On Sun, 21 Feb 2021, John Hardin wrote:
On Sun, 21 Feb 2021, Dominic Raferd wrote:
On 21/02/2021 20:09, Benny Pedersen wrote:
On 2021-02-21 19:44, Dominic Raferd wrote:
Presumably interfacefm.com has been hacked, but not to the extent that
they can intercept incoming replies.
I stand corrected; but as they specify p=none, the mail must still pass.
in what way should it pass ?
dmarc tests spf, dkim, and opendmarc from github trunk validates arc
chains aswell, there is no garenti that anything pass
only sendgrid maked that mistake, sorry sendgrid
p=none is an instruction from the domain controller *not* to reject emails
from their domain even when they fail DMARC testing. So the end result is
that this mail should pass through DMARC testing.
DMARC is a red herring here. My original question wouldn't be relevant if
the sending domain had an enforced DMARC policy (p=quarantine|reject), but
they don't.
Michael's suggestion is interesting. There is a github project allowing
Levenshtein numbers to be calculated and used in SA, I will see if there is
a way to apply it in this situation. Thanks to all for their input.
It would have to be a plugin, and there's a CPAN module for calculating
Levenshtein numbers so most of the heavy lifting is already done.
Sigh. Ignore that, that's exactly what it is. I need to stop replying so
quickly to stuff.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Avatar: the highest grossing Pocahontas remake ever. -- Chris Sauer
-----------------------------------------------------------------------
Tomorrow: George Washington's 289th Birthday
