lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 7 May 2019 12:02:41 +0900
From:   Mark Brown <>
To:     Linus Torvalds <>
Cc:, lkml <>
Subject: Re: [GIT PULL] spi updates for v5.2

On Tue, May 07, 2019 at 11:18:53AM +0900, Mark Brown wrote:

> Possibly it's not actually anything to do with the DKIM and it's just
> upset that I'm travelling and so the mail was injected from a mobile
> broadband IP in Japan which doesn't match up with the .uk domain.

I've tried sending equivalent mail to one of my own Google accounts and
it gets delivered, though I do see the dmarc=fail bit in the headers.
The full header there is for a newer spec called ARC that builds even
more stuff on top of DKIM and SPF.

ARC-Authentication-Results: i=1;;
       dkim=pass header.s=20170815-heliosphere header.b=gYHUGKmm;
       spf=pass ( best guess record for domain of designates 2a01:7e01::f03c:91ff:fed4:a3b6 as permitted sender);
       dmarc=fail (p=NONE sp=NONE dis=NONE)

which suggests it's adding some guesswork in there on top of what's
explicitly in there for SPF (though that's not causing trouble as it
worked out that the mail is OK).  The fact that this got through OK and
all the NONEs there suggest that they are to at least some extent doing
the right thing with the lack of any advertised policies for,
either something else about the message or your incoming mail is causing
the spam filtering.

Unfortunately I can't immediately see any exim stuff for ARC (and I
don't know that there's anything there that could really help) and I
can't do DKIM for (for good reasons), the only thing I can
think of is to disable signing of the From: and hope Google just stop
trying to validate it but that doesn't seem ideal.  Everything I'm
seeing is saying that Google just isn't enthusiastic about domains like which is going an issue.

Not really sure what I can do here...

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists