Re: [mailop] Debugging fwd issue meta.com to zoho.com (Help from user under meta.com needed)
On Sun 16/Jun/2024 16:38:48 +0200 Tobias Fiebig via mailop wrote: You'd need several domains, all having a rua= pointing to you. I'd donate a (sub) domain to that effort. I'm donating a couple of domains to Project Honey Pot. Unlike that project, however, in this case donated domains will have to actively send replies. Actually LUA records with powerdns should suffice; Similar to what is already being done for the DNS tests: dig MX sometext.uniq.measurement.email-security-scans.org \ @dns.measurement.email-security-scans.org So, creating something like _dmarc..dmarcfail.measurement.email-security-scans.org, and only sending the mails after at least N mails for the test have been successfully received. In theory, that's correct. However, we'd need both domains matching the PSL as well as domains matching tree walks. I'm not familiar with PowerDNS, but clients will query their usual DNS servers and resolve. Setting up domains correctly won't be easy. _dmarc.sometext.uniq.measurement.email-security-scans.org -> v=spf1 mx ip4:195.191.197.88 ip6:2a06:d1c0:dead:3::88 -all _dmarc.uniq.measurement.email-security-scans.org -> v=spf1 mx ip4:195.191.197.88 ip6:2a06:d1c0:dead:3::88 -all _dmarc.measurement.email-security-scans.org -> v=spf1 mx ip4:195.191.197.88 ip6:2a06:d1c0:dead:3::88 -all _dmarc.email-security-scans.org -> v=DMARC1; p=reject; rua=mailto:dm...@aperture-labs.org There will also be confirmation RRs for rua= at external domains (some will have to not be confirmed, to check for that check). Some subdomains will have DMARC records, some not. Perhaps, some mails can be sent from real IPs, if their owners are not afraid to be blacklisted. I agree the same effect can be obtained by creating lots of subdomains, but that wont work for filters still using the PSL. In addition, having domain donors might boost cooperation. Best Ale -- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Debugging fwd issue meta.com to zoho.com (Help from user under meta.com needed)
Moin, > You'd need several domains, all having a rua= pointing to you. I'd > donate a (sub) domain to that effort. I'm donating a couple of > domains to Project Honey Pot. Unlike that project, however, in this > case donated domains will have to actively send replies. Actually LUA records with powerdns should suffice; Similar to what is already being done for the DNS tests: dig MX sometext.uniq.measurement.email-security-scans.org \ @dns.measurement.email-security-scans.org So, creating something like _dmarc..dmarcfail.measurement.email-security-scans.org, and only sending the mails after at least N mails for the test have been successfully received. > I'm tempted, although Python is not my forté. No worries. :-) With best regards, Tobias -- Dr.-Ing. Tobias Fiebig T +31 616 80 98 99 M tob...@fiebig.nl ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Debugging fwd issue meta.com to zoho.com (Help from user under meta.com needed)
On Sat 15/Jun/2024 18:27:15 +0200 Tobias Fiebig via mailop wrote: Do reports received at dm...@aperture-labs.org contribute to the output of email-security-scans? No, of course not; esec.o is tests-are-atomic. Technically I _could_ (or rather: should) try to implement something similar to what I am already doing for the TLS-RPT test for DMARC _sending_ as well (currently, I am only testing deliverability of RUA/RUF). TLS-RPT reports seem to be more useful than DMARC ones. I, for one, forward them to a daily-seen folder when they contain failed connections, which doesn't happen every day. (In some cases, I remove the blocked IP from the firewall.) DMARC reports have a plethora of failures every day, due to mailing lists. Sporadically, I take a look at them, but not always, and never sum them up. However, I skipped on that initially, because: - It is more about receiving than sending (and esec.o was initially sending focused) - It is difficult to fill in an identifier there; Technically, I could, e.g., send from unique domains (difficult, as some large domains are now blocked for the startup mail and have a web-only-flow; Also, deliverability for that is likely low(er)), or add something where you can request the DMARC test in addition when you submitted the some test results. Sending DKIM invalid mails for the test should further reduce the noise (while still triggering reports). However, that would have to be implemented, and I am currently struggling with the very stupid idea somebody had some when that a day should just have 24h. Some hold DKIM reports are to be delivered just around midnight. You'd need several domains, all having a rua= pointing to you. I'd donate a (sub) domain to that effort. I'm donating a couple of domains to Project Honey Pot. Unlike that project, however, in this case donated domains will have to actively send replies. Similarly, it would kind of make sense to maybe tie in the internet.nl suite and display/integrate those results as well. But again, time. So, somewhat related: If somebody suffers from an abundance of time, is kind of good with python, mail, and PHP... and would like to work on what is objectively likely some of the worst code they have ever seen... drop me a line. ;-) I'm tempted, although Python is not my forté. Best Ale -- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
