[conspire] Case study in modern forgery of SMTP headers, revisited

Rick Moen rick at linuxmafia.com
Mon Aug 8 18:10:14 PDT 2016 

Results of checking my SPF record via
https://www.had-pilot.com/py/had.html

----- Forwarded message from NIST HAD Email Authenticator <pythentic at had-pilot.biz> -----

Date: Mon, 8 Aug 2016 21:07:52 -0400
From: NIST HAD Email Authenticator <pythentic at had-pilot.biz>
To: rick at linuxmafia.com
Subject: Re:spf



===================================================================================================
Testing for: spf
===================================================================================================

Summary of results:
[6321]:  Aug  8 21:06:07 2016   subj:spf, from:rick at linuxmafia.com (198.144.195.186), spf:pass, dkim:0, dmarc:Deliver, rep=0

===================================================================================================
 
SPF Analysis:
	result: pass
	Reason: 	Match: (198.144.195.186 == a:198.144.195.186)

	SPFRecords: 	linuxmafia.com == 'v=spf1 a mx -all'
	mx: linuxmafia.com == 'linuxmafia.com'
	a: linuxmafia.com == '198.144.195.186'

InterimResults:
	Syntax Results for: linuxmafia.com Good Syntax.

	Match: (198.144.195.186 == a:198.144.195.186)
	Match: (198.144.195.186 == mx:linuxmafia.com)


===================================================================================================
 Full Message record:

Record [6321]:
  DeliveryResult: Deliver

Results and Reasons:
    SPF Result = pass, Reason = 	Match: (198.144.195.186 == a:198.144.195.186)

    DKIM Result = 0, Reason = no DKIM signature
    DMARC Result = Deliver, Reason = Applying Local Policy because no DMARC record.: SPF passed so DMARC Authenticates.

DNS Records:
    SPF Record:
 	v=spf1 a mx -all
    DMARC Record:
 	None

Original Message:
Received: from rick by linuxmafia.com with local (Exim 4.72)
	(envelope-from <rick at linuxmafia.com>)
	id 1bWvUX-0002Br-J4
	for pythentic at had-pilot.biz; Mon, 08 Aug 2016 18:06:01 -0700
Date: Mon, 8 Aug 2016 18:06:01 -0700
From: Rick Moen <rick at linuxmafia.com>
To: pythentic at had-pilot.biz
Subject: spf
Message-ID: <20160809010601.GJ11863 at linuxmafia.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Organization: If you lived here, you'd be $HOME already.
X-Mas: Bah humbug.
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: Mutt/1.5.20 (2009-06-14)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: rick at linuxmafia.com
X-SA-Exim-Scanned: No (on linuxmafia.com); SAEximRunCond expanded to false
X-dkim: d=None, s=, DKIMReason=no DKIM signature, DKIMrecord=
X-spf: i=198.144.195.186, h=linuxmafia.com., s=rick at linuxmafia.com, SPFResult=pass, SPFrecord=v=spf1 a mx -all
X-dmarc: result=Deliver, DMARCAction=Applying Local Policy because no DMARC record.: SPF passed so DMARC Authenticates., DMARCrecord=None



===================================================================================================
 Registration Info:
Thank you for registering on the had-pilot.biz test system.
Here is your hash. Please enter it in the Paste-in-Hash field of the test form,
with your address in the MailTo field.

The test system is rate limited to one message per minute, to curb spamming through our server.
Mailto = rick at linuxmafia.com
Paste-in-Hash = zSVWMRX+SXjMGV4cD5zF
If you register again you will get the same hash as a reminder.

===================================================================================================
 

----- End forwarded message -----

More information about the conspire mailing list