Before sharing my email address with some person or some org, I do an MX DNS lookup on the domain portion of their email address. It’s usually correct. That is, if the result is not of the form *.mail.protection.outlook.com, then that recipient is not using Microsoft’s mail server.

But sometimes I get stung by an exception. The MX lookup for one recipient yielded barracudanetworks.com, so I trusted them with email. But then they sent me an email and I saw a header like this:

Received: from *.outbound.protection.outlook.com (*.outbound.protection.outlook.com…

Is there any practical way to more thoroughly check whether an email address leads to traffic routing through Microsoft (or Google)?

  • evenwicht@lemmy.sdf.orgOPEnglish
    2·
    9 days ago

    I think I’ve been stung by the same server twice. I vaguely recall another address that resolved to barracudanetworks.com, where msgs from that other user to me had MS outlook in the headers. So I wonder if barracudanetworks is setup to be a proxy or façade of sorts for MS, in which case I could track this.

    So what if for every email I receive, I have a program that checks for MS in the headers and (if MS matches) it does an MX lookup on the sender address, which it could then store in a DB to track patterns. This could also be a shared DB so a group of people could benefit from associating non-MS MX servers (like barracudanetworks) to MS. Imperfect of course, but perhaps accurate enough?

    Ultimately this is GDPR issue. Data subjects are supposed to be able to know who gets their info and legally they have control over it. Email is somewhat incompatible with the GDPR in this regard.

    • Brkdncr@lemmy.worldEnglish
      51·
      9 days ago

      Barracuda provides email gateway security for any email server including Exchange Online.

      There’s no way to tell unless you see the message route itself. To do that you’d need to see the headers of a message sent by you after it’s received by the recipient. This is simply the expected design of email transport.

    • CarbonatedPastaSauce@lemmy.worldEnglish
      3·
      9 days ago

      You’re seeing that behavior because some companies may have mailboxes in M365 but use a different provider for message hygiene, such as Barracuda, Proofpoint, MX Logic, etc. The MX points to them, they forward to an M365 inbound connector (virtual MTA) after inspecting the email.

      • evenwicht@lemmy.sdf.orgOPEnglish
        1·
        8 days ago

        Well, in that case I guess I should target Barracuda, Proofpoint, and MX Logic in the same way, since 90+% of the world is on MS or Google platforms. That’s probably my practical answer… to distrust any MX servers that are known to be proxies. So, I need a list of proxies like that.