IETF Logo Mail Archive

Re: [ietf-dkim] Mailsploit

"Murray S. Kucherawy" <superuser@gmail.com> Wed, 06 December 2017 01:58 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F836128B51 for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Tue, 5 Dec 2017 17:58:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.088
X-Spam-Level:
X-Spam-Status: No, score=-1.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, DKIM_SIGNED=0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uatkp__CVl3D for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Tue, 5 Dec 2017 17:58:28 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0472126CF6 for <ietf-dkim-archive@ietf.org>; Tue, 5 Dec 2017 17:58:28 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [127.0.0.1]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vB61rQpt029740; Tue, 5 Dec 2017 17:53:27 -0800
Authentication-Results: simon.songbird.com; dkim=fail reason="verification failed; unprotected key" header.d=gmail.com header.i=@gmail.com header.b=Na+DrZiA; dkim-adsp=none (unprotected policy); dkim-atps=neutral
Received: from mail-qt0-f178.google.com (mail-qt0-f178.google.com [209.85.216.178]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vB61rN1W029728 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <ietf-dkim@mipassoc.org>; Tue, 5 Dec 2017 17:53:24 -0800
Received: by mail-qt0-f178.google.com with SMTP id 33so5563710qtv.1 for <ietf-dkim@mipassoc.org>; Tue, 05 Dec 2017 17:53:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=f+ekMcXK0wJ1CiM3SHoR0oVkYUUWmWRk1svKN0E3nEw=; b=Na+DrZiAhkMTi16Gu4t/o1TDcNnPBZgMG3O7KQLG1tP2JvcOgBy8xaxTfb0AuR0obT UAMHnDqRNfvdyhg3/TfBl4ta9rO7l/psJYJ3ZU5hE+qAsbSNdHIIiik/dclu7jyJ6IHZ fXe05gQbH8WhWU9mpQQoaqoFr84iEL1d/yONHe7Nc/Xr6cMgu0N4zMeDoTo5o4qeC0WL dwmLL1D48Dq2FUKdoXWkGXVYgutw4NRN8rQVsDx5/wc/L3H17O8332hOOY0+QL7eS6Te kgg3VokktJwA9yaf0Cmc3b0GjXDsLvVdIoNRm8X5mC/kgTkfFIwIxNJIJ/NeaEkPivN4 fkMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=f+ekMcXK0wJ1CiM3SHoR0oVkYUUWmWRk1svKN0E3nEw=; b=Ke4SZCzBYMoW9D1ROhbgO+Rm859PYEHy7PHg+Kq9gZ2L4yAvZhTsZhXiW6yZEDhCwb GgXe1lZ+ZKGnTrQvYMDtNXOajISD5OYokSjYjmUqPGxMazjsrwcD6tatanDuQjkHRqFj wwILk6CRb2b5KTq1TdeJg+UuV4kbNVSn9yKmFcs/SdPX1LVb+uN8OtLwQ9+rMP/Hz+Zp f25nj4VgijDTRZMuTIiFrEhGrBce3Tq6wNFkJ1mLmPt0pKzVN1ePinZYX0SdkmVr3MXQ dXU8hILh9BDXtAwUjbqa6vE0++Y9euiCcA5twrmMF20hecKWg5AY4DwU8utWt1bwPH3n EXIw==
X-Gm-Message-State: AKGB3mINA3H0oOUIBSZ7zu1WBnSn4On+Merdf4HdCDXn45vdoKSD87aM ZPqhf3unZkO/vZvH29a6SR1Ha6uWvzqmedbU8E7xLQ==
X-Google-Smtp-Source: AGs4zMad5fn5b7jwRjUECmBaicFUMzWKs9VCVegBrt888igSsYUOfpM4akxGwEZ7zKSXlp+iCM+xm64R+S9J98N1D/A=
X-Received: by 10.55.119.70 with SMTP id s67mr24953670qkc.45.1512525179833; Tue, 05 Dec 2017 17:52:59 -0800 (PST)
MIME-Version: 1.0
Received: by 10.237.33.81 with HTTP; Tue, 5 Dec 2017 17:52:59 -0800 (PST)
In-Reply-To: <AC49DDAA-42BE-42E7-9045-86A63DA3EDFB@wordtothewise.com>
References: <CAHNGrjEzrmdbjhxf_W2qkX8eiSoSaoYoiMDma3yuM2brS6KVmw@mail.gmail.com> <C0EC2083-D802-4D8A-B9ED-E40C7B4A97FB@wordtothewise.com> <ff8e0c73-3351-5258-b903-759f73661bf8@bbiw.net> <AC49DDAA-42BE-42E7-9045-86A63DA3EDFB@wordtothewise.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Tue, 05 Dec 2017 17:52:59 -0800
Message-ID: <CAL0qLwZjjg6ejpFk8eE4GQpH4zba2CP+muvg5hNjrj7fFfCnaw@mail.gmail.com>
To: Steve Atkins <steve@wordtothewise.com>
Cc: "ietf-dkim@mipassoc.org" <ietf-dkim@mipassoc.org>
Subject: Re: [ietf-dkim] Mailsploit
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0615376090052803699=="
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: ietf-dkim <ietf-dkim-bounces@mipassoc.org>

I disagree that it's specifically a DMARC issue, because from that I infer
that you think DMARC is at fault here, i.e., that you expected it to deal
with this.

On Tue, Dec 5, 2017 at 1:44 PM, Steve Atkins <steve@wordtothewise.com>
wrote:

> That's DMARC working exactly as designed but not as commonly understood,
> which makes it a DMARC issue (though a usability one of unmet expectations
> rather than anything technical).
>

Then it's also an email issue generally, because it's probably not commonly
understood that there doesn't have to be a relationship between the display
name and the email address, or between either of those and any other
identifier on the message.

This is just another display name attack.  The only thing that's
breathtaking this time is that some MUAs have evidently chosen to say it's
a server problem.

-MSK

_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email