[ClusterLabs] Fraud Detection Check?

Jan Pokorný jpokorny at redhat.com
Wed Apr 12 21:36:10 UTC 2017 

On 11/04/17 09:08 +0200, Jan Pokorný wrote:
> On 07/04/17 18:32 +0000, Eric Robinson wrote:
>> What the heck, ClusterLabs? Why does your system keep tagging my
>> emails as potential fraud? You guys got a thing against Office 365?
> 
> Do I understand it correctly that your your Office 365 interface is
> making these accusations?  I can imagine that's because of some
> oversimplified logic that evaluates any incoming emails where
> you are marked as a sender (common sign of spam, at least in the past)
> while there's no well-matching message in the outgoing ones -- which
> is pretty possible with mailing lists.
> 
> Not saying nothing can possibly be done at ClusterLabs side, but did
> not investigate ([1]).
> 
> [1] https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail#Annotations_by_mailing_lists

Indeed, looking into the headers:

> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=psmnv.onmicrosoft.com;
>         s=selector1-psmnv-com;
>         h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
>         bh=lOKA1FmVxm4d7eJU/2fVz2/i4n1Bc4ttth3b+PWakhA=;
>         b=A2mk/NgOX2y7E5/79/XOihB/LHuX0BJgFYR/G2WW/NahKD77skjAXKvtoglC+Mz/7hyxAlpItlNOcFCGFoOf/d/XHAeiiCF2vjg9i/ab5pjfKZv7FobuXIEqIRwv84rooPNjxehPv81xxxxoEa8cU9WbQTbWZKJCycMQGmDp5aM=

the authenticity of your message is covered by hashing, amongst others,
the subject + full body.  Both of them do change ("[ClusterLabs]"
getting prepended + the footer, as can be observed also with this very
message, appended) before the list managing server proceeds to relay the
message to the list members, hence the authenticity of the resulting
message cannot be verified.  It's customary for mailing lists to append
their tailored footers highlighting the very nature of the list.

Eric, as of now, to get rid of the fraud warnings, it's primarily your
emailing software that needs to be taught to be less picky either when
sending, i.e., also DKIM signing the message to clusterlabs.org, or when
receiving (and DKIM verifying) the slightly changed copy from there.
It's in your hands, good luck.

-- 
Jan (Poki)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.clusterlabs.org/pipermail/users/attachments/20170412/2d974f6e/attachment-0002.sig>

More information about the Users mailing list