[ClusterLabs] Fraud Detection Check?

Jan Pokorný jpokorny at redhat.com
Thu Apr 13 02:21:30 EDT 2017


On 12/04/17 17:16 -0500, Dimitri Maziuk wrote:
> On 04/12/2017 04:36 PM, Jan Pokorný wrote:
> 
>> Eric, as of now, to get rid of the fraud warnings, it's primarily your
>> emailing software that needs to be taught to be less picky either when
>> sending, i.e., also DKIM signing the message to clusterlabs.org, or when
>> receiving (and DKIM verifying) the slightly changed copy from there.
>> It's in your hands, good luck.
> 
> No, and that's one of the reasons for my earlier "doesn't everyone"
> quip, although this particular idiocy is not limited to orifice'365.
> 
> This message is an example of how to do it right. (The mime part that is
> signed does not get altered by adding the mime part with list footers.)
> DKIM is the example of how to do it wrong *after* we worked out the way
> to do it right.

Oh, learned something new, presumbly because MTAs I use won't bother
with DKIM signing (that I'd be aware of) for my outgoing post and
my MUA itself hardly cares about verification of incoming, so never
faced any such issue.  And agreed, GPG signing with the key associated
with the email address of the sender should be perfectly sufficient
for authenticity check in most of the cases.

Thanks for a bit of clarification.

-- 
Jan (Poki)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20170413/a74a4ac0/attachment-0003.sig>


More information about the Users mailing list