HackerTrans
TopNewTrendsCommentsPastAskShowJobs

freddieleeman

no profile record

Submissions

[untitled]

1 points·by freddieleeman·قبل سنتين·0 comments

[untitled]

1 points·by freddieleeman·قبل سنتين·0 comments

[untitled]

1 points·by freddieleeman·قبل سنتين·0 comments

[untitled]

1 points·by freddieleeman·قبل سنتين·0 comments

[untitled]

1 points·by freddieleeman·قبل سنتين·0 comments

LearnDMARC now supports multiple DKIM signatures

1 points·by freddieleeman·قبل سنتين·1 comments

Demystifying DMARC Alignment

uriports.com
1 points·by freddieleeman·قبل سنتين·0 comments

The SPF / DKIM / DMARC Best Practices 2024

uriports.com
2 points·by freddieleeman·قبل سنتين·0 comments

Fix SPF 10 DNS lookup limit with SPF Macros

uriports.com
1 points·by freddieleeman·قبل سنتين·0 comments

MTA-STS Adoption Among the Top 1M Domains in 2024

uriports.com
1 points·by freddieleeman·قبل سنتين·1 comments

comments

freddieleeman
·قبل سنتين·discuss
GoDaddy's DMARC reports are passing SPF even when the RFC5321.MailFrom and RFC5322.From domains aren't aligned.
freddieleeman
·قبل سنتين·discuss
Clickable link: https://learnDMARC.com
freddieleeman
·قبل سنتين·discuss
Just 0.3% of domains implemented an MTA-STS TXT record. 571 (19.5%) of these domains have implementation errors (see complete list below). Among the valid MTA-STS implementations, 54.3% publish an 'enforce' policy, while 45% have opted for a 'testing' policy. In summary, 1278 domains leverage MTA-STS to fortify their defenses against Man-in-the-Middle (MitM) downgrade attacks.
freddieleeman
·قبل سنتين·discuss
https://datatracker.ietf.org/doc/html/rfc7489#section-6.6.4

"If email is subject to the DMARC policy of "reject", the Mail Receiver SHOULD reject the message (see Section 10.3). If the email is not subject to the "reject" policy (due to the "pct" tag), the Mail Receiver SHOULD treat the email as though the "quarantine" policy applies. This behavior allows Domain Owners to experiment with progressively stronger policies without relaxing existing policy."
freddieleeman
·قبل 3 سنوات·discuss
https://URIports.com/dmarc offers services starting at just $1 monthly for up to 3 domains. It's GDPR compliant and includes features like notifications, hosted MTA-STS for protection against Man-in-the-Middle (MiTM) downgrade attacks, and much more.
freddieleeman
·قبل 3 سنوات·discuss
For those interested in testing their email for SPF, DKIM, and DMARC compliance or eager to learn about these mechanisms that enhance email security and prevent spoofing, check out https://learnDMARC.com. This is a site I developed to promote adoption and share knowledge. It includes a challenging quiz, tough even for professionals. I'd be keen to know your scores on the first attempt – honesty counts!
freddieleeman
·قبل 3 سنوات·discuss
You will need Verified Mark Certificates (VMC's) issued by a Certificate Authority.
freddieleeman
·قبل 3 سنوات·discuss
As DMARC relies on the RFC5322.From address, omitting it will lead to errors. To avoid these errors, emails lacking this address are currently being ignored.
freddieleeman
·قبل 3 سنوات·discuss
Totally agree, this blog makes no sense at all.

"If a server isn't on the list, it's like an application being tossed out because it wasn't fully filled or the business idea is illegal."

Seriously, what?!

"DMARC establishes your policy as a sender for what should happen to your messages if they fail DKIM or SPF."

... only if they fail DKIM AND SPF (and alignment). The whole blog doesn't even talk about identifier alignment, which is a big part of DMARC.

Maybe an AI wrote the article and got stuck trying to use a weird analogy about a "competitive accelerator program" for email security? :)