search

ruby / www.ruby-lang.org

Source of the https://www.ruby-lang.org website.
883 stars 611 forks source link

closed #1604

Closed 0xtest1 closed 7 years ago

0xtest1 commented 7 years ago

closed

hsbt commented 7 years ago

This repository only handle web contents issue.

shugo commented 7 years ago

The SPF record passed validation test because the value of the Return-Path header field (i.e., the "MAIL FROM" identity) is anonymousemail@orbit.eternalimpact.info.

SPF authorizes only the "MAIL FROM" and "HELO" identity as described in RFC 7208:

11.2. SPF-Authorized Email May Contain Other False Identities

The "MAIL FROM" and "HELO" identity authorizations do not provide assurance about the authorization/authenticity of other identities used in the message. It is entirely possible for a malicious sender to inject a message using his own domain in the identities used by SPF and have that domain's SPF record authorize the sending host, and yet the message can easily list other identities in its header. Unless the user or the MUA takes care to note that the authorized identity does not match the other more commonly presented identities (such as the From: header field), the user might be lulled into a false sense of security.