[GNC] [Possible phishing attempt] Re: mail server changes to GnuCash list

gnucash at 4forl1st5.slmail.me gnucash at 4forl1st5.slmail.me
Wed Feb 19 19:15:24 EST 2025 

On Wednesday, February 19th, 2025 at 23:19, Kalpesh Patel <kalpesh.patel at usa.net> wrote:
> 
> This email failed anti-phishing checks when it was received by SimpleLogin, be careful with its content.
> More info on https://simplelogin.io/docs/getting-started/anti-phishing/
> 
> ------------------------------
>
> There are no failed messages; they all make it through but they are tagged as spam.
> Messages are not being forwarded either.


Are you sure about that "not being forwarded" claim?

All email explosion list mail, bar list-admin emails, are by their very nature,
forwarded.


As you can see from the above, SimpleLogin, which is ProtonMail's redirection
component, tagged your email, sent out via the list, by originally sent by 
you, to the gnucash-user list before it was then forwarded back out to list
members.

FWIW, as well as the text above being inserted into the body of the email that
finally gets delivered to my Inbox, I also see am added "banner" that says:

  This email has failed its domain's authentication requirements. It may be spoofed or improperly forwarded.


Effectively then, at least as I think of it, mail sent out from GnuCash's mail
explosion server is actually "coming from" gnucash.org, however, one of the 
"From fields" still maintains your domain component, usa.net, and it's that 
apparent domain mismatch that is being flagged by your receiving mail server.

If you weren't seeing the flagging before, then it's likely that a change 
within your receiving mail server is the cause.


One way around this is to have the list server, or some intermediate MTA, 
"munge" the From field into something like

  "Kalpesh Patel via GnuCash User List" <gnucash-user at gnucash.org>

along with adding your original email address into the headers (often into
the To header, because many list-servers will de-dupe outgoing addresses
to stop you getting a list copy as well) so that a Reply-to-all will still
go back to you, as well as the list.

That appraoach can, of course, make the From field look "a bit messy" but
it does defeat this particular anti-phishing check.



HTH (as well as hoping I have that, mostly, correct)

More information about the gnucash-user mailing list