Am 20.04.23 um 13:20 schrieb White, Daniel E. (GSFC-770.0)[AEGIS] via users:
> Is there any chance that SPF and DKIM records could be added to appear in the 
headers ?

On 20.04.23 11:47, White, Daniel E. (GSFC-770.0)[AEGIS] via users wrote:
How about this:

Received: from BL0GCC02FT019.eop-gcc02.prod.protection.outlook.com
(2a01:111:f400:7d05::201) by CYXPR09CA0020.outlook.office365.com
(2603:10b6:930:d4::27) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.25 via Frontend
Transport; Thu, 20 Apr 2023 11:27:54 +0000
Authentication-Results: spf=fail (sender IP is 63.88.93.251)  
<-------------------------
smtp.mailfrom=lists.freeradius.org; dkim=none (message not signed)
header.d=none;dmarc=fail action=oreject
header.from=lists.freeradius.org;compauth=none reason=452
Received-SPF: Fail (protection.outlook.com: domain of lists.freeradius.org  
<-------------------------
does not designate 63.88.93.251 as permitted sender)
receiver=protection.outlook.com; client-ip=63.88.93.251;
helo=vsmtpx-e100-01.localdomain;

Those are just results of checks a server added to the mail.

According to those headers they were added by lists.freeradius.org server, but this message received from outlook.som could already contain these headers, since these headers go AFTER the Received: line.

You don't need to trust them, they can be faked.

...and spammers will surely start faking them, if anyone chooses to blindly trust such mail headers.

When I received your mail from this lists, I saw:

Authentication-Results: fantomas.fantomas.sk; dmarc=none (p=none dis=none) 
header.from=spamassassin.apache.org
Authentication-Results: fantomas.fantomas.sk;
        dkim=fail reason="signature verification failed" (1024-bit key; 
unprotected) header.d=nasa.gov header.i=@nasa.gov header.a=rsa-sha256 header.s=selector1 
header.b=NZ4tZwLQ;
        dkim-atps=neutral
Authentication-Results: fantomas.fantomas.sk; arc=fail 
smtp.remote-ip=3.227.148.255
Authentication-Results: fantomas.fantomas.sk; spf=pass (sender SPF
        authorized) smtp.mailfrom=spamassassin.apache.org
        (client-ip=3.227.148.255; helo=mxout1-ec2-va.apache.org;
        envelope-from=users-return-126707-uhlar=fantomas.sk@spamassassin.apache.
        org; receiver=<UNKNOWN>)
Received: from mxout1-ec2-va.apache.org (mxout1-ec2-va.apache.org 
[3.227.148.255])
        by fantomas.fantomas.sk (Postfix) with ESMTPS id 3245DA00EA
        for <uh...@fantomas.sk>; Thu, 20 Apr 2023 13:47:49 +0200 (CEST)

so I know that Authentication-Results: were added by my server after receiving this mail from apache.org.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease

Reply via email to