On Sat, 13 Jun 2009 21:51:45 +0100, SM <sm(_at_)resistor(_dot_)net> wrote:
At 11:51 13-06-2009, Charles Lindsey wrote:
But there will be a few lists where this is not the case, such as the
one
SM mentions. I don't know whether the spam on that particular list is
because the list admin is careless, or whether it is inherent in the
subject matter of the list. ...
There's more than one list admin. The subject matter is
technical. The issue is not whether the list admin is
careless. There are a lot of mailing lists administered by part time
administrators. If we start playing the blame game, it will work
against DKIM.
And every list will be diferent, so we need to look at real examples. And
by a strange coincidence, we have just seen a concrete example on a list
well-known to all of us. Here it is, including all headers that appear
relevant, so let us now discuss how the list manager handled this
particular case, and whether he has left enough evidence for us to work
out how this evident spam got onto the list, and whether he could have
done things any differently.
Some observations:
1. The list manager has altered the message beyond what might have been
rescued by any l= tag.
2. Nevertheless, it would seem that the original message could have been
recovered sufficiently to check the original signature (had it been
preserved), without too much difficulty.
3. The X-Greylist headers are "interesting".
-------------------------------------------------------------------------------
......
X-Gradwell-Mailfilter: SpamAssassin hits were DATE_IN_PAST_06_12
HTML_MESSAGE MIME_QP_LONG_LINE RCVD_IN_DNSWL_MED RDNS_NONE [Mon, 15 Jun
2009 02:16:59 +0100] [rule id 501 (default-spam)]
......
Received: from sbh17.songbird.com (sbh17.songbird.com [127.0.0.1])
by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id n5F19CYn007183;
Sun, 14 Jun 2009 18:15:32 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=mipassoc.org; s=k00001;
t=1245028575; bh=ByisBStb1l7FW1uU4gHij2fX4tk=; h=Date:To:From:
Message-ID:MIME-Version:Subject:Reply-To:List-Id:List-Unsubscribe:
List-Archive:List-Post:List-Help:List-Subscribe:Content-Type:
Sender; b=FpUINEGfW7t0q7wUQgglhlM2ADQsfvUFu/HziMXgxrKvmdgZdmtbMDNu
cB6F8fbRzREo8gQLyJ1nOjRYhlsmkU6YBe6BLNfM53+LB/szW775VHA1HOdE2ARcFIL
At6EBuD8VgoLTD8t1zJ5QBbPKBjZrB4KSw/AyxRlZ4c5si7s=
Received: from mx-out.facebook.com (outmail023.snc1.tfbnw.net
[69.63.178.182])
by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id n5F195Fr007169
for <ietf-dkim(_at_)mipassoc(_dot_)org>; Sun, 14 Jun 2009 18:09:11 -0700
Authentication-Results: sbh17.songbird.com;
dkim=pass (512-bit key) header(_dot_)i=(_at_)facebookmail(_dot_)com
Received: from [10.18.255.176] ([10.18.255.176:34136] helo=10.16.151.190)
by mta010.snc1.facebook.com (envelope-from
<invite+2aq5qaxx(_at_)facebookmail(_dot_)com>)
(ecelerity 2.2.2.37 r(28805/28844)) with ESMTP
id F2/A6-11885-73A053A4; Sun, 14 Jun 2009 07:33:27 -0700
X-Facebook: from zuckmail ([MTAuMTYuMTUxLjE5MA==])
by 10.16.151.190 with HTTP (ZuckMail);
Date: Sun, 14 Jun 2009 07:33:27 -0700
To: "Ietf-dkim(_at_)mipassoc(_dot_)org" <ietf-dkim(_at_)mipassoc(_dot_)org>
From: Deiva Shanmugam <invite+2aq5qaxx(_at_)facebookmail(_dot_)com>
Message-ID:
<a684852eaaadffd4fda36b4b4efd1703(_at_)10(_dot_)16(_dot_)151(_dot_)190>
X-Priority: 3
X-Mailer: ZuckMail [version 1.00]
X-Facebook-Notify: general_invite; mailid=9f0765G69da1e46G0G8
X-FACEBOOK-PRIORITY: 1
MIME-Version: 1.0
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0
(sbh17.songbird.com [127.0.0.1]); Sun, 14 Jun 2009 18:16:15 -0700 (PDT)
X-Greylist: Delayed for 10:30:33 by milter-greylist-4.0 (sbh17.songbird.com
[72.52.113.70]); Sun, 14 Jun 2009 18:09:11 -0700 (PDT)
Subject: [ietf-dkim] Check out my photos on Facebook
X-BeenThere: ietf-dkim(_at_)mipassoc(_dot_)org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Deiva Shanmugam <chittushanmugam(_at_)gmail(_dot_)com>
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>,
<mailto:ietf-dkim-request(_at_)mipassoc(_dot_)org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim(_at_)mipassoc(_dot_)org>
List-Help: <mailto:ietf-dkim-request(_at_)mipassoc(_dot_)org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>,
<mailto:ietf-dkim-request(_at_)mipassoc(_dot_)org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1186549750=="
Sender: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
Errors-To: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
Content-Length: 000000
Return-Path: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
--===============1186549750==
Content-Type: multipart/alternative;
boundary="b1_a684852eaaadffd4fda36b4b4efd1703"
--b1_a684852eaaadffd4fda36b4b4efd1703
Content-Type: text/plain; charset = "UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi ietf-dkim(_at_)mipassoc(_dot_)org,
I set up a Facebook profile where I can post my pictures, videos and
events and I want to add you as a friend so you can see it. First, you
need to join Facebook! Once you join, you can also create your own profile.
...rest of span snipped............
--b1_a684852eaaadffd4fda36b4b4efd1703
Content-Type: text/html; charset = "UTF-8"
Content-Transfer-Encoding: quoted-printable
...HTML version of spam snipped...
--b1_a684852eaaadffd4fda36b4b4efd1703--
--===============1186549750==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
--===============1186549750==--
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html