RE: [OT] Re: scattered thoughts on connection sharing

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Thanks, that actually made sense!

-----Original Message-----
From: Stuart Henderson <stu@xxxxxxxxxxxxxxx> 
Sent: Thursday, July 18, 2024 5:10 AM
To: Yagnatinsky, Mark : IT (NYK) <mark.yagnatinsky@xxxxxxxxxxxx>
Cc: openssh-unix-dev@xxxxxxxxxxx
Subject: [OT] Re: scattered thoughts on connection sharing


CAUTION: This email originated from outside our organisation - stu@xxxxxxxxxxxxxxx Do not click on links, open attachments, or respond unless you recognize the sender and can validate the content is safe.
[sorry off-topic, ignore if uninterested in dmarc/dkim/mail filters]

On 2024/07/17 22:14, mark.yagnatinsky@xxxxxxxxxxxx wrote:
> I don't know enough about DMARC to make any sense of what you just said... actually wait, maybe I get it.
> You're saying that email sent that I send to the list will land in your inbox with my address in the From header.
> But the recipient mail system will think to itself "this message 
> couldn't possibly have come from Mark, because a cursory inspection of the routing history clearly shows it came from mindrot.org"
> And then it will conclude "thus, clearly, the sender is lying about being Mark, and is trying to impersonate him.  I can safely drop this message".
> Is that about right?

barclays.com has a DNS record setup that says all mail from this domain should be authenticated, the "p=reject" in here:

$ dig _dmarc.barclays.com txt +short
"v=DMARC1; p=reject; fo=1; rua=mailto:dmarc_rua@xxxxxxxxxxxxxxxxxxxxxxxxxxx; ruf=mailto:dmarc_ruf@xxxxxxxxxxxxxxxxxxxxxxxxxxx";

This auth can either be by IP address of sending server (SPF) which is not going to work for mailing list messages, or by valid DKIM signature.

The mail admins can choose what is covered by the DKIM signature.
In the case of barclays.com there are various headers (which I think make it through the mailing list untouched) but also the body, which does not; a footer with the list URL is added.

So the mail as sent via the list fails DMARC authentication.

Most spam filters assign scores for various characteristics of emails that might indicate that a message is either unwanted or wanted.

Usually missing or failed DMARC auth gives a medium "this may be junk" score whereas various signs indicating that it was sent via a mailing list reduce the score.

Some mail filters treat certain domains specially and add a much higher score if they fail DMARC auth checks. (For rspamd this adds a "BLACKLIST_DMARC" score and the list includes various domains relating to ing, barclays, hsbc, paypal, chase, westpac, etc, as well as various other well known companies). So, sending from a barclays.com address you'll be more likely to have messages you send via a mailing list accidentally marked as junk than someone using a less "high value"
domain.

> -----Original Message-----
> From: Stuart Henderson <stu@xxxxxxxxxxxxxxx>
> Sent: Wednesday, July 17, 2024 5:56 PM
> To: Yagnatinsky, Mark : IT (NYK) <mark.yagnatinsky@xxxxxxxxxxxx>
> Cc: openssh-unix-dev@xxxxxxxxxxx
> Subject: Re: scattered thoughts on connection sharing
> 
> 
> CAUTION: This email originated from outside our organisation - stu@xxxxxxxxxxxxxxx Do not click on links, open attachments, or respond unless you recognize the sender and can validate the content is safe.
> On 2024/07/17 11:39, mark.yagnatinsky@xxxxxxxxxxxx wrote:
> > Thanks for replying!  And noted, re: patience... will do.
> 
> Note that this mailing list doesn't rewrite sender addresses, so it is likely to result in email failing DMARC checks.
> 
> In many places spam filters don't give a high enough spam score for DMARC failure to treat the mail as spam without additional signs, but for certain higher risk domains (for example, banks...) that scoring is often bumped up.
> 
> As a result, for many readers, your emails to this list are likely to have been either rejected or dropped into a spam folder at the recipient's end.
> 
> This message is for information purposes only. It is not a recommendation, advice, offer or solicitation to buy or sell a product or service, nor an official confirmation of any transaction. It is directed at persons who are professionals and is intended for the recipient(s) only. It is not directed at retail customers. This message is subject to the terms at: https://clicktime.symantec.com/15sifMjJMtQTfGdzL3fNs?h=lVMob4LbX78vTrS9haoGqX80229s1NplMtBzRGFBQvw=&u=https://www.ib.barclays/disclosures/web-and-email-disclaimer.html. 
> 
> For important disclosures, please see: https://clicktime.symantec.com/15siaXY1uGisFKp4nVGEF?h=9hv53QPuipqrukD0PNigGsVkIIyOQUOUj_v7NbjFnGk=&u=https://www.ib.barclays/disclosures/sales-and-trading-disclaimer.html regarding marketing commentary from Barclays Sales and/or Trading desks, who are active market participants; https://clicktime.symantec.com/15siL2xAXRg61VLJ9p4nP?h=iqTbMsOk6RpPOS4A9BnRjjLtkuB_iVFzZ7aW01d25ds=&u=https://www.ib.barclays/disclosures/barclays-global-markets-disclosures.html regarding our standard terms for Barclays Investment Bank where we trade with you in principal-to-principal wholesale markets transactions; and in respect to Barclays Research, including disclosures relating to specific issuers, see: https://clicktime.symantec.com/15siFCkt4ozVbYWNcFfdm?h=p7veXIGrMml0EjqDuYWnBVlY1Z2q2JlpQ-LKsqEkJ34=&u=https://publicresearch.barclays.com.
> ______________________________________________________________________
> ____________ If you are incorporated or operating in Australia, read 
> these important disclosures: https://clicktime.symantec.com/15siQs9Sz3MgRSADhNTw1?h=S2hP8eOjwnsnnOuwV0ZC0_X6q-I2Rn3_OYvdznCaXtw=&u=https://www.ib.barclays/disclosures/important-disclosures-asia-pacific.html.
> ______________________________________________________________________
> ____________ For more details about how we use personal information, 
> see our privacy notice: https://clicktime.symantec.com/15siVhLjSf3GqNz9Evs5d?h=LDDK__xnmlUy3ko_fX8tfEuTbFfCKJq4ZKG_lpj2BUc=&u=https://www.ib.barclays/disclosures/personal-information-use.html.
> ______________________________________________________________________
> ____________
This message is for information purposes only. It is not a recommendation, advice, offer or solicitation to buy or sell a product or service, nor an official confirmation of any transaction. It is directed at persons who are professionals and is intended for the recipient(s) only. It is not directed at retail customers. This message is subject to the terms at: https://www.ib.barclays/disclosures/web-and-email-disclaimer.html. 

For important disclosures, please see: https://www.ib.barclays/disclosures/sales-and-trading-disclaimer.html regarding marketing commentary from Barclays Sales and/or Trading desks, who are active market participants; https://www.ib.barclays/disclosures/barclays-global-markets-disclosures.html regarding our standard terms for Barclays Investment Bank where we trade with you in principal-to-principal wholesale markets transactions; and in respect to Barclays Research, including disclosures relating to specific issuers, see: https://publicresearch.barclays.com.
__________________________________________________________________________________ 
If you are incorporated or operating in Australia, read these important disclosures: https://www.ib.barclays/disclosures/important-disclosures-asia-pacific.html.
__________________________________________________________________________________
For more details about how we use personal information, see our privacy notice: https://www.ib.barclays/disclosures/personal-information-use.html. 
__________________________________________________________________________________
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux