On 
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 23 Mar 2026 15:30:56 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning cypherpunks-bounces@lists.cpunks.org does not designate 198.252.153.129 as permitted sender) client-ip=198.252.153.129;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@lists.cpunks.org header.s=default header.b=qrE7M17u;
       dkim=pass header.i=@lists.cpunks.org header.s=default header.b=slw80URk;
       dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20251104 header.b=jj2HtWtD;
       arc=fail (body hash mismatch);
       spf=softfail (google.com: domain of transitioning cypherpunks-bounces@lists.cpunks.org does not designate 198.252.153.129 as permitted sender) smtp.mailfrom=cypherpunks-bounces@lists.cpunks.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=lists.cpunks.org;
       dara=neutral header.i=@gmail.com
Received: from mail.pglaf.org (mail.pglaf.org [69.55.231.143])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by mx1.riseup.net (Postfix) with ESMTPS id 4ffntf6rXHzDrVJ;
Mon, 23 Mar 2026 22:30:34 +0000 (UTC)
Authentication-Results: mx1.riseup.net;
dkim=pass (2048-bit key; unprotected) header.d=lists.cpunks.org header.i=@lists.cpunks.org header.a=rsa-sha256 header.s=default header.b=qrE7M17u;
dkim=pass (2048-bit key) header.d=lists.cpunks.org header.i=@lists.cpunks.org header.a=rsa-sha256 header.s=default header.b=slw80URk;
dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20251104 header.b=jj2HtWtD;
dkim-atps=neutral
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.cpunks.org;
s=default; t=1774305034;
bh=PeXpWPeSN1BMwvsUiKbX+Ry6/lbJA8igWkWbnKUtpHE=;
h=In-Reply-To:References:Date:Subject:To:List-Id:List-Archive:
List-Help:List-Owner:List-Post:List-Subscribe:List-Unsubscribe:
From:Reply-To:From;
b=qrE7M17uSpghZ92wFMY0TpSd/Izcxifr2IvwlnAdNKHL5ejByawa9TKp7SVUmSRRs
4fu/yxgaec94/IIvTr4cfzftS9l78szAqh38U4DuHwgZlSv7Iff88zb2wvK3Rx/xRu
qvzplmWYBplO8r7dfn8IR0E2gpOAH8DFqqzGEybGO8rLaIEqeDZwefk00eDLsobT+b
as0D12IJoGhDbOZCt0KpAkjewqI6yBE8xu9QF8rzkkM08M3XppHsBPhg8BaSGBPRMs
U4ABMh5RPbm69fnRzQc31bQrg717vc8jGvH+aWuPqzZtwwaHd9FkSqsNViJHv/x0y4
yumSixmKGvxcw==
Received: from localhost (localhost [127.0.0.1])
by mail.pglaf.org (Postfix) with ESMTP id 66D5A1940FB1;
Mon, 23 Mar 2026 15:30:34 -0700 (PDT)
X-Virus-Scanned: Debian amavis at mail.pglaf.org
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=x tagged_above=-999 required=3 WHITELISTED tests=[]
 autolearn=unavailable
Authentication-Results: mail.pglaf.org (amavis); dkim=pass (2048-bit key)
 header.d=lists.cpunks.org header.b="slw80URk"; dkim=fail (2048-bit key)
 reason="fail (message has been altered)" 

these things about dkim and message verification failing indicate to me there's no reason to assume it's greg

i don't know what they mean yet :/

but it's more same old for me, i remember as a teen all my tcp checksums would fail

a cryptographic signature is kinda more serious though

possibly suspecting now some bytes in the attachment were getting fiddled (like a poor sequence that matches an escape edge case) who knows!

but usually people assume a malicious actor when sig failures are seen. this device already known compromised.