[tor-talk] Tor Talk Failing Authentication

Ben Tasker ben at bentasker.co.uk
Sat Feb 17 21:21:57 UTC 2018

It's a commonly known issue with mailing lists

If you've got DKIM enabled on your domain example.com, when mailman (or
whatever) inserts headers the hash will no longer match.

If you've got SPF enabled on example.com then the mailing list server
almost certainly isn't included. When the receiving MTA checks the domain
in the from header those checks will fail.

There are ways around the DKIM issue. either stripping the sig completely
at the mailing list server (might cause more failures) or heavily
restricting the headers used in hashing at the sending MTA.

For the SPF side, not much you can do (assuming you don't want to add
various 3rd party controlled servers to your spf record). Only real answer
is for the list to send from its own domain, but then you start losing
useful functionality.

On 17 Feb 2018 19:06, "Wanderingnet" <wanderingnet at protonmail.com> wrote:

Does anyone know why Tor Talk entries are consistently flagged as failing
domain authentication, thereby as potentially spoofed?

Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email.
tor-talk mailing list - tor-talk at lists.torproject.org
To unsubscribe or change other settings go to

More information about the tor-talk mailing list