Subject: Re: [dmarc-discuss] Mimecast and Office 365 Hi Simon, Many thanks for following this up! I'm not in a position to name the Mimecast customer in question, but will certainly forward your message to them. Their understanding was that the unpacking and repacking was unconditional, that Mimecast provided no option to turn it off for specified recipients whose live mailboxes were hosted elsewhere (there was MTA-level forwarding happening within the customer's environment) and for whom DKIM-preserving forwarding was therefore a requirement, the only Mimecast features required for those particular users being upfront spam filtering. In the test messages that I saw, Mimecast was making no policy-relevant content changes at all, it was merely changing the body encoding; this breaks DKIM signatures and therefore DMARC but has little other practical effect. A non-"body based" DKIM signature is essentially an invitation to phish, as it allows an adversary to present - and have pass DKIM validation - any body and attachments that they wish. It is technically possible to sign headers only but this is not a widespread practice, and not an obviously useful one. The recent discussion on this list about internal DMARC checks appears to have been a discussion at crossed purposes: internal to Office 365 vs. internal to a single tenant. Regards, - Roland
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)