Multiple times over the last few weeks folks have posted a screenshot of Google Postmaster tools showing some percentage of mail failing DMARC. They then ask why DMARC is failing. Thanks to how DMARC was designed, they don’t need to ask anyone this, they have all the data they need to work this out themselves. […]
A few ISPs use the d= value in the DKIM signature as a way to provide FBL and reputation data to senders. This has some good bits, in that senders can get FBLs and other information regardless of the IP address they’re using and whether or not they have sole access to it. There are […]
I just got some mail claiming to be from “Bank of America <secure@bofasecure.com>”. It passes SPF: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=185.235.176.160; helo=bofasecure.com; It passes DKIM: Authentication-Results: mx.wordtothewise.com (amavisd-new); dkim=pass (1024-bit key) header.d=bofasecure.com The visible RFC 822 From address is strictly aligned with both the SPF domain and the DKIM domain. So if they’d published […]
A security researcher has identified a rendering flaw that allows for “perfect” phishing emails. From his website: Mailsploit is a collection of bugs in email clients that allow effective sender spoofing and code injection attacks. The spoofing is not detected by Mail Transfer Agents (MTA) aka email servers, therefore circumventing spoofing protection mechanisms such as […]
The US National Cybersecurity Assessments & Technical Services Team have issued a mandate on web and email security, including TLS+HSTS for web servers, and STARTTLS+SPF+DKIM+DMARC for email. It’s … pretty decent for a brief, public requirements doc. It’s compatible with a prudent rollout of email authentication. Set up a centralized reporting repository for DMARC failure and aggregate […]
It’s easy to tell if a domain is using SPF – look up the TXT record for the domain and see if any of them begin with “v=spf1”. If one does, they’re using SPF. If none do, they’re not. (If more than one does? They’re publishing invalid SPF.) AOL are publishing SPF. Geocities aren’t. For DKIM […]
We know that legitimate email sent with valid SPF and a DKIM signature often breaks in transit. SPF will fail any time mail is forwarded – via a mailing list, a forwarding service used by the recipient, or just ad-hoc forwarding. DKIM will fail any time the message is modified in transit. That can be obviously […]
I just added a DMARC validation tool over on tools.wordtothewise.com. You can give it a domain – such as ebay.com – and it will fetch the DMARC record, then explain and validate it. Or you can paste the DMARC record you’re planning to publish into it, to validate it before you go live. If you’ve not […]
Happy New Year! We’re looking forward to some interesting new projects this year, both for our clients and for Word to the Wise. Stay tuned! December was a slow month for blogging, with everything going on. But we’re back on the horse now and ready to blog for 2017. List and subscription management continue to […]
One of these things is just like the other Canonicalization is about comparing things to see if they’re the same. Sometimes you want to do a “fuzzy” comparison, to see if two things are interchangeable for your purposes, even if they’re not exactly identical. As a concrete example, these two email addresses: (Steve) steve@wordtothewise.com “Also Steve” […]
Recent Comments