spoofing test
Sandro Santilli
strk at kbt.io
Wed Dec 27 01:27:13 PST 2023
On Sun, Dec 17, 2023 at 10:00:00AM +0200, Regina Obe wrote:
> This is not Regina, but Sandro testing if Mailman will prevent spoofing
Interestingly, the header of the email as I received it via mailing
list contained such a nice looking header:
Authentication-Results:
spool.mail.gandi.net;
dkim=none;
dmarc=none;
spf=pass (spool.mail.gandi.net: domain of "SRS0=IgYp=IG=lists.osgeo.org=sac-bounces at osgeo.org" designates 140.211.15.3 as permitted sender)
smtp.mailfrom="SRS0=IgYp=IG=lists.osgeo.org=sac-bounces at osgeo.org"
This is basically Mailman taking responsibility of the mail it sent out.
I guess the mail should have been rejected by the OSGeo MTA due to
to SPF record for pcorp.us not listing hst.kbt.io as a valid sender.
This is clearly not happening and I've created a ticket (high priority IMHO)
for dealing with this:
https://trac.osgeo.org/osgeo/ticket/3067
--strk;
Libre GIS consultant/developer
https://strk.kbt.io/services.html
More information about the Sac
mailing list