On 7/16/17 3:22 AM, John R Levine wrote: >> So, what am I trying to accomplish, aside from the trivial goal of >> making hackers stop emailing me? > > As we hardly need tell you, there's no cure for stupid. Perhaps a > comment in your DMARC record saying that bug reports will be met with > ridicule, and some procmail scripts to ridicule any bug reports that > mention DMARC would help.
Oh, how I would love to do that, but alas, it would not be in my employer's best interest for me to be anything but unfailingly polite to the people reporting security issues to us, regardless of how much they try my patience. > I use p=none and ask for reports, which I process automatically with > some little scripts that put the interesting bits in a mysql database > at which I very occasionally look. Sounds like that's right for you, > too. > > The scripts are here: https://www.taugh.com/rddmarc/ Thanks for the pointer. There are actually a lot of open-source DMARC tools out there. I uncovered a lot of them inadvertently when I was actually trying to figure out why Github was generating emails claiming to be from our domain that were failing DMARC... I searched for "github dmarc" <https://www.google.com/search?q=github+dmarc> and uncovered a whole bunch of interesting public repositories. For the time being, I'm using the free DMARC aggregator provided by Postmark <https://dmarc.postmarkapp.com/>, which has been sufficient to uncover a number of issues, some of which we've already resolved and others (including the mysterious Github emails I'm trying to figure out) we're still working on. jik
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
