When an MX lookup fails to reveal that an e-mail address traverses Microsoft servers (lemmy.sdf.org)

submitted 1 month ago* (last edited 1 month ago) by evenwicht@lemmy.sdf.org to c/infosec@infosec.pub

17 comments fedilink hide all child comments

Before sharing my email address with some person or some org, I do an MX DNS lookup on the domain portion of their email address. It’s usually correct. That is, if the result is not of the form *.mail.protection.outlook.com, then that recipient is not using Microsoft’s mail server.

But sometimes I get stung by an exception. The MX lookup for one recipient yielded barracudanetworks.com, so I trusted them with email. But then they sent me an email and I saw a header like this:

Received: from *.outbound.protection.outlook.com (*.outbound.protection.outlook.com…

Is there any practical way to more thoroughly check whether an email address leads to traffic routing through Microsoft (or Google)?

you are viewing a single comment's thread
view the rest of the comments

[-] CarbonatedPastaSauce@lemmy.world 3 points 1 month ago

You’re seeing that behavior because some companies may have mailboxes in M365 but use a different provider for message hygiene, such as Barracuda, Proofpoint, MX Logic, etc. The MX points to them, they forward to an M365 inbound connector (virtual MTA) after inspecting the email.

[-] evenwicht@lemmy.sdf.org 1 points 1 month ago

Well, in that case I guess I should target Barracuda, Proofpoint, and MX Logic in the same way, since 90+% of the world is on MS or Google platforms. That’s probably my practical answer.. to distrust any MX servers that are known to be proxies. So, I need a list of proxies like that.

this post was submitted on 21 Jun 2025

15 points (100.0% liked)

Information Security

330 readers

3 users here now

founded 2 years ago

MODERATORS

himazawa@infosec.pub