Hello, In my work helping companies with email authentication, I sometimes come across interesting abuse cases. I was just talking with a customer that is a large manufacturing firm who received a report about a spoofed message sent from a domain they do not use, which is at DMARC p=reject with an empty SPF record at hard fail. The message was sent from Zohomail to a recipient at a small company who uses Carrierzone. The recipient sent headers to the messaging engineer who is my customer; the sender was able to use this domain both in the friendly From: field and even in the message ID sent via the Zohomail servers.
I don't have a lot of familiarity with either provider. Does Zohomail do no domain validation before relaying messages, or does this indicate a broader compromise? Does Carrierzone ignore DMARC and SPF? I'm interested to hear other people's experiences with these providers. Thanks, Autumn Tyr-Salvia tyrsalvia@gmail atyrsalvia@agari
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
