Re: [dmarc-discuss] DMARC forensic reporting options

John, Are you ready to send failure reports for emails received by you? Show the way, write about it, this may help others to do the same. Thanks On Fri, Dec 23, 2016 at 8:10 AM, John Comfort via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > Maybe it is time to rethink this, or open a

Re: [dmarc-discuss] A bit quiet?

On Wed, Oct 26, 2016 at 8:47 AM, Payne, John wrote: > > > On Oct 26, 2016, at 11:36 AM, Franck Martin wrote: > > > > 4) GApps DKIM signs all the emails with .gappssmtp.com >

Re: [dmarc-discuss] A bit quiet?

Couple of points... 1) https://github.com/linkedin/dmarc-msys/blob/master/dmarc.lua#L804 This is how we detect if the email is likely to be from a mailing list. I parse the logs from time to time, and put exceptions in our local policy. 2) very few lists discard DMARC protected emails on

Re: [dmarc-discuss] dmarc.org breaks dkim & dmarc

I'm not sure what is the issue here? Mailing lists break DKIM by design. We could go to the old style of mailing lists, which did not break DKIM, but did not have, for instance, these nice footers to tell people how to unsubscribe... For the deployment of DNSSEC this is the wrong list, and let's

Re: [dmarc-discuss] dmarc fail for linkedin

As Elizabeth said. I suspect your implementation of openDMARC cannot see the SPF result in the email. You may want to read https://sourceforge.net/p/opendmarc/tickets/100/ they suggest a few fixes... Notably, do you have a recent public suffix list in your openDMARC config? On Mon, Oct 3, 2016

Re: [dmarc-discuss] dmarc fail for linkedin

Happy to help, but as Roland said the problem seems to be on the receiver side. SPF is pass and aligned, that alone should do a DMARC pass. On Sun, Oct 2, 2016 at 9:03 PM, Roland Turner via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > This looks like a receiver-side bug. An SPF pass for

Re: [dmarc-discuss] DMARC and null path

ractice? The HELO domain is the HELO domain. > Or is the difference that alignment is required when postmaster@ > is used in DMARC context? > > Thanks, > > Maarten > > On 9 mei 2016, at 19:27, Franck Martin via dmarc-discuss < > dmarc-discuss@dmarc.org> wrote: >

Re: [dmarc-discuss] Failure reports from Microsoft servers due to SPF and DKIM both failing for forwarded/resent messages

MS-Exchange tends to normalize the email (like fix html) before storing it (in TNEF format) or forwarding it. It is known, and is being addresses. Several fixes have been in place in office365 (less so for on-premises systems), but your mileage may vary... A search through the list archives may

Re: [dmarc-discuss] is that *really* valid

like comma, @, and I believe space... but I often get lost in ABNI. On Wed, Apr 6, 2016 at 9:41 AM, A. Schulze via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > > Franck Martin via dmarc-discuss: > > Vladimir, >> >> We are not discussing here the fact you

Re: [dmarc-discuss] is that *really* valid

Vladimir, We are not discussing here the fact you can put 2 mailboxes in a From: but that the display part must be between double quotes. A mailbox is an optional display part within double quotes followed by an email address within <>. Mailboxes are separated by comas ,. On Wed, Apr 6, 2016 at

Re: [dmarc-discuss] is that *really* valid

It happens a lot.. The obsoleted format allowed it, not the recent one. I think we should ignore the obsolete format now... The problem is: From: j...@example.com Which certain quite old versions of .net do. On Wed, Apr 6, 2016 at 3:26 AM, A. Schulze via dmarc-discuss <

Re: [dmarc-discuss] Multiple SPF results in report

the spf scope (help or mailfrom). > > Thanks, > > Dave > > -- > Dave Lugo > Engineer, Comcast Anti-Abuse Technologies > Desk: 215-286-5451 > > > From: dmarc-discuss <dmarc-discuss-boun...@dmarc.org> on behalf of Franck > Martin via dmarc-discuss <dmarc-

Re: [dmarc-discuss] Multiple SPF results in report

It is a bug. There can only be one SPF per record. Theoretically SPF returns 2 results, one for the RFC7208.HELO and another one for RFC7208.MAILFROM, but DMARC takes as input only RFC7208.MAILFROM, therefore only this results is needed in DMARC reports. RFC7208.MAILFROM is not RFC5321.MailFrom,

Re: [dmarc-discuss] Reminder: Yahoo DMARC policy change on March 28th

you may want to post this on mailop too? Or I can post it for you. On Tue, Mar 22, 2016 at 11:35 AM, Sumeet Solanki via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > [image: Purple] > > Dear members, > > This is a final reminder that on March 28th (Monday), Yahoo will switch to > a p=reject

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

On Mon, Feb 15, 2016 at 10:53 PM, Scott Kitterman via dmarc-discuss wrote: > On Tuesday, February 16, 2016 06:17:27 AM Roland Turner via dmarc-discuss > wrote: >> Scott Kitterman wrote: >> >> 1: I *don't* believe that this would take the form of a whitelist. It's more >>

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

The problem with the e-mail community, is few people drives all of us away from mailing lists. On Mon, Feb 15, 2016 at 3:47 PM, John R Levine wrote: >> As I said earlier spamhaus and surbl has the data. The question is not >> which domains to trust, but which domains not to

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

As I said earlier spamhaus and surbl has the data. The question is not which domains to trust, but which domains not to trust. On Mon, Feb 15, 2016 at 3:35 PM, John Levine wrote: >>ARC purpose is to say when DMARC fail and the email should be rejected that >>it is ok to let it

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

n > > > > > > -- > > Al Iverson - Minneapolis - (312) 275-0130 > > Simple DNS Tools since 2008: xnnd.com > > www.spamresource.com & aliverson.com > > > > On Mon, Feb 15, 2016 at 1:35 PM, Franck Martin via dmarc-discuss < > > > > dma

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

fine. Email is more important, so I care more how and > where it gets done. > > Scott K > > On Monday, February 15, 2016 10:56:57 AM Franck Martin via dmarc-discuss > wrote: > > Yes it is a "you have to be this tall to ride with us". For instance, > many &g

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

Yes it is a "you have to be this tall to ride with us". For instance, many Wordpress sites are on URL blocking lists, because the managers cannot keep with basic security updates. So if you want to host a website, you have to be that tall to ride with us (or find a hosting company, that will give

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

Some MTAs are known to break DKIM when doing a simple forwarding. Your failure reports may give you enough information to know what is happening at some IPs. On Sat, Feb 13, 2016 at 3:34 AM, Ben Greenfield via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > Hey All, > > Sorry I didn’t not

Re: [dmarc-discuss] DMARC reports

State here the bugs you find, we are all ears... On Thu, Feb 11, 2016 at 9:59 PM, Peter Bowen via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > Thanks, that is really helpful. > > It would be really nifty to add a “DMARC 1.0 compliance” percentage next > to each sender. I’m seeing lots of

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

On Wed, Feb 10, 2016 at 7:06 PM, Steve Atkins via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > > > On Feb 10, 2016, at 6:37 PM, Roland Turner via dmarc-discuss < > dmarc-discuss@dmarc.org> wrote: > > > > John Levine wrote: > > > >> How is this different from everyone's favorite alleged

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

John, the critic is always easy, stop bullying please. On Thu, Feb 11, 2016 at 1:58 PM, John Levine wrote: > >Smells like: > > > >From: Paypal Security secur...@paypal.com > > > >Not sure it is a good idea. > > It's a terrible idea. Too bad some ill-designed

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

On Mon, Feb 8, 2016 at 4:35 PM, Al Iverson via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > On Mon, Feb 8, 2016 at 1:51 PM, John R Levine via dmarc-discuss > wrote: > >> It is even worse than I thought, you really want to stop efforts in > >> fighting phish, by

Re: [dmarc-discuss] I need an advice

My pleasure, now watch out for Business Email Compromise (BEC) and Account Take Over (ATO). Your domain is hosted via Google Apps, as they use DMARC to filter incoming emails, now nobody can inject into your system an email that would look like internal (as per your domain name), this will help a

Re: [dmarc-discuss] Sub-domain validation

Relaxed alignment means the identifier domain (SPF or DKIM) have the same organizational domain as the domain in the RFC5322.From. On Tue, Feb 9, 2016 at 1:36 PM, Brotman, Alexander via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > Hello, > > I have a question about how to interpret a

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

It is even worse than I thought, you really want to stop efforts in fighting phish, by muddling the waters between real domains and fake ones sigh! On Sun, Feb 7, 2016 at 1:02 PM, John R Levine wrote: > mailing list. For example. mail from mari...@yahoo.com turns into >>>

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

On Sun, Feb 7, 2016 at 12:22 PM, John Levine via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > In article

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

if they > don't > already trust the sender. > > Scott K > > On Sunday, February 07, 2016 11:14:12 AM Franck Martin via dmarc-discuss > wrote: > > ARC will help, but there are many mailing lists that don't have DKIM or > > even SPF. So even if ARC is available tomorrow, it m

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

ARC will help, but there are many mailing lists that don't have DKIM or even SPF. So even if ARC is available tomorrow, it may take years before mailing lists adopt any solution. So someone will have to make a stand, to get operators to deploy something. On Sun, Feb 7, 2016 at 10:10 AM, Al

Re: [dmarc-discuss] I need an advice

If you report for take down the URLs you get from the failure reports... Also until you moved to p=reject they would not have noticed a decrease in their success rates... Once it is not worth it, they will move to a softer target, or use a different method to achieve their goals. On Mon, Jan 18,

Re: [dmarc-discuss] A bit quiet?

I think ARC is making it clear it does not provide a chain of trust but a custodial chain. Assessing the trust of this custodial chain is left as an exercise to the implementer :P Seriously, a very simple system, is to extract all the domains in the chain and see if any is on a blocklist

Re: [dmarc-discuss] A bit quiet?

The fun is moving to ARC https://dmarc.org/2015/10/global-mailbox-providers-deploying-dmarc-to-protect-users/ On Thu, Oct 22, 2015 at 8:51 AM, Mark Rousell via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > Is it just me or was the last post on here really on 5th October? > > -- > Mark

Re: [dmarc-discuss] A bit quiet?

On Thu, Oct 22, 2015 at 12:36 PM, Andrew Beverley <a...@simplelists.com> wrote: > On Thu, 2015-10-22 at 10:19 -0700, Franck Martin via dmarc-discuss > wrote: > > The fun is moving to ARC > > > > > https://dmarc.org/2015/10/global-mailbox-providers-deploying-dmarc

Re: [dmarc-discuss] wanted: rfc number

On Tue, Sep 29, 2015 at 12:15 PM, A. Schulze via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > > Alec Peterson via dmarc-discuss: > > Why force the report generator to do something that could be done when the >> report is received, if desired? >> > > because > - the MTA already did the rDNS

Re: [dmarc-discuss] dmarc reports and rfc3834#5 The Auto-Submitted header field

seems like a good idea On Wed, Aug 26, 2015 at 5:30 AM, Jacob Evans via dmarc-discuss dmarc-discuss@dmarc.org wrote: Hey All, Are we requesting that an auto generated/auto submitted header be included in these reports? This will remove things like OOF Bounces and auto responders. (which

Re: [dmarc-discuss] dmarc gogole attachments seen as executable

indeed, but seems the filter is looking for .com anywhere in the filename string, rather than at the end... I say bad design. in DMARC filenames end up with .xml, .zip or .gzip On Tue, Aug 25, 2015 at 11:05 AM, Dave Warren via dmarc-discuss dmarc-discuss@dmarc.org wrote: On 2015-08-25 09:56,

Re: [dmarc-discuss] dmarc gogole attachments seen as executable

Note that the failure reports contains even more information that will trigger the filters, therefore both addresses (rue and ruf) should be set up to allow such reports to come in. Fix your filters would be my answer. On Sun, Aug 23, 2015 at 11:35 AM, jotest via dmarc-discuss

Re: [dmarc-discuss] [Newbie warning] Both spf and dkim?

DKIM fails for 0.5% of cases when it should not fail, cause the protocol is really complex and until DMARC such bugs were hard to find... SPF is an easy protocol, not many bugs... however does not work with DMARC when forwarding emails (the aligned part that is). So for p=none you don't need to

Re: [dmarc-discuss] am not getting any rua reports for a domain

check https://dmarcian.com/dmarc-inspector/sb.intelli-shop.com for errors and warnings. ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the

Re: [dmarc-discuss] am not getting any rua reports for a domain

http://digwebinterface.com/?hostnames=_dmarc.sb.mumble.comtype=TXTuseresolver=8.8.4.4ns=authnameservers= Is telling me you do not have any DMARC record form sb.mumble.com Check also https://dmarcian.com/dmarc-inspector/sb.mumble.com On Wed, Jul 15, 2015 at 12:47 PM, Steven M Jones via

Re: [dmarc-discuss] Mail delivery failed: returning message to sender

I alerted Steve Jones. He should get it fixed soon On the broader question, send aggregates and failure report from dedicated IPs, it is safer. On Thu, Jul 9, 2015 at 9:00 AM, Al Iverson via dmarc-discuss dmarc-discuss@dmarc.org wrote: Aha, that makes sense now. Thanks. On Thu, Jul 9,

Re: [dmarc-discuss] exim rejecting gmail DMARC reports

You are supposed to ship the aggregate report as a gzip attachment, with the gzip extension. (zip will work too, but we made it obsolete). On Thu, Jul 9, 2015 at 4:46 AM, Chad Henry via dmarc-discuss dmarc-discuss@dmarc.org wrote: I'm receiving the following message from exim when receiving

Re: [dmarc-discuss] dmarc record added but no reports received

On Jan 15, 2015, at 2:45 AM, Constantino Antunes via dmarc-discuss dmarc-discuss@dmarc.org wrote: Hello, I have set up dmarc for a couple of domains, and confirmed they are correct using the dmarcian inspector: https://dmarcian.com/dmarc-inspector/theticketsellers.co.uk

Re: [dmarc-discuss] inconsistent policy_published

On Dec 5, 2014, at 1:29 PM, John Bodek via dmarc-discuss dmarc-discuss@dmarc.org wrote: Ah ha. Looks like the Google support guide gives a bad example. Now switching over to dmarc.org for future reference :) try dmarcian.com to validate your record signature.asc Description: Message

[dmarc-discuss] Upgrade your MS-Exchange 2013 to Cumulative Update 6

http://support.microsoft.com/kb/2993556 --- Sender's DKIM signature is broken in an Exchange Server 2013 environment This issue occurs because Microsoft Exchange changes the headers of a message, and this breaks the DomainKeys Identified Mail (DKIM) signature. To resolve this issue, install the

Re: [dmarc-discuss] SPF Check issue on Google Reports

Check https://dmarcian.com/spf-survey/prodest.es.gov.br There is a warning and the a: is redundant anyhow, I would just suppress it. No need to add an extra DNS query. your authoritative servers seems fine:

Re: [dmarc-discuss] DMARC and mailing lists

On Aug 24, 2014, at 3:07 PM, Larry Finch via dmarc-discuss dmarc-discuss@dmarc.org wrote: On Aug 24, 2014, at 4:05 PM, Matt Simerson via dmarc-discuss dmarc-discuss@dmarc.org wrote: On Aug 24, 2014, at 5:18 AM, Nicolás via dmarc-discuss dmarc-discuss@dmarc.org wrote: Hi! I'm

Re: [dmarc-discuss] Unauthenticated emails being delivered to Google

On Aug 1, 2014, at 10:08 AM, Benny Pedersen s...@forged.junc.eu wrote: Authentication-Results: duggi.junc.org/5CA2025C056; dmarc=none header.from=dmarc.org not solved yet Because your client decided to show you the email I sent you directly rather than the one via this mailing list…

[dmarc-discuss] opendmarc 1.3.0 released

Aim to the opendmarc mailing list if you have questions, but I though I would alert people of this release on this list. http://sourceforge.net/projects/opendmarc/ OPENDMARC RELEASE NOTES This listing shows the versions of the OpenDMARC package, the date of release, and

Re: [dmarc-discuss] Unauthenticated emails being delivered to Google

Any receiver may decide to override the sender policy. There is a method to do that and report it in aggregate reports. A receiver would do it, when you have a particularly troublesome big forwarder and when too many of your users would complain of not receiving such emails anymore. The

Re: [dmarc-discuss] Unauthenticated emails being delivered to Google

On Jul 31, 2014, at 4:37 PM, Steve Atkins via dmarc-discuss dmarc-discuss@dmarc.org wrote: On Jul 31, 2014, at 3:31 PM, Norman, Jean Marie via dmarc-discuss dmarc-discuss@dmarc.org wrote: Has anyone experienced unauthenticated emails being delivered to Google recipients despite having

Re: [dmarc-discuss] On Inbound DMARC Support

If you look at the spec, there is a strong recommendation to have it this way: http://tools.ietf.org/html/draft-kucherawy-dmarc-base-04#section-15.4 550 5.7.1 Email rejected per DMARC policy for example.com It should make your internal discussion easier… We found out that putting the word DMARC

Re: [dmarc-discuss] On Inbound DMARC Support

On Jun 20, 2014, at 9:31 AM, Steve Atkins via dmarc-discuss dmarc-discuss@dmarc.org wrote: On Jun 20, 2014, at 8:45 AM, Brian Westnedge via dmarc-discuss dmarc-discuss@dmarc.org wrote: Here's a simple use case for a spear-phisher where DMARC could be effective on the inbound: 1.

Re: [dmarc-discuss] On Inbound DMARC Support

On Jun 19, 2014, at 7:14 AM, John Mears via dmarc-discuss dmarc-discuss@dmarc.org wrote: I believe there are some announcements expected shortly, and both Symantec and Halon are already offering it as a cloud filtering service. (I think I'm forgetting another service...) --Steve.

Re: [dmarc-discuss] MLM and Header-From rewritting - the SMTPopen-relay analogy

On Jun 7, 2014, at 7:44 PM, Dave Crocker d...@dcrocker.net wrote: On 6/7/2014 7:31 PM, Franck Martin wrote: But the claim is that these workarounds will mainly happen after you do DMARC p=reject. This data is coming in a not too distant future now. Keeping in mind that the mailing list

Re: [dmarc-discuss] MLM and Header-From rewritting - the SMTPopen-relay analogy

On Jun 7, 2014, at 10:42 PM, Larry Finch via dmarc-discuss dmarc-discuss@dmarc.org wrote: On Jun 7, 2014, at 4:14 PM, Shal Farley s...@roadrunner.com wrote: Larry, Except, as I and others have discovered in the past few days, DMARC does NOT make email so much more secure,” as

Re: [dmarc-discuss] DMARC thwarted already?

On Jun 5, 2014, at 5:34 PM, Terry Zink via dmarc-discuss dmarc-discuss@dmarc.orgmailto:dmarc-discuss@dmarc.org wrote: Franck, See the end of the email, where I argued this case… and It is hard to create a club and define the entry level which is open to all, provided they meet some

Re: [dmarc-discuss] DMARC thwarted already?

On Jun 5, 2014, at 11:54 AM, Mason Schmitt via dmarc-discuss dmarc-discuss@dmarc.org wrote: On Jun 5, 2014, at 9:26 PM, Al Iverson via dmarc-discuss dmarc-discuss@dmarc.org wrote: And also, do recognize that DMARC is only one part of the badness prevention equation, it doesn't cover

Re: [dmarc-discuss] DMARC thwarted already?

On Jun 5, 2014, at 4:06 PM, Murray S. Kucherawy via dmarc-discuss dmarc-discuss@dmarc.org wrote: On Thu, Jun 5, 2014 at 1:49 PM, Les Barstow via dmarc-discuss dmarc-discuss@dmarc.org wrote: I agree - DMARC does not protect against the From description. But if the MUA were to display the

Re: [dmarc-discuss] DMARC thwarted already?

On Jun 5, 2014, at 4:22 PM, Terry Zink via dmarc-discuss dmarc-discuss@dmarc.org wrote: Doesn’t this come back to the whitelist idea? For the green bar SSL certs (Extended Validation), the certs have a bunch of information encoded in it, and the browsers have a list of CA’s that they

Re: [dmarc-discuss] why is this IP failing SPF?

The policy_evaluated part indicates the DKIM+alignement and SPF+alignment result, not the core DKIM and SPF test, which is later in the record see http://www.dmarc.org/faq.html#r_3 On May 30, 2014, at 4:29 PM, Tomasz Chmielewski via dmarc-discuss dmarc-discuss@dmarc.org wrote: 178.63.195.102

Re: [dmarc-discuss] DMARC Successful Mail Delivery Reports

Besides the backscatter AOL is creating and should stop, seems you should move your domain to p=reject to avoid that these spoofed emails get delivered to aol users and others... Printed on recycled paper! On May 11, 2014, at 19:34, Scott Kitterman via dmarc-discuss dmarc-discuss@dmarc.org

Re: [dmarc-discuss] DMARC Successful Mail Delivery Reports

Not exactly, the failure reports are not supposed to go back to the (fake) sender but to the email specific by the ruf. This seems a delivery notification, so besides a bug at AOL, I would think that the fake email contains a delivery receipt header... Which AOL would honor... I did not see

Re: [dmarc-discuss] DMARC woes - forwarding signed / encrypted e-mail

On May 9, 2014, at 2:42 PM, Michael Adkins via dmarc-discuss dmarc-discuss@dmarc.org wrote: On 5/9/14, 2:20 PM, J. Gomez jgo...@seryrich.com wrote: It is clear YAHOO and AOL have watered down the value, meaning and trustworthiness of p=reject Yes, I understand that that is your

Re: [dmarc-discuss] About that From: field

On May 10, 2014, at 2:29 AM, John Levine via dmarc-discuss dmarc-discuss@dmarc.org wrote: Oh, wow. The mail going into the archive isn't the same as the mail going out to the list. I wonder what we'll fix next. This feels like complaining for complaining's sake. Do you prefer that the

Re: [dmarc-discuss] DMARC woes - forwarding signed / encrypted e-mail

On May 8, 2014, at 8:03 PM, Murray S. Kucherawy via dmarc-discuss dmarc-discuss@dmarc.org wrote: On Thu, May 8, 2014 at 12:28 PM, J. Gomez jgo...@seryrich.com wrote: It seems to me that a particularly defensive receiver would run the heuristic/whitelist checks on all messages anyway.