[spfbis] [meta-issue] Mis-use of MAIL FROM for list authentication
Stuart Gathman <stuart@gathman.org> Wed, 04 May 2016 17:40 UTC
Return-Path: <SRS0=42CRp=Q5==stuart@gathman.org>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6AE912D8C9 for <spfbis@ietfa.amsl.com>; Wed, 4 May 2016 10:40:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.997
X-Spam-Level:
X-Spam-Status: No, score=-2.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gathman.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wSx6yC8-zB7N for <spfbis@ietfa.amsl.com>; Wed, 4 May 2016 10:40:06 -0700 (PDT)
Received: from mail.gathman.org (mail.gathman.org [IPv6:2001:470:5:c85::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D41012D895 for <spfbis@ietf.org>; Wed, 4 May 2016 10:40:06 -0700 (PDT)
Authentication-Results: mail.gathman.org; iprev=pass policy.iprev="2001:470:8:809:11::1009" (elissa.gathman.org); auth=pass (PLAIN sslbits=128) smtp.auth=stuart
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gathman.org; i=@gathman.org; q=dns/txt; s=default; t=1462383603; h=To : From : Subject : Message-ID : Date : MIME-Version : Content-Type : From : Subject : Date; bh=JPY4KqrgFU1teaHLHfhiwNKBM2NGHO4lqTCQNyKn9GM=; b=JyogbJfdYSWt3dPig48fhyRT3L0Ciw53E2l9PDf12mFzRL91SxX2TeVEVsUasQgIt/SP1j tUCAp93jXI39Jn+xtFiq15gEtGG6tk4Dcj3M5xF6jsLgrUaTSssXytd6CyPauIqQNUwqGkIC M88N/V1gggwE+MfeMT+dr7I9W+LIE=
Received: from elissa.gathman.org (elissa.gathman.org [IPv6:2001:470:8:809:11::1009]) (authenticated bits=0) by mail.gathman.org (8.14.4/8.14.4) with ESMTP id u44He2Ol010069 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for <spfbis@ietf.org>; Wed, 4 May 2016 13:40:03 -0400
To: spfbis@ietf.org
From: Stuart Gathman <stuart@gathman.org>
Organization: Gathman Systems
Jabber-Id: stuart@gathman.org
Message-ID: <572A33F3.7070100@gathman.org>
Date: Wed, 04 May 2016 13:40:03 -0400
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Thunderbird/38.7.1
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------080603080606030203090506"
Archived-At: <http://mailarchive.ietf.org/arch/msg/spfbis/rR2IOT4gNbsszpcHYmjbr-BheKs>
Subject: [spfbis] [meta-issue] Mis-use of MAIL FROM for list authentication
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spfbis/>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2016 17:40:08 -0000
I'm behind on my own promised volunteer work, so I'm only posting this to make sure it is on record as a problem. When I post to the spfbis mailing list, I have to confirm my posting, as the list uses MAIL FROM to identify the poster, and my MAIL FROM is variable to make it signed and possible to validate: Return-Path: <SRS0=42CRp=Q5==stuart@gathman.org> However, the list *should* be looking at the From: header, which is also signed and validated by ietf: Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gathman.org ... DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gathman.org; i=@gathman.org; q=dns/txt; s=default; t=1462377254; h=Subject : To : References : From : Message-ID : Date : MIME-Version : In-Reply-To : Content-Type : Content-Transfer-Encoding : Subject : From : Date; bh=Js7wvPmM6OkBsT0VkhJyck4Jg+rOjGMFiYq5n6Cz+cw=; b=HwaPU2ZDgnjpOuYpxzCfkuPTSQreyv8qmEJbILAo34G7GHZ9a8BFpt7F/pnY+c/KiQxJif an5OyFCbN8gW4GT3rry3jTAPyhsxBcUuH/bQPKAn9hjQAIMptGQLTzbXB+Tu5rj20h6MKzmS Qh8VelFuCBRnGmE2C1YIp2KFcHSwI= ... From: Stuart Gathman <stuart@gathman.org>
- [spfbis] [meta-issue] Mis-use of MAIL FROM for li… Stuart Gathman
- Re: [spfbis] [meta-issue] Mis-use of MAIL FROM fo… S Moonesamy
- Re: [spfbis] [meta-issue] Mis-use of MAIL FROM fo… Dave Crocker