gmail phishing warnings

Daniel J. Luke dluke at geeklair.net
Thu Dec 22 13:22:25 PST 2011 

On Dec 22, 2011, at 12:21 PM, Brandon Allbery wrote:
> 
> Though, the alum.wpi address that I use forwards everything to my
> Gmail account. Looking at the message source seems to indicate that
> WPI is adding their own SPF and DKIM information.

SPF doens't add anything to the email (but some MTA may be adding a header that indicates it's doing something with SPF information).

DKIM headers can be added by any mail server the message passes through.  

> For what it's worth, your messages don't show the phish warning but other people's messages do.  This suggests it's as previously mentioned, that messages from an SPI/DKIM enabled address that are resent by the MacPorts list (which isn't so enabled) are triggering it.

The message you sent failed to verify:
% perl dkimverify.pl < brandon_test.txt 
originator address: allbery.b at gmail.com
signature identity: @gmail.com
verify result: fail (message has been altered)
sender policy result: neutral
author policy result: neutral
ADSP policy result: neutral

It looks like your server is set to sign the following headers:
mime-version:in-reply-to:references:date:message-id:subject:from:to:cc:content-type

so, one (or more) of them changed as it passed through the mailing list (this is normal for mail that goes through a mailing list).

> I first noticed this back when gmail enabled the phish warning, and in fact filed a bug (which was apparently ignored) noting that they should really have a way to deal with valid mailing lists.

I _think_ if macports added a DKIM signature then gmail would be happier (and say something like "From Foo resent by macosforge"). I don't know the details of google's implementation, though.

--
Daniel J. Luke                                                                   
+========================================================+                        
| *---------------- dluke at geeklair.net ----------------* |                          
| *-------------- http://www.geeklair.net -------------* |                          
+========================================================+                        
|   Opinions expressed are mine and do not necessarily   |                          
|          reflect the opinions of my employer.          |                          
+========================================================+

More information about the macports-users mailing list