15
When an MX lookup fails to reveal that an e-mail address traverses Microsoft servers (lemmy.sdf.org)
submitted 1 month ago* (last edited 1 month ago) by evenwicht@lemmy.sdf.org to c/infosec@infosec.pub
17 comments fedilink hide all child comments

Before sharing my email address with some person or some org, I do an MX DNS lookup on the domain portion of their email address. It’s usually correct. That is, if the result is not of the form *.mail.protection.outlook.com, then that recipient is not using Microsoft’s mail server.

But sometimes I get stung by an exception. The MX lookup for one recipient yielded barracudanetworks.com, so I trusted them with email. But then they sent me an email and I saw a header like this:

Received: from *.outbound.protection.outlook.com (*.outbound.protection.outlook.com…

Is there any practical way to more thoroughly check whether an email address leads to traffic routing through Microsoft (or Google)?

you are viewing a single comment's thread
view the rest of the comments
[-] troyunrau@lemmy.ca 3 points 1 month ago

Question: as a small business owner, we have trouble with Microsoft hosted email aggressively spam filtering. So when we notice it in their headers or similar, we will followup on emails to them with a phone call or text message saying "sent you an email -- if you don't see it, check your spam trap"

It's taken almost four years, a dedicated IP and host, and a lot of people flagging us as not-spam to finally have a better than 50% chance with Microsoft hosted customers.

But this is the InfoSec community and your reasons are probably entirely separate. Out of curiosity, why are you declining to transit Microsoft servers? Worried about inspection or something?

[-] evenwicht@lemmy.sdf.org 2 points 1 month ago* (last edited 1 month ago)

But this is the InfoSec community and your reasons are probably entirely separate.

Infosec broadly covers:

  • Confidentiality
  • Integrity
  • Availability

Your problem as you describe it boils down to availability (which some would say is the most important infosec factor). I also have a serious availability with Microsoft. When I send email to an MS recipient (back in the days when I was willing to), MS’s servers refuse my msg because MS aggressively implements a strict IP reputation policy. And to be clear, you need not ever send any spam to have a bad IP reputation. You can simply subscribe to an ISP that gives you an IP address which the ISP has published as “residential”. And just like that, the discrimination machine kicks in.

MS does not want mail from self-hosters like myself. They want to force me to dance for them. Even though my email is RFC-compliant, MS wants me to subscribe to a more costly business class of internet service, or to pawn myself to another email service provider.

Either way, MS can fuck off. I will not lick MS’s boots.

Out of curiosity, why are you declining to transit Microsoft servers? Worried about inspection or something?

First of all, I boycott MS. The boycott is mostly driven by factors unrelated to infosec. Boycotting is no longer just refusal to buy their junk -- boycotting also means to not feed them data because they profit from the data (otherwise, why are they gratis?) I am not generally worried about info in my payloads being specifically exploited in some kind of attack by MS, but I will not feed MS data that it can profit from. I also protest non-US govs throwing away their digital sovereignty and making all their people lick the boots of a privacy-abusing US surveillance advertiser.

this post was submitted on 21 Jun 2025
15 points (100.0% liked)

Information Security

330 readers
1 users here now

founded 2 years ago
MODERATORS
himazawa@infosec.pub