mark.yagnatinsky at barclays.com
2024-Jul-17 22:14 UTC
scattered thoughts on connection sharing
I don't know enough about DMARC to make any sense of what you just said... actually wait, maybe I get it. You're saying that email sent that I send to the list will land in your inbox with my address in the From header. But the recipient mail system will think to itself "this message couldn't possibly have come from Mark, because a cursory inspection of the routing history clearly shows it came from mindrot.org" And then it will conclude "thus, clearly, the sender is lying about being Mark, and is trying to impersonate him. I can safely drop this message". Is that about right? -----Original Message----- From: Stuart Henderson <stu at spacehopper.org> Sent: Wednesday, July 17, 2024 5:56 PM To: Yagnatinsky, Mark : IT (NYK) <mark.yagnatinsky at barclays.com> Cc: openssh-unix-dev at mindrot.org Subject: Re: scattered thoughts on connection sharing CAUTION: This email originated from outside our organisation - stu at spacehopper.org Do not click on links, open attachments, or respond unless you recognize the sender and can validate the content is safe. On 2024/07/17 11:39, mark.yagnatinsky at barclays.com wrote:> Thanks for replying! And noted, re: patience... will do.Note that this mailing list doesn't rewrite sender addresses, so it is likely to result in email failing DMARC checks. In many places spam filters don't give a high enough spam score for DMARC failure to treat the mail as spam without additional signs, but for certain higher risk domains (for example, banks...) that scoring is often bumped up. As a result, for many readers, your emails to this list are likely to have been either rejected or dropped into a spam folder at the recipient's end. This message is for information purposes only. It is not a recommendation, advice, offer or solicitation to buy or sell a product or service, nor an official confirmation of any transaction. It is directed at persons who are professionals and is intended for the recipient(s) only. It is not directed at retail customers. This message is subject to the terms at: https://www.ib.barclays/disclosures/web-and-email-disclaimer.html. For important disclosures, please see: https://www.ib.barclays/disclosures/sales-and-trading-disclaimer.html regarding marketing commentary from Barclays Sales and/or Trading desks, who are active market participants; https://www.ib.barclays/disclosures/barclays-global-markets-disclosures.html regarding our standard terms for Barclays Investment Bank where we trade with you in principal-to-principal wholesale markets transactions; and in respect to Barclays Research, including disclosures relating to specific issuers, see: https://publicresearch.barclays.com. __________________________________________________________________________________ If you are incorporated or operating in Australia, read these important disclosures: https://www.ib.barclays/disclosures/important-disclosures-asia-pacific.html. __________________________________________________________________________________ For more details about how we use personal information, see our privacy notice: https://www.ib.barclays/disclosures/personal-information-use.html. __________________________________________________________________________________
[sorry off-topic, ignore if uninterested in dmarc/dkim/mail filters] On 2024/07/17 22:14, mark.yagnatinsky at barclays.com wrote:> I don't know enough about DMARC to make any sense of what you just said... actually wait, maybe I get it. > You're saying that email sent that I send to the list will land in your inbox with my address in the From header. > But the recipient mail system will think to itself > "this message couldn't possibly have come from Mark, because a cursory inspection of the routing history clearly shows it came from mindrot.org" > And then it will conclude "thus, clearly, the sender is lying about being Mark, and is trying to impersonate him. I can safely drop this message". > Is that about right?barclays.com has a DNS record setup that says all mail from this domain should be authenticated, the "p=reject" in here: $ dig _dmarc.barclays.com txt +short "v=DMARC1; p=reject; fo=1; rua=mailto:dmarc_rua at emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf at emaildefense.proofpoint.com" This auth can either be by IP address of sending server (SPF) which is not going to work for mailing list messages, or by valid DKIM signature. The mail admins can choose what is covered by the DKIM signature. In the case of barclays.com there are various headers (which I think make it through the mailing list untouched) but also the body, which does not; a footer with the list URL is added. So the mail as sent via the list fails DMARC authentication. Most spam filters assign scores for various characteristics of emails that might indicate that a message is either unwanted or wanted. Usually missing or failed DMARC auth gives a medium "this may be junk" score whereas various signs indicating that it was sent via a mailing list reduce the score. Some mail filters treat certain domains specially and add a much higher score if they fail DMARC auth checks. (For rspamd this adds a "BLACKLIST_DMARC" score and the list includes various domains relating to ing, barclays, hsbc, paypal, chase, westpac, etc, as well as various other well known companies). So, sending from a barclays.com address you'll be more likely to have messages you send via a mailing list accidentally marked as junk than someone using a less "high value" domain.> -----Original Message----- > From: Stuart Henderson <stu at spacehopper.org> > Sent: Wednesday, July 17, 2024 5:56 PM > To: Yagnatinsky, Mark : IT (NYK) <mark.yagnatinsky at barclays.com> > Cc: openssh-unix-dev at mindrot.org > Subject: Re: scattered thoughts on connection sharing > > > CAUTION: This email originated from outside our organisation - stu at spacehopper.org Do not click on links, open attachments, or respond unless you recognize the sender and can validate the content is safe. > On 2024/07/17 11:39, mark.yagnatinsky at barclays.com wrote: > > Thanks for replying! And noted, re: patience... will do. > > Note that this mailing list doesn't rewrite sender addresses, so it is likely to result in email failing DMARC checks. > > In many places spam filters don't give a high enough spam score for DMARC failure to treat the mail as spam without additional signs, but for certain higher risk domains (for example, banks...) that scoring is often bumped up. > > As a result, for many readers, your emails to this list are likely to have been either rejected or dropped into a spam folder at the recipient's end. > > This message is for information purposes only. It is not a recommendation, advice, offer or solicitation to buy or sell a product or service, nor an official confirmation of any transaction. It is directed at persons who are professionals and is intended for the recipient(s) only. It is not directed at retail customers. This message is subject to the terms at: https://www.ib.barclays/disclosures/web-and-email-disclaimer.html. > > For important disclosures, please see: https://www.ib.barclays/disclosures/sales-and-trading-disclaimer.html regarding marketing commentary from Barclays Sales and/or Trading desks, who are active market participants; https://www.ib.barclays/disclosures/barclays-global-markets-disclosures.html regarding our standard terms for Barclays Investment Bank where we trade with you in principal-to-principal wholesale markets transactions; and in respect to Barclays Research, including disclosures relating to specific issuers, see: https://publicresearch.barclays.com. > __________________________________________________________________________________ > If you are incorporated or operating in Australia, read these important disclosures: https://www.ib.barclays/disclosures/important-disclosures-asia-pacific.html. > __________________________________________________________________________________ > For more details about how we use personal information, see our privacy notice: https://www.ib.barclays/disclosures/personal-information-use.html. > __________________________________________________________________________________