HackerTrans
TopNewTrendsCommentsPastAskShowJobs

freddieleeman

no profile record

Submissions

[untitled]

1 points·by freddieleeman·vor 2 Jahren·0 comments

[untitled]

1 points·by freddieleeman·vor 2 Jahren·0 comments

[untitled]

1 points·by freddieleeman·vor 2 Jahren·0 comments

[untitled]

1 points·by freddieleeman·vor 2 Jahren·0 comments

[untitled]

1 points·by freddieleeman·vor 2 Jahren·0 comments

LearnDMARC now supports multiple DKIM signatures

1 points·by freddieleeman·vor 2 Jahren·1 comments

Demystifying DMARC Alignment

uriports.com
1 points·by freddieleeman·vor 2 Jahren·0 comments

The SPF / DKIM / DMARC Best Practices 2024

uriports.com
2 points·by freddieleeman·vor 2 Jahren·0 comments

Fix SPF 10 DNS lookup limit with SPF Macros

uriports.com
1 points·by freddieleeman·vor 2 Jahren·0 comments

MTA-STS Adoption Among the Top 1M Domains in 2024

uriports.com
1 points·by freddieleeman·vor 2 Jahren·1 comments

comments

freddieleeman
·vor 2 Jahren·discuss
GoDaddy's DMARC reports are passing SPF even when the RFC5321.MailFrom and RFC5322.From domains aren't aligned.
freddieleeman
·vor 2 Jahren·discuss
Clickable link: https://learnDMARC.com
freddieleeman
·vor 2 Jahren·discuss
Just 0.3% of domains implemented an MTA-STS TXT record. 571 (19.5%) of these domains have implementation errors (see complete list below). Among the valid MTA-STS implementations, 54.3% publish an 'enforce' policy, while 45% have opted for a 'testing' policy. In summary, 1278 domains leverage MTA-STS to fortify their defenses against Man-in-the-Middle (MitM) downgrade attacks.
freddieleeman
·vor 2 Jahren·discuss
https://datatracker.ietf.org/doc/html/rfc7489#section-6.6.4

"If email is subject to the DMARC policy of "reject", the Mail Receiver SHOULD reject the message (see Section 10.3). If the email is not subject to the "reject" policy (due to the "pct" tag), the Mail Receiver SHOULD treat the email as though the "quarantine" policy applies. This behavior allows Domain Owners to experiment with progressively stronger policies without relaxing existing policy."
freddieleeman
·vor 3 Jahren·discuss
https://URIports.com/dmarc offers services starting at just $1 monthly for up to 3 domains. It's GDPR compliant and includes features like notifications, hosted MTA-STS for protection against Man-in-the-Middle (MiTM) downgrade attacks, and much more.
freddieleeman
·vor 3 Jahren·discuss
For those interested in testing their email for SPF, DKIM, and DMARC compliance or eager to learn about these mechanisms that enhance email security and prevent spoofing, check out https://learnDMARC.com. This is a site I developed to promote adoption and share knowledge. It includes a challenging quiz, tough even for professionals. I'd be keen to know your scores on the first attempt – honesty counts!
freddieleeman
·vor 3 Jahren·discuss
You will need Verified Mark Certificates (VMC's) issued by a Certificate Authority.
freddieleeman
·vor 3 Jahren·discuss
As DMARC relies on the RFC5322.From address, omitting it will lead to errors. To avoid these errors, emails lacking this address are currently being ignored.
freddieleeman
·vor 3 Jahren·discuss
Totally agree, this blog makes no sense at all.

"If a server isn't on the list, it's like an application being tossed out because it wasn't fully filled or the business idea is illegal."

Seriously, what?!

"DMARC establishes your policy as a sender for what should happen to your messages if they fail DKIM or SPF."

... only if they fail DKIM AND SPF (and alignment). The whole blog doesn't even talk about identifier alignment, which is a big part of DMARC.

Maybe an AI wrote the article and got stuck trying to use a weird analogy about a "competitive accelerator program" for email security? :)