this post was submitted on 21 Jun 2025
14 points (93.8% liked)

Information Security

330 readers
6 users here now

founded 2 years ago
MODERATORS
 

Before sharing my email address with some person or some org, I do an MX DNS lookup on the domain portion of their email address. It’s usually correct. That is, if the result is not of the form *.mail.protection.outlook.com, then that recipient is not using Microsoft’s mail server.

But sometimes I get stung by an exception. The MX lookup for one recipient yielded barracudanetworks.com, so I trusted them with email. But then they sent me an email and I saw a header like this:

Received: from *.outbound.protection.outlook.com (*.outbound.protection.outlook.com…

Is there any practical way to more thoroughly check whether an email address leads to traffic routing through Microsoft (or Google)?

you are viewing a single comment's thread
view the rest of the comments
[–] CarbonatedPastaSauce@lemmy.world 3 points 1 week ago (1 children)

You’re seeing that behavior because some companies may have mailboxes in M365 but use a different provider for message hygiene, such as Barracuda, Proofpoint, MX Logic, etc. The MX points to them, they forward to an M365 inbound connector (virtual MTA) after inspecting the email.

[–] evenwicht@lemmy.sdf.org 1 points 1 week ago

Well, in that case I guess I should target Barracuda, Proofpoint, and MX Logic in the same way, since 90+% of the world is on MS or Google platforms. That’s probably my practical answer.. to distrust any MX servers that are known to be proxies. So, I need a list of proxies like that.