Masaru Nomiya wrote:
I see that you are a staff member of the IT section, is that wrong? If so, just fine.
I merely volunteer as an unpaid sysadmin for openSUSE, that is all. See my signature.
PJ> The mail is permitted by SPF and there is simply not enough PJ> information to otherwise identify as spam.
I can't understand you.
In other words, I'm surprising that the spam is being processed as ham, even though the receiving server for this spam has not only SPF, but also SPF, DKIM, and DMARC, which are three layers of sending domain authentication to protect against spoofed mail.
In this case, the mail was not actually spoofed. We explicitly permit _anyone_ to send mails from "tomdickandharry@opensuse.org" from _anywhere_ . The SPF record for opensuse.org says "no policy".
In particular, DMARC is the strongest sender domain authentication so far, isn't it.
Probably, but we only verify signatures. Mails sent by openSUSE members using their openSUSE aliases are not DMARC signed.
I would think that server administrators would treat this as a severe problem? Don't you?
No I don't. It is working as designed. -- Per Jessen, Zürich (9.1°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes