John,
Are you ready to send failure reports for emails received by you?
Show the way, write about it, this may help others to do the same.
Thanks
On Fri, Dec 23, 2016 at 8:10 AM, John Comfort via dmarc-discuss <
dmarc-discuss@dmarc.org> wrote:
> Maybe it is time to rethink this, or open a
On Wed, Oct 26, 2016 at 8:47 AM, Payne, John wrote:
>
>
> On Oct 26, 2016, at 11:36 AM, Franck Martin wrote:
>
>
>
> 4) GApps DKIM signs all the emails with .gappssmtp.com
>
Couple of points...
1) https://github.com/linkedin/dmarc-msys/blob/master/dmarc.lua#L804
This is how we detect if the email is likely to be from a mailing list. I
parse the logs from time to time, and put exceptions in our local policy.
2) very few lists discard DMARC protected emails on
I'm not sure what is the issue here? Mailing lists break DKIM by design. We
could go to the old style of mailing lists, which did not break DKIM, but
did not have, for instance, these nice footers to tell people how to
unsubscribe...
For the deployment of DNSSEC this is the wrong list, and let's
As Elizabeth said.
I suspect your implementation of openDMARC cannot see the SPF result in the
email.
You may want to read https://sourceforge.net/p/opendmarc/tickets/100/ they
suggest a few fixes...
Notably, do you have a recent public suffix list in your openDMARC config?
On Mon, Oct 3, 2016
Happy to help, but as Roland said the problem seems to be on the receiver
side. SPF is pass and aligned, that alone should do a DMARC pass.
On Sun, Oct 2, 2016 at 9:03 PM, Roland Turner via dmarc-discuss <
dmarc-discuss@dmarc.org> wrote:
> This looks like a receiver-side bug. An SPF pass for
ractice? The HELO domain is the HELO domain.
> Or is the difference that alignment is required when postmaster@
> is used in DMARC context?
>
> Thanks,
>
> Maarten
>
> On 9 mei 2016, at 19:27, Franck Martin via dmarc-discuss <
> dmarc-discuss@dmarc.org> wrote:
>
MS-Exchange tends to normalize the email (like fix html) before storing it
(in TNEF format) or forwarding it. It is known, and is being addresses.
Several fixes have been in place in office365 (less so for on-premises
systems), but your mileage may vary...
A search through the list archives may
like comma, @, and I believe
space... but I often get lost in ABNI.
On Wed, Apr 6, 2016 at 9:41 AM, A. Schulze via dmarc-discuss <
dmarc-discuss@dmarc.org> wrote:
>
> Franck Martin via dmarc-discuss:
>
> Vladimir,
>>
>> We are not discussing here the fact you
Vladimir,
We are not discussing here the fact you can put 2 mailboxes in a From: but
that the display part must be between double quotes.
A mailbox is an optional display part within double quotes followed by an
email address within <>. Mailboxes are separated by comas ,.
On Wed, Apr 6, 2016 at
It happens a lot..
The obsoleted format allowed it, not the recent one. I think we should
ignore the obsolete format now...
The problem is:
From: j...@example.com
Which certain quite old versions of .net do.
On Wed, Apr 6, 2016 at 3:26 AM, A. Schulze via dmarc-discuss <
the spf scope (help or mailfrom).
>
> Thanks,
>
> Dave
>
> --
> Dave Lugo
> Engineer, Comcast Anti-Abuse Technologies
> Desk: 215-286-5451
>
>
> From: dmarc-discuss <dmarc-discuss-boun...@dmarc.org> on behalf of Franck
> Martin via dmarc-discuss <dmarc-
It is a bug.
There can only be one SPF per record. Theoretically SPF returns 2 results,
one for the RFC7208.HELO and another one for RFC7208.MAILFROM, but DMARC
takes as input only RFC7208.MAILFROM, therefore only this results is needed
in DMARC reports.
RFC7208.MAILFROM is not RFC5321.MailFrom,
you may want to post this on mailop too? Or I can post it for you.
On Tue, Mar 22, 2016 at 11:35 AM, Sumeet Solanki via dmarc-discuss <
dmarc-discuss@dmarc.org> wrote:
> [image: Purple]
>
> Dear members,
>
> This is a final reminder that on March 28th (Monday), Yahoo will switch to
> a p=reject
On Mon, Feb 15, 2016 at 10:53 PM, Scott Kitterman via dmarc-discuss
wrote:
> On Tuesday, February 16, 2016 06:17:27 AM Roland Turner via dmarc-discuss
> wrote:
>> Scott Kitterman wrote:
>>
>> 1: I *don't* believe that this would take the form of a whitelist. It's more
>>
The problem with the e-mail community, is few people drives all of us
away from mailing lists.
On Mon, Feb 15, 2016 at 3:47 PM, John R Levine wrote:
>> As I said earlier spamhaus and surbl has the data. The question is not
>> which domains to trust, but which domains not to
As I said earlier spamhaus and surbl has the data. The question is not
which domains to trust, but which domains not to trust.
On Mon, Feb 15, 2016 at 3:35 PM, John Levine wrote:
>>ARC purpose is to say when DMARC fail and the email should be rejected that
>>it is ok to let it
n
> >
> >
> > --
> > Al Iverson - Minneapolis - (312) 275-0130
> > Simple DNS Tools since 2008: xnnd.com
> > www.spamresource.com & aliverson.com
> >
> > On Mon, Feb 15, 2016 at 1:35 PM, Franck Martin via dmarc-discuss <
> >
> > dma
fine. Email is more important, so I care more how and
> where it gets done.
>
> Scott K
>
> On Monday, February 15, 2016 10:56:57 AM Franck Martin via dmarc-discuss
> wrote:
> > Yes it is a "you have to be this tall to ride with us". For instance,
> many
&g
Yes it is a "you have to be this tall to ride with us". For instance, many
Wordpress sites are on URL blocking lists, because the managers cannot keep
with basic security updates. So if you want to host a website, you have to
be that tall to ride with us (or find a hosting company, that will give
Some MTAs are known to break DKIM when doing a simple forwarding. Your
failure reports may give you enough information to know what is happening
at some IPs.
On Sat, Feb 13, 2016 at 3:34 AM, Ben Greenfield via dmarc-discuss <
dmarc-discuss@dmarc.org> wrote:
> Hey All,
>
> Sorry I didn’t not
State here the bugs you find, we are all ears...
On Thu, Feb 11, 2016 at 9:59 PM, Peter Bowen via dmarc-discuss <
dmarc-discuss@dmarc.org> wrote:
> Thanks, that is really helpful.
>
> It would be really nifty to add a “DMARC 1.0 compliance” percentage next
> to each sender. I’m seeing lots of
On Wed, Feb 10, 2016 at 7:06 PM, Steve Atkins via dmarc-discuss <
dmarc-discuss@dmarc.org> wrote:
>
> > On Feb 10, 2016, at 6:37 PM, Roland Turner via dmarc-discuss <
> dmarc-discuss@dmarc.org> wrote:
> >
> > John Levine wrote:
> >
> >> How is this different from everyone's favorite alleged
John, the critic is always easy, stop bullying please.
On Thu, Feb 11, 2016 at 1:58 PM, John Levine wrote:
> >Smells like:
> >
> >From: Paypal Security secur...@paypal.com
> >
> >Not sure it is a good idea.
>
> It's a terrible idea. Too bad some ill-designed
On Mon, Feb 8, 2016 at 4:35 PM, Al Iverson via dmarc-discuss <
dmarc-discuss@dmarc.org> wrote:
> On Mon, Feb 8, 2016 at 1:51 PM, John R Levine via dmarc-discuss
> wrote:
> >> It is even worse than I thought, you really want to stop efforts in
> >> fighting phish, by
My pleasure, now watch out for Business Email Compromise (BEC) and Account
Take Over (ATO). Your domain is hosted via Google Apps, as they use DMARC
to filter incoming emails, now nobody can inject into your system an email
that would look like internal (as per your domain name), this will help a
Relaxed alignment means the identifier domain (SPF or DKIM) have the same
organizational domain as the domain in the RFC5322.From.
On Tue, Feb 9, 2016 at 1:36 PM, Brotman, Alexander via dmarc-discuss <
dmarc-discuss@dmarc.org> wrote:
> Hello,
>
> I have a question about how to interpret a
It is even worse than I thought, you really want to stop efforts in
fighting phish, by muddling the waters between real domains and fake ones
sigh!
On Sun, Feb 7, 2016 at 1:02 PM, John R Levine wrote:
> mailing list. For example. mail from mari...@yahoo.com turns into
>>>
On Sun, Feb 7, 2016 at 12:22 PM, John Levine via dmarc-discuss <
dmarc-discuss@dmarc.org> wrote:
> In article
if they
> don't
> already trust the sender.
>
> Scott K
>
> On Sunday, February 07, 2016 11:14:12 AM Franck Martin via dmarc-discuss
> wrote:
> > ARC will help, but there are many mailing lists that don't have DKIM or
> > even SPF. So even if ARC is available tomorrow, it m
ARC will help, but there are many mailing lists that don't have DKIM or
even SPF. So even if ARC is available tomorrow, it may take years before
mailing lists adopt any solution. So someone will have to make a stand, to
get operators to deploy something.
On Sun, Feb 7, 2016 at 10:10 AM, Al
If you report for take down the URLs you get from the failure reports...
Also until you moved to p=reject they would not have noticed a decrease in
their success rates... Once it is not worth it, they will move to a softer
target, or use a different method to achieve their goals.
On Mon, Jan 18,
I think ARC is making it clear it does not provide a chain of trust but a
custodial chain.
Assessing the trust of this custodial chain is left as an exercise to the
implementer :P
Seriously, a very simple system, is to extract all the domains in the chain
and see if any is on a blocklist
The fun is moving to ARC
https://dmarc.org/2015/10/global-mailbox-providers-deploying-dmarc-to-protect-users/
On Thu, Oct 22, 2015 at 8:51 AM, Mark Rousell via dmarc-discuss <
dmarc-discuss@dmarc.org> wrote:
> Is it just me or was the last post on here really on 5th October?
>
> --
> Mark
On Thu, Oct 22, 2015 at 12:36 PM, Andrew Beverley <a...@simplelists.com>
wrote:
> On Thu, 2015-10-22 at 10:19 -0700, Franck Martin via dmarc-discuss
> wrote:
> > The fun is moving to ARC
> >
> >
> https://dmarc.org/2015/10/global-mailbox-providers-deploying-dmarc
On Tue, Sep 29, 2015 at 12:15 PM, A. Schulze via dmarc-discuss <
dmarc-discuss@dmarc.org> wrote:
>
> Alec Peterson via dmarc-discuss:
>
> Why force the report generator to do something that could be done when the
>> report is received, if desired?
>>
>
> because
> - the MTA already did the rDNS
seems like a good idea
On Wed, Aug 26, 2015 at 5:30 AM, Jacob Evans via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
Hey All,
Are we requesting that an auto generated/auto submitted header be included
in these reports?
This will remove things like OOF Bounces and auto responders. (which
indeed, but seems the filter is looking for .com anywhere in the filename
string, rather than at the end... I say bad design.
in DMARC filenames end up with .xml, .zip or .gzip
On Tue, Aug 25, 2015 at 11:05 AM, Dave Warren via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
On 2015-08-25 09:56,
Note that the failure reports contains even more information that will
trigger the filters, therefore both addresses (rue and ruf) should be set
up to allow such reports to come in. Fix your filters would be my answer.
On Sun, Aug 23, 2015 at 11:35 AM, jotest via dmarc-discuss
DKIM fails for 0.5% of cases when it should not fail, cause the protocol
is really complex and until DMARC such bugs were hard to find...
SPF is an easy protocol, not many bugs... however does not work with DMARC
when forwarding emails (the aligned part that is).
So for p=none you don't need to
check https://dmarcian.com/dmarc-inspector/sb.intelli-shop.com for errors
and warnings.
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the
http://digwebinterface.com/?hostnames=_dmarc.sb.mumble.comtype=TXTuseresolver=8.8.4.4ns=authnameservers=
Is telling me you do not have any DMARC record form sb.mumble.com
Check also https://dmarcian.com/dmarc-inspector/sb.mumble.com
On Wed, Jul 15, 2015 at 12:47 PM, Steven M Jones via
I alerted Steve Jones. He should get it fixed soon
On the broader question, send aggregates and failure report from dedicated
IPs, it is safer.
On Thu, Jul 9, 2015 at 9:00 AM, Al Iverson via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
Aha, that makes sense now. Thanks.
On Thu, Jul 9,
You are supposed to ship the aggregate report as a gzip attachment, with
the gzip extension. (zip will work too, but we made it obsolete).
On Thu, Jul 9, 2015 at 4:46 AM, Chad Henry via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
I'm receiving the following message from exim when receiving
On Jan 15, 2015, at 2:45 AM, Constantino Antunes via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
Hello,
I have set up dmarc for a couple of domains, and confirmed they are correct
using the dmarcian inspector:
https://dmarcian.com/dmarc-inspector/theticketsellers.co.uk
On Dec 5, 2014, at 1:29 PM, John Bodek via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
Ah ha. Looks like the Google support guide gives a bad example. Now
switching over to dmarc.org for future reference :)
try dmarcian.com to validate your record
signature.asc
Description: Message
http://support.microsoft.com/kb/2993556
---
Sender's DKIM signature is broken in an Exchange Server 2013 environment
This issue occurs because Microsoft Exchange changes the headers of a message,
and this breaks the DomainKeys Identified Mail (DKIM) signature.
To resolve this issue, install the
Check
https://dmarcian.com/spf-survey/prodest.es.gov.br
There is a warning and the a: is redundant anyhow, I would just suppress it. No
need to add an extra DNS query.
your authoritative servers seems fine:
On Aug 24, 2014, at 3:07 PM, Larry Finch via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
On Aug 24, 2014, at 4:05 PM, Matt Simerson via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
On Aug 24, 2014, at 5:18 AM, Nicolás via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
Hi!
I'm
On Aug 1, 2014, at 10:08 AM, Benny Pedersen s...@forged.junc.eu wrote:
Authentication-Results: duggi.junc.org/5CA2025C056; dmarc=none
header.from=dmarc.org
not solved yet
Because your client decided to show you the email I sent you directly rather
than the one via this mailing list…
Aim to the opendmarc mailing list if you have questions, but I though I would
alert people of this release on this list.
http://sourceforge.net/projects/opendmarc/
OPENDMARC RELEASE NOTES
This listing shows the versions of the OpenDMARC package, the date of
release, and
Any receiver may decide to override the sender policy. There is a method to do
that and report it in aggregate reports. A receiver would do it, when you have
a particularly troublesome big forwarder and when too many of your users would
complain of not receiving such emails anymore.
The
On Jul 31, 2014, at 4:37 PM, Steve Atkins via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
On Jul 31, 2014, at 3:31 PM, Norman, Jean Marie via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
Has anyone experienced unauthenticated emails being delivered to Google
recipients despite having
If you look at the spec, there is a strong recommendation to have it this way:
http://tools.ietf.org/html/draft-kucherawy-dmarc-base-04#section-15.4
550 5.7.1 Email rejected per DMARC policy for example.com
It should make your internal discussion easier…
We found out that putting the word DMARC
On Jun 20, 2014, at 9:31 AM, Steve Atkins via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
On Jun 20, 2014, at 8:45 AM, Brian Westnedge via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
Here's a simple use case for a spear-phisher where DMARC could be effective
on the inbound:
1.
On Jun 19, 2014, at 7:14 AM, John Mears via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
I believe there are some announcements expected shortly, and both Symantec
and Halon are already offering it as a cloud filtering service. (I think I'm
forgetting another service...)
--Steve.
On Jun 7, 2014, at 7:44 PM, Dave Crocker d...@dcrocker.net wrote:
On 6/7/2014 7:31 PM, Franck Martin wrote:
But the claim is that these workarounds will mainly happen after you do
DMARC p=reject. This data is coming in a not too distant future now.
Keeping in mind that the mailing list
On Jun 7, 2014, at 10:42 PM, Larry Finch via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
On Jun 7, 2014, at 4:14 PM, Shal Farley s...@roadrunner.com wrote:
Larry,
Except, as I and others have discovered in the past few days, DMARC does
NOT make email so much more secure,” as
On Jun 5, 2014, at 5:34 PM, Terry Zink via dmarc-discuss
dmarc-discuss@dmarc.orgmailto:dmarc-discuss@dmarc.org wrote:
Franck,
See the end of the email, where I argued this case… and It is hard to create
a club and define the entry level which is open to all, provided they meet
some
On Jun 5, 2014, at 11:54 AM, Mason Schmitt via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
On Jun 5, 2014, at 9:26 PM, Al Iverson via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
And also, do recognize that DMARC is only one part of the badness
prevention equation, it doesn't cover
On Jun 5, 2014, at 4:06 PM, Murray S. Kucherawy via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
On Thu, Jun 5, 2014 at 1:49 PM, Les Barstow via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
I agree - DMARC does not protect against the From description. But if the MUA
were to display the
On Jun 5, 2014, at 4:22 PM, Terry Zink via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
Doesn’t this come back to the whitelist idea? For the green bar SSL certs
(Extended Validation), the certs have a bunch of information encoded in it,
and the browsers have a list of CA’s that they
The policy_evaluated part indicates the DKIM+alignement and SPF+alignment
result, not the core DKIM and SPF test, which is later in the record see
http://www.dmarc.org/faq.html#r_3
On May 30, 2014, at 4:29 PM, Tomasz Chmielewski via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
178.63.195.102
Besides the backscatter AOL is creating and should stop, seems you should move
your domain to p=reject to avoid that these spoofed emails get delivered to aol
users and others...
Printed on recycled paper!
On May 11, 2014, at 19:34, Scott Kitterman via dmarc-discuss
dmarc-discuss@dmarc.org
Not exactly, the failure reports are not supposed to go back to the (fake)
sender but to the email specific by the ruf. This seems a delivery
notification, so besides a bug at AOL, I would think that the fake email
contains a delivery receipt header... Which AOL would honor...
I did not see
On May 9, 2014, at 2:42 PM, Michael Adkins via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
On 5/9/14, 2:20 PM, J. Gomez jgo...@seryrich.com wrote:
It is clear YAHOO and AOL have watered down the value, meaning and
trustworthiness of p=reject
Yes, I understand that that is your
On May 10, 2014, at 2:29 AM, John Levine via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
Oh, wow. The mail going into the archive isn't the same as the mail
going out to the list. I wonder what we'll fix next.
This feels like complaining for complaining's sake. Do you prefer that
the
On May 8, 2014, at 8:03 PM, Murray S. Kucherawy via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
On Thu, May 8, 2014 at 12:28 PM, J. Gomez jgo...@seryrich.com wrote:
It seems to me that a particularly defensive receiver would run the
heuristic/whitelist checks on all messages anyway.
68 matches
Mail list logo