Hello, In the Message; Subject : Re: Spam faking openSUSE Message-ID : <u1l93s$jjj$1@saturn.local.net> Date & Time: Tue, 18 Apr 2023 07:16:44 +0200 [PF] == Per Jessen <this.isnt.spoofed@opensuse.org> has written: PF> Masaru Nomiya wrote: PF> > I see that you are a staff member of the IT section, is that wrong? PF> > If so, just fine. PF> I merely volunteer as an unpaid sysadmin for openSUSE, that is all. See PF> my signature. PF> > PJ> The mail is permitted by SPF and there is simply not enough PF> > PJ> information to otherwise identify as spam. PF> > PF> > I can't understand you. PF> > PF> > In other words, I'm surprising that the spam is being processed as PF> > ham, even though the receiving server for this spam has not only SPF, PF> > but also SPF, DKIM, and DMARC, which are three layers of sending PF> > domain authentication to protect against spoofed mail. PF> In this case, the mail was not actually spoofed. We explicitly permit PF> _anyone_ to send mails from "tomdickandharry@opensuse.org" from PF> _anywhere_ . The SPF record for opensuse.org says "no policy". PF> > In particular, DMARC is the strongest sender domain authentication so PF> > far, isn't it. PF> Probably, but we only verify signatures. Mails sent by openSUSE members PF> using their openSUSE aliases are not DMARC signed. PF> > I would think that server administrators would treat this as a severe PF> > problem? Don't you? PF> No I don't. It is working as designed. Sorry, now I know what I've fully misunderstood. Regards. --- ┏━━┓彡 野宮 賢 mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ "A bachelor’s degree still holds prestige as a ticket to the middle class, but its value has received increasing scrutiny. In the last several years, rising tuition and student loan debt have led more Americans to reconsider an investment in postsecondary education." -- Washington Post --