[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Talk Failing Authentication

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor Talk Failing Authentication
From: Ben Tasker <ben@xxxxxxxxxxxxxxx>
Date: Sat, 17 Feb 2018 21:21:57 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 17 Feb 2018 16:22:13 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bentasker.co.uk; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=3ala9QKLK9u/CaKSoCz1bgAs5dd9ZjzsegBabaNXhsc=; b=MGI5XGX1LwAm2QUUsHH5Y9ATzUgtWt3f86G7Of7nTcmXqYJpdvkq369PGGy1DVrFfb giD82minFWJ3Fp26bX6m21yOwhV2aqmE5HPwBj6N0KCm7WFhjrvNRYdNmLuKk508+Lrs AiDp/tuY1V53Axl3PfaSzd1ApychV44ZNQGfI=
In-reply-to: <CABMkiz7kG_RopLLfvvPiQwj92QFXb4HPFpv7j_C6nPTWNYJCUg@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1mtNzF0nDo0FJE_i4FF3zxLzc4DDn2oO1C-VdyNqyQz7grg1_O3FVmQaE8H1sHvFrFjMvOKnIel1LCKd9dvgqJ8biB794TcS-BWmsFoi6WA=@protonmail.com> <CABMkiz59Q976gnoCNmk1nA4oYCdRaOD_DkyeOdX+KbzJ7bQ=7A@mail.gmail.com> <CABMkiz7kG_RopLLfvvPiQwj92QFXb4HPFpv7j_C6nPTWNYJCUg@mail.gmail.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

It's a commonly known issue with mailing lists

If you've got DKIM enabled on your domain example.com, when mailman (or
whatever) inserts headers the hash will no longer match.

If you've got SPF enabled on example.com then the mailing list server
almost certainly isn't included. When the receiving MTA checks the domain
in the from header those checks will fail.

There are ways around the DKIM issue. either stripping the sig completely
at the mailing list server (might cause more failures) or heavily
restricting the headers used in hashing at the sending MTA.

For the SPF side, not much you can do (assuming you don't want to add
various 3rd party controlled servers to your spf record). Only real answer
is for the list to send from its own domain, but then you start losing
useful functionality.



On 17 Feb 2018 19:06, "Wanderingnet" <wanderingnet@xxxxxxxxxxxxxx> wrote:

Does anyone know why Tor Talk entries are consistently flagged as failing
domain authentication, thereby as potentially spoofed?

Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Tor Talk Failing Authentication
  - From: Wanderingnet

Prev by Author: [tor-talk] Tor4
Next by Author: Re: [tor-talk] TOR
Previous by thread: [tor-talk] Tor Talk Failing Authentication
Next by thread: Re: [tor-talk] ip-api.com sees me
Index(es):
- Author
- Thread