[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Talk Failing Authentication



It's a commonly known issue with mailing lists

If you've got DKIM enabled on your domain example.com, when mailman (or
whatever) inserts headers the hash will no longer match.

If you've got SPF enabled on example.com then the mailing list server
almost certainly isn't included. When the receiving MTA checks the domain
in the from header those checks will fail.

There are ways around the DKIM issue. either stripping the sig completely
at the mailing list server (might cause more failures) or heavily
restricting the headers used in hashing at the sending MTA.

For the SPF side, not much you can do (assuming you don't want to add
various 3rd party controlled servers to your spf record). Only real answer
is for the list to send from its own domain, but then you start losing
useful functionality.



On 17 Feb 2018 19:06, "Wanderingnet" <wanderingnet@xxxxxxxxxxxxxx> wrote:

Does anyone know why Tor Talk entries are consistently flagged as failing
domain authentication, thereby as potentially spoofed?

Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk