Verwaltet von:
#dmarc
Wie viele haben Ihre Emails längst aus der Hand gegeben, an einen Anbieter der SPF, DKIM und DMARC einfach so stillschweigend mit proprietären Features wie DirectSend aushebelt und sich um Standards und Authentifizierung einen Dreck schert? Dessen Email Clients im Jahr 2025 noch immer kein WebDAV können?
Mal eine Frage für einen Freund hier an die Schwarmintelligenz. Einer unserer Webhoster verweigert nun als #Spamschutz die Annahme von E-Mails, die keine gültige #DKIM #DMARC Konfiguration besitzen. Leider gibt es viele Behörden, bei denen das noch nicht umgesetzt ist. Somit gehen uns derzeit E-Mails verloren. Wir können nun entweder jede einzelne Domain Whitelisten, den Spamschutz abschalten oder den Hoster wechseln. Was würdet ihr machen?
#umfrage
TIL that if you use #Fastmail’s #DNS for your e-mail domain, by default your #DMARC #TXT record is set to “p=none.” I highly recommend going into your Fastmail DNS settings, disabling the default DMARC TXT record, and adding a new custom record with “p=quarantine” or “p=reject.”
I wish I’d have known and fixed this years ago. (I discovered it accidentally while playing with MXToolbox.)
Ah, I see #cybersecurity stuff is going great in the US government.
I'm sure violently and indiscriminately reducing the size of the federal workforce has in no way compromised the mission.
#infosec #politics #USPol #DMARC
5666 @ WHY2025 Interesting phishing scam that passes SPF, DKIM, and DMARC:
https://easydmarc.com/blog/google-spoofed-via-dkim-replay-attack-a-technical-breakdown/
The attackers registered a Google OAuth app with a long title (which is an entire paragraph including URLs to a custom Google Sites page). Google then sends an email reflecting that content, which is forwarded to the victim.
The "To:" header is unmodified, but me@ is used in the local-part to confuse the victim.
@jimsalter @dashdsrdash and anyone else who might know.
A while back I created the necessary DKIM/DMARC (I think) DNS records to keep DNS from dropping email to my custom domain on the floor.
But now I get a ton of automated seeming DMARC emails.
I've never seen a bad report in any of them, so I'll admit to having stopped looking. It's not like most modern email clients can cope with the .tar.gz contents anyway (Yes I know, read mail with mutt, and I do, but I also use the web UI because I'm a lazy cretin :).
Is there a way to make these actually useful? Should I maybe just change the records to send to a + variant of my address so I can filter them into a folder and ignore them like I'm doing now but with extra clutter? :)
Thanks
Y'all probably know about this already, but this site is SO LIT!
(Only really if you're configuring email or DNS)
#tfw You have to email a government agency, explain in excruciating detail why your mail server (and any other that enforces #DMARC) can't receive certain emails they're sending that fail their DMARC policy, and then cross your fingers and pray that the tier 1 customer service rep who reads your email forwards it to someone who can fix the problem AND said someone actually takes the time to do it. *sigh*
#smtp #SysAdmin #MailAdmin
@Catwoman69y2k Currently @monocles doesn't seem to support external domains (not shure if @Stuxhost and/or @nitrokey support that either) but I'd suggest to just ask them.
- Chances are all you need to do is get in touch and change the #MX, #DMARC & #SPF records accordingly...
I merely recommend #monocles because they have god apps and a clear, no-fuss pricing model.
#tfw you have multiple interviews for an #infosec leadership position at a company, and the hiring manager ends up telling you they really wanted to hire you but couldn't convince the executive team to put the money in the budget, and then months later they add you to their marketing list, and then your #DMARC deployment tries to send them an aggregate report, and it bounces because their RUA inbox is broken, thus proving that they really should have hired you to clean up shit like that.
Vous souhaitez en apprendre plus sur SPF, DKIM, DMARC pour favoriser l’authentification et la délivrabilité de vos e-mails et sécuriser votre courrier électronique ?
Rendez-vous le 12 juin de 15h à 16h avec Marc van der Wal et Lotfi Benyelles pour un webinaire dédié à ces protocoles !
Inscription obligatoire sur https://webikeo.fr/landing/emails-protocole-dmarc-2025-adoption-erreurs-courantes-configuration/13992
liebes #fediverse, ich brauche einen Tipp:
welche Dienstleistung suche ich, wenn automatisierte Mails, die wir per SMTP von einem Server bei unserem Hoster, grundsätzlich gut funktionieren, aber von einem (leider sehr großen= Mailprovider grundsätzlich abgewiesen werden, und dieser leider auch keine #DMARC-Reports verschickt? Nach was für einer Firma oder Freelancer muss ich da suchen, um Hilfe zu finden? Wie lautet das richtige Stichwort zu meinem Problem?
@bsi Da kommen die aber schnell darauf. Das hab ich schon seit sehr vielen Jahren im Einsatz:
Die kürzlich veröffentlichte Cyber-Sicherheitsempfehlung "Upgrade für die E-Mail-Sicherheit" ist ein Paradebeispiel für die lösungsorientierte Zusammenarbeit zwischen verschiedenen Abteilungen im BSI. Nur so konnten wir praxisnahe Empfehlungen aussprechen, die auf Beobachtungen der echten Welt da draußen beruhen. Oft können Unternehmen, die E-Mails über eine eigene Domain senden und empfangen, nämlich schon mit überschaubaren Aufwand ihre Sicherheit deutlich verbessern.
I operate my own mail server. I followed the great instructions in "Run your own mail server" by @mwl
Last night I had the idea, that it would be nice to publish a public key for S/MIME in my #DNS like the stuff for #DKIM, #DMARC and #DANE. I would really like to automatically get #encrypted emails by other people.
Turns out, this idea isn't new, but #RFC8162 from 2017 is marked experimental.
Any news on this?
Please boost. I really would like new information about this.
From today, Microsoft is enforcing DMARC for high-volume email senders, to boost inbox security, reduce spam, phishing, and spoofing threats targeting consumer mail users.
