Information Security

330 readers

1 users here now

founded 2 years ago

MODERATORS

himazawa@infosec.pub

When an MX lookup fails to reveal that an e-mail address traverses Microsoft servers (lemmy.sdf.org)

submitted 1 week ago* (last edited 1 week ago) by evenwicht@lemmy.sdf.org to c/infosec@infosec.pub

17 comments fedilink hide all child comments

Before sharing my email address with some person or some org, I do an MX DNS lookup on the domain portion of their email address. It’s usually correct. That is, if the result is not of the form *.mail.protection.outlook.com, then that recipient is not using Microsoft’s mail server.

But sometimes I get stung by an exception. The MX lookup for one recipient yielded barracudanetworks.com, so I trusted them with email. But then they sent me an email and I saw a header like this:

Received: from *.outbound.protection.outlook.com (*.outbound.protection.outlook.com…

Is there any practical way to more thoroughly check whether an email address leads to traffic routing through Microsoft (or Google)?

you are viewing a single comment's thread
view the rest of the comments

[–] evenwicht@lemmy.sdf.org 1 points 1 week ago

Thanks! That’s quite useful.

Before emailing someone or deciding whether they get my email address, I run a script that does an MX lookup which then looks for PRISM corps in the results. It also checks the PGP keyrings to see if they have a pubkey. I’ll have to expand the script to check the TXT records as well now.