See injection below.


On 3/12/23 13:39, Joshua Judson Rosen wrote:
>   > On 3/10/23 12:43, Bruce Labitt wrote:
>   >> In email headers, are there any fields which are not spoof-able?  Or is 
> email simply a morass that is totally unsolvable and broken?  Simply 
> impossible to filter spam?  Now I am getting spam that is passing all the 
> dmarc, spf, and dkim checks.  Volume is relatively low at the
>   >> moment, 6 in 12 hours, but I am sure the bad guys are working on 
> increasing the volume.
>   >>
>   >> In particular, is
>   >>
>   >> X-Origin-Country reliable?  Or is this data field unsuitable for 
> filtering as well?
>   >>
>   >> Are there any mail client pre-filtering packages that can be added?  Or 
> is this a game best left to?
> On 3/10/23 17:02, Bruce Dawson wrote:
>> Essentially, no - all email headers are spoofable except the ones put on by 
>> your server. > Your server should insert a Received-by header that indicates 
>> who sent that message to you.
> Though in the case of the headers providing DKIM signatures, those are 
> "unspoofable" to the extent that they're used,
> since that's a cryptographic signature that you can verify.
> There are caveats there, basically that the DKIM signatures are only for 
> select _parts_ of the message...,
> but _generally_ if you have a valid DKIM signature then you at least know 
> where the message
> actually came from.
> And if you've got "spam that is passing all the dmarc, spf, and dkim checks", 
> then
> you know even more assuredly who's sending you spam.
> So, at least in theory, that gets you past the `detecting spoofs' point,
> so now you just have to worry about the spam coming in from new
> domains that you haven't blocked yet....

Except when an intervening server deletes all the DKIM (and other) 
envelope information. Of course, that's a bad actor/server, but isn't 
that what most SPAM servers are?

gnhlug-discuss mailing list

Reply via email to