[Fixed/Solved!] The e-mails from noreply@discuss.kde.org can trip spam detection due to lack of DKIM

ell1e · July 1, 2025, 11:21am

Perhaps it’s just something from my end, but the e-mails from noreply@discuss.kde.org with e.g. the “[KDE Discuss] Summary” seem to arrive in my inbox without any DKIM. As a result, the spam scoring always is angry due to potential impersonation. In case it’s not just me, I wanted to let you now so that somebody taking care of the forum has the possibility to look into this. Sorry if this is somehow intended or not worth pointing out.

northlean · July 1, 2025, 11:21am

What email do you have? My provided doesn’t do this. I use fastmail FWIW.

ell1e · July 1, 2025, 11:24am

So do the e-mails have a DKIM signature for you?

northlean · July 1, 2025, 11:26am

I can’t find any such signature, so I assume there is none? But yeah, emails are coming through just fine for me.

ell1e · July 1, 2025, 11:32am

My suggestion is that ideally it should be DKIM signed. It might help with both spam scores and with legitimately making spammer impersonation and fraud harder.

Franken14679 · July 1, 2025, 3:52pm

Um, er – I checked my KMail Accounts, both sent and received e-Mail –

Old e-Mail received from KDE Bugzilla, on the 1st of January 2021, has a “DKIM-Signature:“ header field.
AFAICS, all my incoming e-Mails have a “DKIM-Signature:” header field.
My sent e-Mails, from KMail, do not have a “DKIM-Signature:“ header field …

I have absolutely no idea who is inserting this header field – it could possibly be my German ISP: United Internet.

If I send e-Mail from one “online.de” account to another “online.de” account, KMail doesn’t send a DKIM signature but, the received e-Mail has a DKIM signature …

ipwizard · July 1, 2025, 4:04pm

A so called MUA (Mail User Agent) such as KMail never inserts DKIM signatures. That is done by the MTA (Mail Transfer Agent) which is basically the server running at your mail provider. That is why your outgoing mails never show DKIM headers.

ell1e · July 1, 2025, 4:05pm

For me, the noreply@discuss.kde.org e-mails have no DKIM signature, I’m not talking about bugzilla. If anybody has a DKIM signature on these, please check and share the header.d and header.i fields of the signature. If it’s not discuss.kde.org or kde.org then it’s not signed properly and might still warrant action. Sorry if I’m missing something, however.

carl · July 1, 2025, 4:08pm

I can confirm that, let me see if this is something I can fix, otherwise I’ll ping some sysadmins. Thanks for the report

Franken14679 · July 1, 2025, 4:13pm

“let me see if this is something I can fix,” ???

Yes, I also suffer from the brain ticking faster than my fingers can type – despite my age …

carl · July 1, 2025, 4:44pm

Yes happens all the time

ipwizard · July 6, 2025, 3:28pm

@Franken14679 since you asked for it:

Authentication-Results: mailer.net-bembel.de;
	dkim=pass (1024-bit key; secure) header.d=kde.org header.i=@kde.org header.a=rsa-sha256 header.s=transact header.b=AcCrf22/;
	dkim-atps=neutral
Authentication-Results: dd47500.kasserver.com;
	dkim=pass (1024-bit key; unprotected) header.d=kde.org header.i=@kde.org header.a=rsa-sha256 header.s=transact header.b=AcCrf22/;
	dkim-atps=neutral
Authentication-Results: letterbox.kde.org;
	dkim=pass (1024-bit key; secure) header.d=kde.org header.i=@kde.org header.b="AcCrf22/";
	dkim-atps=neutral
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kde.org; s=transact;
	t=1751669760; bh=RoS6t8aFX8Ol6/yk8VsmC5BuxTSS4RjGKO41//chK0g=;
	h=Date:From:To:Subject:List-Unsubscribe:List-ID:List-Archive:From;
	b=AcCrf22/srMp3pqYNkINCmeR/OFNXZzpGQEvIz/nyYrs7ZvGMc6m4tI6E0hc7xqhP
	 As65+iQGHtkPqWZvtR1xaDYoFTXEfnLwWLUflR/s5UXmnPUDz55WBDesqEfxcGjflv
	 gcLo0/Jr3vAieHWW5uUP3TwNYzf2q0DCKHyTQbF0=
Message-ID: <discourse/post/106341@discuss.kde.org>

I see three checks here (from bottom to top):

at KDE’s letterbox server
at my providers mail server (dd…)
my on prem server (mailer…)

The Message-ID shows that the mail is generated by discuss.kde.org

thornedrose · July 7, 2025, 1:03am

I use Betterbird and have a custom email (not self hosted but on a VPS). I get DKIM signatures:

Received: from discuss.kde.org (cinclo.kde.org [▓▓▓▓▓▓▓▓▓])
	(Authenticated sender: discussmail)
	by bluemchen.kde.org (Postfix) with ESMTPSA id 07CBC243B0
	for <▓▓▓▓▓▓@▓▓▓▓▓▓▓▓>; Sun,  6 Jul 2025 20:47:58 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kde.org; s=transact;
	t=1751849279; bh=L8VfqG/CcBKhi/6uJXWpZd38TmPO/KB5L3gCqjAR4Lk=;
	h=Date:From:To:Subject:List-Unsubscribe:From;
	b=75Glgvx6x2GRQU2v3CvKXctP22DwNCR9Kl59n5cmAwcFAC0AXvLBllnXxnZ9FnJ+H
	 /J3b2SE2lqGQz1dmPxqKB/bKJ0DOSA9AA3MWCuzqtZl4T9SwVMk6BP+luysYqXw5DE
	 AQnRDBxqu2SgOsMe+d5xpTjPfho3WW65q5H/izC0=
Date: Mon, 07 Jul 2025 00:47:58 +0000
From: KDE Discuss <noreply@discuss.kde.org>
Reply-To: KDE Discuss <noreply@discuss.kde.org>
To: ▓▓▓▓▓▓@▓▓▓▓▓▓▓▓
Message-ID: <84f7fe2a-2790-406e-a256-0a4692d8fe4a@discuss.kde.org>

(I don’t know in depth details about email headers to know exactly what should and shouldn’t be shared publicly so I may have unnecessarily hidden some details but I would rather be safe than sorry).

carl · July 7, 2025, 12:51pm

@bcooksley Fixed it a few days ago

ell1e · July 7, 2025, 1:23pm

Can confirm, does seem to be fixed on my end too. Thank you so much!