[kwlug-disc] About email, SPF, question
Mikalai Birukou
mb at 3nsoft.com
Thu Sep 5 19:03:00 EDT 2024
> We currently have thread, where one of receiving servers keeps adding
> "[Possible phishing attempt]" into subject. It happens on my posts.
>
> Is it possible that kwlug.org sender isn't in my domain's SPF, and this
> triggers such labeling?
>
> My domain is setup to the t, like protonmail asks one to set things up.
> In fact, they generate DNS records for you to copy and paste (convenient
> admin ux).
Is it signatures? Here are interesting headers. Do I read them correctly?
(1) my sending, proton to kwlug is good
(2) relaying, kwlug to proton is good, but kwlug changes body,
(3) hashes of different bodies have to be different, if hash algorithm
is good.
What am I missing here? Or is it just a mess, evolution at work, with
its cul-de-sac's?
```
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=3nsoft.com;
s=protonmail; ...
Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=kwlug.org; s=default; ...
...
Authentication-Results: mail.protonmail.ch; dmarc=fail (p=none dis=none)
header.from=3nsoft.com
Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit
rsa-sha256 signature) header.d=kwlug.org header.a=rsa-sha256;
dkim=fail (body hash mismatch (got
b'Ww5wtRW40kCe7M/Pyfyvh1dniB6/UKHY3to72XeBuh8=', expected
b'o1D+Hmpt3Y11qLWLqWmghYuWZUx1kOirGG+mMWeXrGE=')) header.d=3nsoft.com
header.a=rsa-sha256
```
More information about the kwlug-disc
mailing list