Missing Security Authentication Headers in Email

Discussion in 'other security issues & news' started by urbanplayer, Jul 25, 2019.

  1. urbanplayer

    urbanplayer Registered Member

    Joined:
    Jul 25, 2019
    Posts:
    1
    Location:
    london
    Hi all,

    I have two copies of the same email.

    One copy is showing me the authentication results in the email header, e.g dmarc/spf/dkim results.

    The other copy is not showing me this.

    The email has come the same sender, who forwarded it as a .msg attachment.

    Any idea what might be the reason for the headers not aligning?

    Thanks in advance,

    urban
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,988
    They got routed via different mail servers, right? I mean, one went from the sender to their email server, and then back. And the other went from the sender to their email server, from there (perhaps via other servers) to your email server, and then to you. So it'd be surprising if the headers matched.

    It might point to a misconfiguration in the server that's not doing authentication right.
     
  3. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    931
    Location:
    Member state of European Union
    Forwarding means e-mail is sent from another SMTP server. This means headers are not valid for that action, so they are removed or ignored.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,988
    Well, op wrote:
    I doubt that servers would be messing with contents of attachments.
    https://www.adviksoft.com/blog/extract-attachments-from-msg-files-without-outlook-installation/
     
  5. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    931
    Location:
    Member state of European Union
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.