Andres wrote: > Does anybody know, if Swiss Internetproviders do send DMARC Reports > in theyr Email Service?
sunrise.net & libertyglobal.com (read: UPC/Cablecom) are reporting at least. There are also a variety of other Swiss companies sending out reports. (switch, unibas, unil, swiss-re) AS15600 currently does not send out reports, but if people really would want them, could look into enabling it. On 2020-08-04 12:20, Benoit Panizzon wrote: [..] > I have not yet found easy tools to evaluate the reports. (any tips > welcome). For AS15600 we peek at the results gathered with: https://github.com/domainaware/parsedmarc Though it is a primarily to just peek, not to monitor, there are other tools for that. Be prepared to learn that: - Google receives most email (quelle surprise). - Google also sends mail for your domains (likely forwarding as the DKIM headers are intact) - there are a few persistent spamming hosts spamming towards Google, that never get cleaned up or blacklisted (but SPF/DKIM/DMARC causes the mail to not be accepted) Looking at boracaybeachhouses.com / 209.59.154.15 - Spammers generate sometimes more mail than you, that nicely all get rejected (SPF/DKIM/DMARC) - Some obscure domain on your mailplatform is used as a source for spam, but SPF/DKIM/DMARC drops that :) - 70% DMARC Passage, 65% DKIM Alignment, 46% SPF Alignment It is thus quite educational, as it shows that the SPF/DKIM/DMARC combo is actually effective and avoids quite some backscatter when verified during the SMTP-DATA phase. Of course, there are side-effects, forwarding is horribly broken. But... For the encrypted remailer that is trident.li, used in a variety of places (one recently part of a flamewar on the RIPE lists ;), I've solved that with a 'via' address: When an incoming mail has a DKIM-Signature header, trident rewrites From: to: From: "Jeroen Massar [jer...@massar.ch]" <jeroen=massar...@via.example.net> This so that it is clear what the From is; noting that many MUAs store emails automatically in the addressbook; thus using e.g. l...@example.net in the From will just cause problems (see also Jira notifications). then it adds it's own DKIM + ARC(Authenticated-Results/ARC-AR) signatures, which validate happily. When a user hits 'reply-all' then both From + To: are considered and goes to the right recipients. When the user hits 'reply list' it goes correctly to the list (as that To: address is still valid and the List-Reply header is there. When the user hits 'reply' it goes to the From which is the @via address at example.net, which can rewrite it back to the normal user and forward the message along. Greets, Jeroen _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
