Re: [spfbis] [meta-issue] Mis-use of MAIL FROM for list authentication

S Moonesamy <sm+ietf@elandsys.com> Wed, 04 May 2016 18:31 UTC

Return-Path: <sm@elandsys.com>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6DB312D0AE for <spfbis@ietfa.amsl.com>; Wed, 4 May 2016 11:31:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.786
X-Spam-Level:
X-Spam-Status: No, score=-2.786 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.996, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=opendkim.org header.b=R9elAj+z; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=elandsys.com header.b=RxIjnW3R
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DtYcLtQuoPPd for <spfbis@ietfa.amsl.com>; Wed, 4 May 2016 11:31:18 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id B4D6712D116 for <spfbis@ietf.org>; Wed, 4 May 2016 11:31:18 -0700 (PDT)
Received: from SUBMAN.elandsys.com ([197.226.50.83]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id u44IV0Q9002172 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 4 May 2016 11:31:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1462386671; x=1462473071; bh=hPqmKlLO0FWAY6sqAm1ipXZqekew1+l2xIV63f9W2rk=; h=Date:To:From:Subject:In-Reply-To:References; b=R9elAj+zo8xpKoXb2BH28KqOWL5AZ+CoT7zi0HdXO+YwALR2HkYiIMLsGQjd5u1ib HQ5R1EjLKijwlVGALwbeqJsOeTmEH7jQPWoFgvswY9BV0bMSVU/at0YQlt22FuFbfc ml+Q7omdn5s0JLpu5XtVBuH83gwqJaHoTA+Ib1F4=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1462386671; x=1462473071; i=@elandsys.com; bh=hPqmKlLO0FWAY6sqAm1ipXZqekew1+l2xIV63f9W2rk=; h=Date:To:From:Subject:In-Reply-To:References; b=RxIjnW3RkwgR7A3RixA1AWXb8qYJGRE5mBanXgEbhiiR+1zmW3XetwTZxCJwCdq9N 9J5z9Phc6yej42knIjNmvtvers6eAmzxtgZBSgKQ8AcBnkA/IT/IYtR4un54S4gde4 27uaCqKpgdNhWig43dB++m1dWBZDUvvs7eSKPaTU=
Message-Id: <6.2.5.6.2.20160504112048.1004b960@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Wed, 04 May 2016 11:29:57 -0700
To: Stuart Gathman <stuart@gathman.org>, spfbis@ietf.org
From: S Moonesamy <sm+ietf@elandsys.com>
In-Reply-To: <572A33F3.7070100@gathman.org>
References: <572A33F3.7070100@gathman.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Archived-At: <http://mailarchive.ietf.org/arch/msg/spfbis/PwM8px8ejQCGrU2Jwo3WdttDOik>
Subject: Re: [spfbis] [meta-issue] Mis-use of MAIL FROM for list authentication
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spfbis/>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2016 18:31:25 -0000

Hi Stuart,
At 10:40 04-05-2016, Stuart Gathman wrote:
>When I post to the spfbis mailing list, I have to confirm my 
>posting, as the list uses MAIL FROM to identify the poster, and my 
>MAIL FROM is variable to make it signed and possible to validate:
>
>   Return-Path: 
> <mailto:SRS0=42CRp=Q5==stuart@gathman.org><SRS0=42CRp=Q5==stuart@gathman.org>
>
>However, the list *should* be looking at the From: header, which is 
>also signed and validated by ietf:

I am one of the list moderators for this mailing list.  The above is 
about an operational issue.  I can enquire about the issue or you, or 
anyone else, could send an email to ietf-action@ietf.org to enquire 
[1] about this issue.

Regards,
S. Moonesamy

1. http://www.ietf.org/contact.html