Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome

Administered by:

Server stats:

5.3K
active users

techhub.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

#DKIM

2 posts2 participants0 posts today
Public
Afnic

🌐 L'Afnic est présente aujourd'hui jusqu'au 3 avril au Forum INCYBER Europe (FIC) au stand F-40 à Lille.

🛡️ Une belle opportunité d'échanger sur les enjeux DNS de la cybersécurité.

➡️ Découvrez également notre nouvelle formation NIS 2 Lead Implementer afnic.fr/produits-services/for

Et explorer toutes nos formations sur la sécurisation du DNS afnic.fr/produits-services/for

Venez rencontrer Lotfi Benyelles, Benoît Ampeau et Régis Massé au Stand F-40 !

#Afnic#DNS#InCyber
Continued thread
Public
Jan Schaumann

System Administration

Week 8, The Simple Mail Transfer Protocol, Part III

In this video, we look at ways to combat Spam. In the process, we learn about email headers, the Sender Policy Framework (#SPF), DomainKeys Identified Mail (#DKIM), and Domain-based Message Authentication, Reporting and Conformance (#DMARC). #SMTP doesn't seem quite so simple any more...

youtu.be/KwCmv3GHGfc

youtu.be- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
#SysAdmin#SRE#DevOps
Public
N-gated Hacker News

Wow, who knew #spammers were the real email security ninjas? 🤦‍♂️ Apparently, their #SPF, #DKIM, and #DMARC game is on point, while the rest of us are still trying to figure out why we can't open #Mastodon without JavaScript. 🐢💻
toad.social/@grumpybozo/114213 #emailsecurity #HackerNews #ngated

toad.social🆘Bill Cole 🇺🇦 (@grumpybozo@toad.social)@jwz@mastodon.social The stats we collect for the #SpamAssassin project (mass-scan results from participating sites) have long shown that spammers are more consistent at making SPF, DKIM, and DMARC correct than are legitimate senders. DMARC in particular has no discernible benefit for most senders, so it is a useless signal. Rejecting mail based solely on authentication failures of those deeply flawed authentication methods does more harm than good.
Public *
Marcos Dione

"The stats we collect for the #SpamAssassin project (mass-scan results from participating sites) have long shown that spammers are more consistent at making #SPF, #DKIM, and #DMARC correct than are legitimate senders. DMARC in particular has no discernible benefit for most senders, so it is a useless signal.

Rejecting mail based solely on authentication failures of those deeply flawed authentication methods does more harm than good."

jwz.org/blog/2025/03/dmarc-and

EDIT: h/t @grumpybozo

#mail
Replied in thread
Public *
Erik van Straten

@grumpybozo : I definitely am not angry with you (I very much agree).

Unfortunately many admins treat security solutions like they're a religion.

Some time age there was a hefty debate on a Dutch "mostly admins" site (tweakers.net, I'd have to look up the exact thread) about the "correct" sending and receiving MTA configurations. There was no agreement.

Microsoft even used to ignore SPF/DKIM/DMARC if the sender was in the "safe senders" list (which the user's address book defaults to). What could possibly go wrong (later MS corrected that).

The screenshot below is from part of security.nl/posting/766069/DMA (I wrote that Sept. 14, 2022).

Edited 23:36 UTC to add: {
arxiv.org/abs/2302.07287
Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy
Enze Liu, Gautam Akiwate, Mattijs Jonker, Ariana Mirian, Grant Ho, Geoffrey M. Voelker, Stefan Savage
}

Screenshot from part of https://www.security.nl/posting/766069/DMARC+bypass+%28Outlook+only%3F%29#posting767981 Microsoft has meanwhile changed this behavior, but https://docs.microsoft.com/en-gb/microsoft-365/security/office-365-security/use-dmarc-to-validate-email#how-microsoft-365-handles-inbound-email-that-fails-dmarc used to read: { How Microsoft 365 handles inbound email that fails DMARC If the DMARC policy of the sending server is p=reject, Exchange Online Protection (EOP) marks the message as spoof instead of rejecting it. In other words, for inbound email, Microsoft 365 treats p=reject and p=quarantine the same way. [...] Microsoft 365 is configured like this because some legitimate email may fail DMARC. For example, a message might fail DMARC if it's sent to a mailing list that then relays the message to all list participants. If Microsoft 365 rejected these messages, people could lose legitimate email and have no way to retrieve it. Instead, these messages will still fail DMARC but they'll be marked as spam and not rejected. If desired, users can still get these messages in their inbox through these methods: • Users add safe senders individually by using their email client. [...] }
#SPF#DKIM#DMARC
Replied in thread
Public
Erik van Straten

@deepthoughts10 wrote: "email authentication like DMARC/SPF does one thing: it prevents impersonation of a specific domain (assuming policies are configured for reject or quarantine.)"

It does not even do that on my iPhone.

P.S. SPF was invented to prevent Joe Jobs (en.wikipedia.org/wiki/Joe_job). Marketing idiots (including Bill Gates) said that it would kill spam. It killed forwarding instead.

@grumpybozo @jwz

Screenshot showing an email sent by "Liberapay Support" regarding problems with a payment for infosec.exchange. Problem: the sender domain is not shown.
#SPF#DKIM#DMARC
Replied in thread
Public
Delta Chat

@mathilde #chatmail server users don't have these problems because they don't even need to know their password or email address. Messages in delta chat are stored locally and the server only stores them for a limited time, up to 20 days by default, so all devices have a chance to download the message. Blocklists are also not used, the only requirements are #DKIM signature and #OpenPGP encryption.

Public
jordan

Hey #email #nerds and #ServerAdmin people, I know about #DMARC, #SPF, and #DKIM and stuff. BUT.

Idea: system where email servers generate a #GUID identifier for that specific email and keep it in a database. Other servers and email clients can then just ping the #domain that the email says its from and confirm the real domain sent it.

Like, why couldn't this be a thing? Seems like it would completely stop those #spam emails that pretend to be from #PayPal or #banks.

Public *
🚲 Elizabeth :flag_bisexual:

J'ai un nom de domaine chez #o2switch et depuis quelques jours, je ne peux plus envoyer de mails à mes contacts Gmail, à cause d'un problème de configuration SPF* ou DKIM.

Quand je lis cet article
faq.o2switch.fr/hebergement-mu
Ça n'a pas l'air simple à résoudre.

Parmi vous, les personnes qui lisez ce message, vous avez réussi à résoudre ce problème facilement chez o2switch ? Comment on fait ? 😬

* jusqu'à présent, le SPF était uniquement l'indice de protection d'une crème solaire 😁

Documentation · Authentification d'emailAuthentification d'email L'outil authentification d'email permet de configurer les DKIM et SPF pour l'ensemble des comptes mail de votre compte d'hébergement. Les DKIM et SPF permettent d'authentifier le serveur servant à envoyer votre message. Cela permet d'avoir une meilleure note sur les filtres antispam et limite l'usurpation de vos domaines (d'autres personnes envoyant illégitimement des messages avec votre domaine dans les entêtes).
#gmail#spf#dkim
Public
Dave Moskovitz (((❤️)))

Kind of weird that #Orcon does not #DKIM sign outgoing emails.

X-Spam-Status: Yes, score=5.15 tagged_above=-10 required=3
tests=[DKIM_UNSIGNED=2, DMARC_NONE=0.898, FREEMAIL_FROM=0.001,
HTML_IMAGE_RATIO_06=0.001, HTML_MESSAGE=0.001, MALFORMED_FREEMAIL=2.234,
MIME_QP_LONG_LINE=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001,RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01]

ExploreLive feeds
About