DMARC/DKIM mitigation on maling lists

Greg Troxel gdt at lexort.com
Wed Nov 8 04:43:45 PST 2023


This is not really related to dealing with DMARC, but I noticed
something in your message.

Here are the headers in the messaeg, minus a couple added by my system
(spam filtering scores) omitted to reduce noise.

  - Your message has a From: of neteler at osgeo.org.
  - it was actually sent via google.
    * google did not include your client's IP address (that's great)
    * google has an X-Google-DKIM-Signature instead of DKIM-Signature
      (This is bizarre but not news to me)
    * google's faux DKIM header is from 1e100.net
      (also odd but not news)
  - osgeo.org applied a dkim signature from osgeo.org to the list
    message


This last point is normal in many ways; it signs the mail as coming from
osgeo so that people can

welcomelist_from_dkim	*@*	osgeo.org

to not filter things coming from the list.  However, your message did
not actually come from osgeo.org, it seems, and thus really shouldn't
have gotten a fresh DKIM signature.

What you are doing is of course totally normal, but in the world of
DKIM/DMARC (and then ARC) that I think we are heading to, outgoing mail
has to be handled by the outgoing MTA of the domain, and not sent via
some other domain's MTA.

This is particularly an issue for people with secondary email addresses,
like this case.
    
  



Return-Path: <SRS0=aK0C=GV=lists.osgeo.org=sac-bounces at osgeo.org>
Received: from lists.osgeo.org (osgeo6.osgeo.osuosl.org [140.211.15.3])
	by s1.lexort.com (Postfix) with ESMTP id 3C5AF4106FC
	for <gdt at lexort.com>; Wed,  8 Nov 2023 07:12:35 -0500 (EST)
Authentication-Results: s1.lexort.com; dkim=pass (2048-bit key) header.d=osgeo.org header.i=@osgeo.org header.b=UNpkdFdY
Received: from osgeo6.osgeo.osuosl.org (localhost [127.0.0.1]) by lists.osgeo.org (Postfix) with ESMTP id 0B62C613C189; Wed,  8 Nov 2023 04:12:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=osgeo.org; s=mail;
	t=1699445555; bh=t9fnzoscK2inK9dMf/tp0yVIc8rjv0kXC2dDl45Vroo=;
	h=References:In-Reply-To:From:Date:Subject:To:List-Id:
	 List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
	 From;
	b=UNpkdFdYJ8dzuwk0GFzWV9/pOHlXlGis4n0/DlM4U/D1CWwhHQRJyH/r44VSZiK2P
	 XRftYOiCqz+wcOv4a30b10R+iPs/yaOl/wJ3o2pZgvZtxdLGYBVSrrh2H9qTyziH7E
	 oC+V3Svwoz42k9vBJedBtyyiSaIUw0ABmsVf/n7DwovBYLuYFJfBguSWTQfTDpXmIL
	 paTV8+EtKJmS4VhCbWEoj0zd7jrPKpW4SYdORfZv+5xafBV6VCf1of5qquuUETaQ4n
	 Ua/DfIIXn0EkhHIqoEpuxI9rRtNKKp/X7pZpJ0BomwmE/DlaT7ow4V5qRdX3Yl1P9x
	 JUzfaSQR6dsKw==
Received: from mail-ej1-f44.google.com (mail-ej1-f44.google.com
 [209.85.218.44])
 by lists.osgeo.org (Postfix) with ESMTPS id 16A9661424E2
 for <sac at lists.osgeo.org>; Wed,  8 Nov 2023 04:12:34 -0800 (PST)
Received: by mail-ej1-f44.google.com with SMTP id a640c23a62f3a-9be02fcf268so1018084566b.3 for <sac at lists.osgeo.org>; Wed, 08 Nov 2023 04:12:33 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1699445552; x=1700050352;
 h=content-transfer-encoding:to:subject:message-id:date:from
 :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=t9fnzoscK2inK9dMf/tp0yVIc8rjv0kXC2dDl45Vroo=;
 b=pgVGUXFdAx4A0sEZfZ71kljzEyuYrPKyhvAUpWC3Do6XHrwU2eb/SdnejG68Ru3f0+
 ZbxAvbeJMaRsPOQUDOvXyFwb3DrbHaAKBOy1i1jIUAl2EJ4LcLPLG7OIxAWdhq4yfk82
 cFBtwitK6fXe+d23LDnv2Cg0HtuiL+R2oW61iKqOoZjTOX1AY4HLcZHQjUyjjgNkFtEI
 Ea2G5QzXHu9xliV5mj73CMhcr0mk7V7zvvpLQLI9cD3iGMiObK2MWiBCKgAPTONiJ7bf
 lnF94yQNP4YfQ5rXnoHZuTdqbdr20BlGSI115CeIK7i0okOVmcQ/CGDnhxWbFfmLtQ3s
 d4FA==
X-Gm-Message-State: AOJu0YwMOweh84+TOLPC9d0OrokjDMT9yM8dulJTKwn2VS0qCpinQRDT 40WoYEKJjHUAlVxuXw3kA69WyBxa1LY7Jm88c+PsH8c5JcSuYhzK
X-Google-Smtp-Source: AGHT+IG4643go/OrYZcNMGW0yDmUgNSBfKL3rKMHfirB+eWjU+sdTKmnKsviiTwccgg0QT7IXoBShIGGkWfX/Bm+EeI=
X-Received: by 2002:a17:907:7ba5:b0:9df:bc8d:fbc8 with SMTP id ne37-20020a1709077ba500b009dfbc8dfbc8mr1472978ejc.37.1699445552259; Wed, 08 Nov 2023 04:12:32 -0800 (PST)
MIME-Version: 1.0
References: <002a01da075d$776917e0$663b47a0$@pcorp.us>
 <rmi34xy1y0k.fsf at s1.lexort.com>
 <002b01da075f$893ec210$9bbc4630$@pcorp.us> <rmir0lizekw.fsf at s1.lexort.com>
 <003401da078b$d7e29410$87a7bc30$@pcorp.us> <ZTpWzZ4Qvri1CFmb at c19>
 <ZTty0VH3w3kmuGIT at c19> <rmizfzzinds.fsf at s1.lexort.com>
 <8ef85620-59d4-40c8-ac7e-07af8ba3aa09 at betaapp.fastmail.com>
 <ZUoZAzLW4b/6w+AI at c19> <ZUtvhmhiRTGb/Bhe at c19>
In-Reply-To: <ZUtvhmhiRTGb/Bhe at c19>
From: Markus Neteler <neteler at osgeo.org>
Date: Wed, 8 Nov 2023 13:12:20 +0100
Message-ID: <CALFmHhsecrhbhECRAj5sDTJtA2o1+dZncxt--SrMbVG8Wq4=_g at mail.gmail.com>
Subject: Re: DMARC/DKIM mitigation on maling lists
To: sac at lists.osgeo.org, jmckenna at gatewaygeomatics.com, howard at hobu.co,  lr at pcorp.us
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-BeenThere: sac at lists.osgeo.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: System Administration Committee Discussion/OSGeo <sac.lists.osgeo.org>
List-Unsubscribe: <https://lists.osgeo.org/mailman/options/sac>, <mailto:sac-request at lists.osgeo.org?subject=unsubscribe>
List-Archive: <http://lists.osgeo.org/pipermail/sac/>
List-Post: <mailto:sac at lists.osgeo.org>
List-Help: <mailto:sac-request at lists.osgeo.org?subject=help>
List-Subscribe: <https://lists.osgeo.org/mailman/listinfo/sac>, <mailto:sac-request at lists.osgeo.org?subject=subscribe>
Errors-To: sac-bounces at lists.osgeo.org
X-Greylist: Sender IP whitelisted by DNSRBL, not delayed by milter-greylist-4.6.4 (s1.lexort.com [71.19.148.97]); Wed, 08 Nov 2023 07:12:35 -0500 (EST)


More information about the Sac mailing list