On 27/11/2012 03:17, Raman Gupta wrote:
Thanks Olga and Roland... using tcpdump is feasible for me, but I
wonder how larger senders deal with this kind of issue.
Presumably that is a problem for those senders to solve for themselves...
I would think
from a privacy perspective its better for a domain's administrators to
examine just emails that failed validation, rather than capturing all
output and checking every single email sent.
Right, but this requires more engineering cleverness than is warranted
in your case.
Besides, people should be using an end-to-end encryption solution like
S/MIME or OpenPGP if they don't want admins to be able to see their
emails, so forensic reports would not reveal anything more than is
visible anyway, such as headers.
That may be reasonable advice for end users (or it may not be
<http://research.microsoft.com/apps/pubs/?id=80436>), but if you're
making an argument about whether Mail Receivers should send "forensic"
reports reports then it's not relevant.
Something that is relevant is a legal determination about whether or not
the putative sender and/or addressed recipient (and potentially even the
actual sender) have reasonable expectations of privacy of the Mail
Receiver. In some jurisdictions, it is believed that the sending of an
unredacted DMARC forensic report to someone who was neither the
addressed recipient nor the _*actual*_ sender might breach the privacy
rights of the addressed recipient (e.g. a mass phisher uses PII that
he's stolen to make his PayPal phish more convincing - meaning that each
message contains non-public PII about the addressed recipient - he
sends it to everyone whose details he's stolen, whether or not they're
PayPal customers, the Mail Receiver notices authentication failures and
sends DMARC forensic reports to PayPal and has thereby breached the
addressed recipient's privacy rights).
The law may not be reasonable, but the penalties are real; avoiding them
is of critical importance for many Mail Receivers.
- Roland
Regards,
Raman
On Mon 26 Nov 2012 10:50:14 AM EST, Olga Gavrylyako wrote:
Hi Raman,
In Google for different privacy issues we made a decision not to send
forensic reports.
Olga
On Thu, Nov 22, 2012 at 5:00 PM, Raman Gupta <[email protected]> wrote:
Anyone from Google on this list that we can prod to start sending
forensic reports? :)
On Thu 22 Nov 2012 07:55:01 PM EST, Franck Martin wrote:
Only forensic reports would help you. I see you have a ruf, but not
everyone sends forensic reports.
On 11/22/12 4:46 PM, "Raman Gupta" <[email protected]> wrote:
At least the contact form is not relevant here, as it sends via
postfix. However, there may very well be some other program or script
sending emails directly that I am not aware of. Which brings me back
to the original question: I don't see any meta-data in the report that
would help me to determine what that is.
Regards,
Raman
On 11/22/2012 07:06 PM, Franck Martin wrote:
You are sure you are not running on that server a script that would send
emails directly, without passing via postfix?
I see the website has a contact form, sometimes web servers tries to be
too smart: http://vivosys.com/contact
On 11/22/12 2:44 PM, "Raman Gupta" <[email protected]> wrote:
First of all, DMARC is very cool. Thanks to all involved in conceiving
it and setting it up.
I've set up DKIM with DMARC feedback for several domains I manage.
I thought everything was working fine, but I have started receiving
DMARC feedback reports showing that some emails are failing the DKIM
check. Here is an actual report:
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
--
Roland Turner | Director, Labs
TrustSphere Pte Ltd | 3 Phillip Street #13-03, Singapore 048693
Mobile: +65 96700022 | Skype: roland.turner
[email protected] | http://www.trustsphere.com/
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
