[sdiy] spoof warning on emails from synth-diy
mr at analogue.org
Sat Apr 10 22:08:26 CEST 2021
FWIW, ironically, I just found this whole sdiy thread in my Gmail spam
(Gmail seems to have some serious problems with spam categorisation, I find
around 10 legit emails in the spam every month... if I remember to check it
that often. Even messages from Google groups! Incredible, and dangerous.)
Den sön 28 mars 2021 23:49cheater cheater via Synth-diy <
synth-diy at synth-diy.org> skrev:
> Here we go
> On Sun, Mar 28, 2021 at 10:40 PM Ben Stuyts <ben at stuyts.nl> wrote:
> > Ok, found something: gmail.com has a DMARC record with a policy record
> “p=none”. This list only munged messages when p=reject or p=quarantine.
> Perhaps they changed that, but still check for it.
> > In any case, the list should now munge the From: address when p=none.
> Cheater, can you reply to this message so we can check?
> > Sorry for all the admin babble,
> > Ben
> > On 28 Mar 2021, at 21:46, Ben Stuyts <ben at stuyts.nl> wrote:
> > Well, if there is DMARC info, then the From: address should be properly
> munged and a Reply-To: will be added. You would see “From: Name Via
> Synth-DIY <synth-diy at synth-diy.org>”. I did a quick check the settings
> didn’t change/fall over for the mailing list, but they seem to be OK.
> > Last week the name server infra-structure of the synth-diy.org hosting
> firm has been severely DDoS’ed, perhaps there are still some loose ends.
> I’ll go test some more...
> > Ben
> > On 28 Mar 2021, at 19:53, cheater cheater <cheater00social at gmail.com>
> > Yeah, I've clicked it right away. I don't think it's greylisting or
> reputation. I think it might have to do with the headers. Specifically, the
> fact that the sdiy mailer uses my email address as the "From" header. There
> might be a better header that doesn't necessarily "impersonate" the
> original sender. For example, maybe Original-From would be a better choice
> here, and meanwhile use the sdiy email address as the From address.
> > On Sun, Mar 28, 2021 at 7:31 PM Ben Stuyts <ben at stuyts.nl> wrote:
> >> Thanks for the heads up. Please click on the ‘Looks safe’ button to
> train Google’s algorithm. If you ignore it, it can only get worse.
> >> The issue is probably DKIM-related, which is a problem with any mailing
> list. Google has some tools for domain postmasters, and I’ve been
> registered for a long time. Last month looks OK:
> >> <PastedGraphic-3.png>
> >> and:
> >> <PastedGraphic-2.png>
> >> Best,
> >> Ben
> >> On 28 Mar 2021, at 18:06, cheater cheater <cheater00social at gmail.com>
> >> Hi Ben, I believe you're the list owner now. I've just noticed this
> >> issue. Could the mailing list need a configuration update?
> >> https://imgur.com/a/AcW6lzz
> >> Cheers
> > _______________________________________________
> > Synth-diy mailing list
> > Synth-diy at synth-diy.org
> > http://synth-diy.org/mailman/listinfo/synth-diy
> > Selling or trading? Use marketplace at synth-diy.org
> Synth-diy mailing list
> Synth-diy at synth-diy.org
> Selling or trading? Use marketplace at synth-diy.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Synth-diy