[OT] Re: scattered thoughts on connection sharing

Stuart Henderson stu at spacehopper.org
Thu Jul 18 19:09:42 AEST 2024


[sorry off-topic, ignore if uninterested in dmarc/dkim/mail filters]

On 2024/07/17 22:14, mark.yagnatinsky at barclays.com wrote:
> I don't know enough about DMARC to make any sense of what you just said... actually wait, maybe I get it.
> You're saying that email sent that I send to the list will land in your inbox with my address in the From header.
> But the recipient mail system will think to itself
> "this message couldn't possibly have come from Mark, because a cursory inspection of the routing history clearly shows it came from mindrot.org"
> And then it will conclude "thus, clearly, the sender is lying about being Mark, and is trying to impersonate him.  I can safely drop this message".
> Is that about right?

barclays.com has a DNS record setup that says all mail from this domain
should be authenticated, the "p=reject" in here:

$ dig _dmarc.barclays.com txt +short
"v=DMARC1; p=reject; fo=1; rua=mailto:dmarc_rua at emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf at emaildefense.proofpoint.com"

This auth can either be by IP address of sending server (SPF) which is
not going to work for mailing list messages, or by valid DKIM signature.

The mail admins can choose what is covered by the DKIM signature.
In the case of barclays.com there are various headers (which I think
make it through the mailing list untouched) but also the body, which
does not; a footer with the list URL is added.

So the mail as sent via the list fails DMARC authentication.

Most spam filters assign scores for various characteristics of emails
that might indicate that a message is either unwanted or wanted.

Usually missing or failed DMARC auth gives a medium "this may be
junk" score whereas various signs indicating that it was sent via
a mailing list reduce the score.

Some mail filters treat certain domains specially and add a much higher
score if they fail DMARC auth checks. (For rspamd this adds a
"BLACKLIST_DMARC" score and the list includes various domains
relating to ing, barclays, hsbc, paypal, chase, westpac, etc, as well as
various other well known companies). So, sending from a barclays.com
address you'll be more likely to have messages you send via a mailing
list accidentally marked as junk than someone using a less "high value"
domain.

> -----Original Message-----
> From: Stuart Henderson <stu at spacehopper.org> 
> Sent: Wednesday, July 17, 2024 5:56 PM
> To: Yagnatinsky, Mark : IT (NYK) <mark.yagnatinsky at barclays.com>
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: scattered thoughts on connection sharing
> 
> 
> CAUTION: This email originated from outside our organisation - stu at spacehopper.org Do not click on links, open attachments, or respond unless you recognize the sender and can validate the content is safe.
> On 2024/07/17 11:39, mark.yagnatinsky at barclays.com wrote:
> > Thanks for replying!  And noted, re: patience... will do.
> 
> Note that this mailing list doesn't rewrite sender addresses, so it is likely to result in email failing DMARC checks.
> 
> In many places spam filters don't give a high enough spam score for DMARC failure to treat the mail as spam without additional signs, but for certain higher risk domains (for example, banks...) that scoring is often bumped up.
> 
> As a result, for many readers, your emails to this list are likely to have been either rejected or dropped into a spam folder at the recipient's end.
> 
> This message is for information purposes only. It is not a recommendation, advice, offer or solicitation to buy or sell a product or service, nor an official confirmation of any transaction. It is directed at persons who are professionals and is intended for the recipient(s) only. It is not directed at retail customers. This message is subject to the terms at: https://www.ib.barclays/disclosures/web-and-email-disclaimer.html. 
> 
> For important disclosures, please see: https://www.ib.barclays/disclosures/sales-and-trading-disclaimer.html regarding marketing commentary from Barclays Sales and/or Trading desks, who are active market participants; https://www.ib.barclays/disclosures/barclays-global-markets-disclosures.html regarding our standard terms for Barclays Investment Bank where we trade with you in principal-to-principal wholesale markets transactions; and in respect to Barclays Research, including disclosures relating to specific issuers, see: https://publicresearch.barclays.com.
> __________________________________________________________________________________ 
> If you are incorporated or operating in Australia, read these important disclosures: https://www.ib.barclays/disclosures/important-disclosures-asia-pacific.html.
> __________________________________________________________________________________
> For more details about how we use personal information, see our privacy notice: https://www.ib.barclays/disclosures/personal-information-use.html. 
> __________________________________________________________________________________


More information about the openssh-unix-dev mailing list