Re: [spfbis] [meta-issue] Mis-use of MAIL FROM for list authentication

S Moonesamy <> Wed, 04 May 2016 18:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D6DB312D0AE for <>; Wed, 4 May 2016 11:31:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.786
X-Spam-Status: No, score=-2.786 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.996, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.b=R9elAj+z; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.b=RxIjnW3R
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id DtYcLtQuoPPd for <>; Wed, 4 May 2016 11:31:18 -0700 (PDT)
Received: from ( [IPv6:2001:470:f329:1::1]) by (Postfix) with ESMTP id B4D6712D116 for <>; Wed, 4 May 2016 11:31:18 -0700 (PDT)
Received: from ([]) (authenticated bits=0) by (8.14.5/8.14.5) with ESMTP id u44IV0Q9002172 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 4 May 2016 11:31:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=mail2010; t=1462386671; x=1462473071; bh=hPqmKlLO0FWAY6sqAm1ipXZqekew1+l2xIV63f9W2rk=; h=Date:To:From:Subject:In-Reply-To:References; b=R9elAj+zo8xpKoXb2BH28KqOWL5AZ+CoT7zi0HdXO+YwALR2HkYiIMLsGQjd5u1ib HQ5R1EjLKijwlVGALwbeqJsOeTmEH7jQPWoFgvswY9BV0bMSVU/at0YQlt22FuFbfc ml+Q7omdn5s0JLpu5XtVBuH83gwqJaHoTA+Ib1F4=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=mail; t=1462386671; x=1462473071;; bh=hPqmKlLO0FWAY6sqAm1ipXZqekew1+l2xIV63f9W2rk=; h=Date:To:From:Subject:In-Reply-To:References; b=RxIjnW3RkwgR7A3RixA1AWXb8qYJGRE5mBanXgEbhiiR+1zmW3XetwTZxCJwCdq9N 9J5z9Phc6yej42knIjNmvtvers6eAmzxtgZBSgKQ8AcBnkA/IT/IYtR4un54S4gde4 27uaCqKpgdNhWig43dB++m1dWBZDUvvs7eSKPaTU=
Message-Id: <>
X-Mailer: QUALCOMM Windows Eudora Version
Date: Wed, 04 May 2016 11:29:57 -0700
To: Stuart Gathman <>,
From: S Moonesamy <>
In-Reply-To: <>
References: <>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Archived-At: <>
Subject: Re: [spfbis] [meta-issue] Mis-use of MAIL FROM for list authentication
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SPFbis discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 04 May 2016 18:31:25 -0000

Hi Stuart,
At 10:40 04-05-2016, Stuart Gathman wrote:
>When I post to the spfbis mailing list, I have to confirm my 
>posting, as the list uses MAIL FROM to identify the poster, and my 
>MAIL FROM is variable to make it signed and possible to validate:
>   Return-Path: 
> <><>
>However, the list *should* be looking at the From: header, which is 
>also signed and validated by ietf:

I am one of the list moderators for this mailing list.  The above is 
about an operational issue.  I can enquire about the issue or you, or 
anyone else, could send an email to to enquire 
[1] about this issue.

S. Moonesamy