On 11/7/2024 2:20 PM, Benny Pedersen wrote:
Bill Cole skrev den 2024-11-07 14:47:
I'm quite sure we don't want the SA project committed to running any
sort of blocklist which requires active close attention. We can't do
that competently.
how to solve dkim reuse headers then ?, i bet paypal do all thay can
to remove that public key in dns, when message-id is not dkim signed or ?
DKIM_VALID_EF should be moved to dmarc plugin btw, and dmarc plugin
should really aswell test that minimal rfc h= tags is signed
lets solve it there in the first place
1) Paypal's SPF is a little borked. Here's there first included SPF:
v=spf1 ip4:173.0.84.224/27 ip4:66.211.170.85/30 ip4:66.211.170.88/29
ip4:173.224.165.0/26 ip4:173.0.94.244/30 ip4:173.224.161.128/25
ip4:173.0.84.0/29 -all
Second entry looks funky with a .85/30 subnet. *Probably* should be .84/30
2) The funky hostname you see in Return-Path is a result of the
Microsoft hacks we've all seen since Last November through June.
Obviously abusing Paypal; clever hackers.
Paypal should take responsibility and fix that also with Microsoft.
Neither Microsoft or Paypal will do anything unless you advise them of
this - doubt PayPal even knows.
-- Jared Hall
