Validating From headers is the whole thing behind DMARC. Yes, an MSP should validate the From header for mail it originates, but there are often cases such as various kinds of relaying, where doing so is not possible. One can use DMARC or other heuristics to try and figure that out when forwarding/relaying, but its definitely not a "this obviously shouldn't happen" kind of thing.
The flip side is you can also implement DMARC and reject the spoofed mail from MS if they are indeed failing at it. Brandon On Tue, Nov 8, 2022 at 2:39 PM MRob via mailop <mailop@mailop.org> wrote: > Hello, > Microsoft doesn't limit FROM header spoof? I saw message like: > > Envelope from: example.user207@<redacted>.onmicrosoft.com > To: <address on my domain> > From: support@<fake domain made from *username* of recipient> > > For example if TO=rob...@example.com then FROM=supp...@robert.com > > Is too complicated for microsoft check the FROM header belong to the > senders account? > > Is best always reject mail from <anything>.onmicrosoft.com? > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
