The reply-to header attack

%3CLINGO-SUB%20id%3D%22lingo-sub-2577312%22%20slang%3D%22en-US%22%3EThe%20reply-to%20header%20attack%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2577312%22%20slang%3D%22en-US%22%3E%3CP%3EPlease%20I%20need%20some%20clarification%20as%20to%20this%20statement%20in%20this%20article%20below%3C%2FP%3E%3CDIV%3E%3CSPAN%3E%3CSTRONG%3E4.%20The%20Reply-To%3CBR%20%2F%3E.%3C%2FSTRONG%3E%3C%2FSPAN%3E%20The%20Reply-To%20header%20is%20added%20when%20the%20originator%20of%20the%20message%20wants%20any%20replies%20to%20the%20message%20to%20go%20to%20that%20particular%20email%20address%20rather%20than%20the%20one%20in%20the%20From%3A%20address.%20This%20usually%20shows%20up%20as%20a%20separate%20field%20in%20the%20email%20client.%20There%20is%20no%20technique%20(SPF%2C%20DKIM%2C%20DMARC%2C%20or%20any%20other%20technology)%20that%20protects%20the%20Reply-To%20header.%3C%2FDIV%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Farchive%2Fblogs%2Ftzink%2Fwhat-do-we-mean-when-we-refer-to-the-sender-of-an-email%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Farchive%2Fblogs%2Ftzink%2Fwhat-do-we-mean-when-we-refer-to-the-sender-of-an-email%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20need%20to%20confirm%20if%20this%20statement%20above%20is%20correct%20or%20not%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fhow-office-365-validates-the-from-address%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fhow-office-365-validates-the-from-address%3Fview%3Do365-worldwide%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Please I need some clarification as to this statement in this article below

4. The Reply-To
.
The Reply-To header is added when the originator of the message wants any replies to the message to go to that particular email address rather than the one in the From: address. This usually shows up as a separate field in the email client. There is no technique (SPF, DKIM, DMARC, or any other technology) that protects the Reply-To header.

https://docs.microsoft.com/en-us/archive/blogs/tzink/what-do-we-mean-when-we-refer-to-the-sender-of-... 

 

 

I need to confirm if this statement above is correct or not 

 

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/how-office-365-validates... 

 

0 Replies