I found out now why it is so. This applies if DMARC policy has p=reject or p=quarantine. The receiver's delivery system will allow the use of via so not to trigger the DMARC policy of the sender thus delivering the mail successfully.
question on email header from and reply-to
Hi,
Just like to understand about the email header particularly the From and Reply-To section.
First Question:
I received an email coming from this [sample email address and names]
From: Joe Satriani <customercare@gotowebinar.com>
Reply-To: presales@serviceit.com
Does this mean that gotowebinar.com mail servers is sending in behalf of serviceit.com domain? And when I reply to that email Joe Satriani <customercare@gotowebinar.com> it will be forwarded to presales@serviceit.com ?
Second Question:
I received an email that goes like this:
From: 'Ahmed G' via SPECIAL GROUP <specialgroup@mydomain.com>
Reply-To: ahmed@ahmeddomain.com
How was it that the From field is using my specialgroup distro list? I did not allow Ahmed and other external domains from using our mail servers as sender on behalf of our domain. It's not just that but other external domains as well we see in the reply-to field but using our distro in the From field.
Can anybody shed light?
Thanks!
1 additional answer
Sort by: Most helpful
-
Kael Yao-MSFT 37,586 Reputation points Microsoft Vendor
2021-01-13T02:55:02.42+00:00 @Janus Bariñan
Hi,First Question:
To my knowledge,the Reply-to email address can be modified via many email clients when sending emails.Let's take Outlook for example:
When you are going to use email address (userA@Domain-A.com for example) to send a new email, you can configure the Reply-to address to be anotheruser@Domain-B.com like in the following screenshot:
In this case, when the recipient replies to the email, only the anotheruser@Domain-B.com will get the reply email, while the userA@Domain-A.com won't.And in your case, if you reply to the email, only presales@serviceit.com will get your response.
Unless there are some forwarding rules or settings to forward the email to Joe Satriani <customercare@gotowebinar.com> in their environment.I think it is maybe because Joe Satriani <customercare@gotowebinar.com> set the Reply-to address himself when sending the email.
Or it may also be someone hacked the sender's account and changed the Reply-to address to send the spoofed emails which you need to pay attention to.Second Question:
I think it should be Email spoofing.
Have you configured SPF,DKIM or DMARC records for your email domain?
If haven't yet, please take it into consideration for security.
Here is an article on this topic for your reference: Office 365: Using SPF, DKIM and DMARC for Secure Messaging
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.