Ah, I see #cybersecurity stuff is going great in the US government.
I'm sure violently and indiscriminately reducing the size of the federal workforce has in no way compromised the mission.
#infosec #politics #USPol #DMARC

What makes me a little happier on a Monday? Most of the time it's the first coffee in the morning. Today it was the answer to a dig request and a coffee

The subdomain which sends out most of the newsletters from bodies of the federal government in Germany changed their DMARC-Policy from "none" to "quarantine".

@jimsalter @dashdsrdash and anyone else who might know.

A while back I created the necessary DKIM/DMARC (I think) DNS records to keep DNS from dropping email to my custom domain on the floor.

But now I get a ton of automated seeming DMARC emails.

I've never seen a bad report in any of them, so I'll admit to having stopped looking. It's not like most modern email clients can cope with the .tar.gz contents anyway (Yes I know, read mail with mutt, and I do, but I also use the web UI because I'm a lazy cretin :).

Is there a way to make these actually useful? Should I maybe just change the records to send to a + variant of my address so I can filter them into a folder and ignore them like I'm doing now but with extra clutter? :)

Thanks

#tfw You have to email a government agency, explain in excruciating detail why your mail server (and any other that enforces #DMARC) can't receive certain emails they're sending that fail their DMARC policy, and then cross your fingers and pray that the tier 1 customer service rep who reads your email forwards it to someone who can fix the problem AND said someone actually takes the time to do it. *sigh*
#smtp #SysAdmin #MailAdmin

#tfw you have multiple interviews for an #infosec leadership position at a company, and the hiring manager ends up telling you they really wanted to hire you but couldn't convince the executive team to put the money in the budget, and then months later they add you to their marketing list, and then your #DMARC deployment tries to send them an aggregate report, and it bounces because their RUA inbox is broken, thus proving that they really should have hired you to clean up shit like that.

Vous souhaitez en apprendre plus sur SPF, DKIM, DMARC pour favoriser l’authentification et la délivrabilité de vos e-mails et sécuriser votre courrier électronique ?

Rendez-vous le 12 juin de 15h à 16h avec Marc van der Wal et Lotfi Benyelles pour un webinaire dédié à ces protocoles !

Inscription obligatoire sur https://webikeo.fr/landing/emails-protocole-dmarc-2025-adoption-erreurs-courantes-configuration/13992

Die kürzlich veröffentlichte Cyber-Sicherheitsempfehlung "Upgrade für die E-Mail-Sicherheit" ist ein Paradebeispiel für die lösungsorientierte Zusammenarbeit zwischen verschiedenen Abteilungen im BSI. Nur so konnten wir praxisnahe Empfehlungen aussprechen, die auf Beobachtungen der echten Welt da draußen beruhen. Oft können Unternehmen, die E-Mails über eine eigene Domain senden und empfangen, nämlich schon mit überschaubaren Aufwand ihre Sicherheit deutlich verbessern.

https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/Upgrade-E-Mail-Sicherheit_250526.html

I've ranted before about #DMARC and whether it's worth private mail-server admins implementing.
Today's rant: the reference implementation, https://github.com/trusteddomainproject/OpenDMARC, has been abandoned for ~4 years, and its maintainers, http://www.trusteddomain.org/, are completely AWOL.
Linux distro maintainers have had to do proxy maintenance themselves, picking and choosing patches from pull requests submitted to the project to add to their distributions.
This sucks.
#FOSS #SMTP #OpenDMARC #TrustedDomainProject

dmarc-subject = %x52.65.70.6f.72.74 1*FWS %x44.6f.6d.61.69.6e.3a 1*FWS domain-name 1*FWS %x53.75.62.6d.69.74.74.65.72.3a 1*FWS domain-name 1*FWS %x52.65.70.6f.72.74.2d.49.44.3a msg-id

Yes, it allows newlines. Tough luck, @towo. No, Google, the D is a capital letter. No, Microsoft, don't fucking put a '[Preview]' in front.

A year after Google & Yahoo started requiring #DMARC, the adoption rate of the email authentication specification has doubled; $& yet, 87% of domains remain unprotected.

https://www.darkreading.com/remote-workforce/google-dmarc-push-email-security-challenges

Learn and Test DMARC
https://www.learndmarc.com/

Or how email works explained by an example,

Cours #SPF / #DKIM / #DMARC. Je leur raconte quoi de joli ?

Warum du für ungenutzte Domains SPF- und DMARC-Records setzen solltest!

https://www.kuketz-blog.de/warum-du-fuer-ungenutzte-domains-spf-und-dmarc-records-setzen-solltest/