Re: [mailop] (Mis)use of DKIM's length tag and it's impact on DMARC and BIMI
I dont know this is that new with regard to DMARC. missing citation: https://www.usenix.org/system/files/sec20-chen-jianjun.pdf It is, however, the first time someone tries to combine with BIMI. Every a few months we see a paper / blogpost that passes SPF / DKIM / DMARC. So maybe requiring both SPF and DKIM for BIMI would be a good idea. On Fri, May 17, 2024 at 3:14 PM Taavi Eomäe via mailop wrote: > On 17/05/2024 18:37, Slavko via mailop wrote: > > I didn't get what is **new** in it, nor how length of RSA keys is related... > > Turning the original content into a comment seemed novel to us, should in > theory yield better forgeries than just adding new boundaries. Gmail's > "show original" also seems to hide such comments for some reason (making it > extra nasty). > > > The l= DKIM tag was problematic in time of RFC, the Content-Type > constructs core of message, thus have to be (over)signed already. > > As written, it has been known for a while. But given how prevalent it > really is and how it has opened up new avenues of abuse, we felt it was > time to call for some action once again. > > > Best Regards > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > -- Regards, *Enze "**Alex" **Liu* PhD Student Department of Computer Science and Engineering e7...@eng.ucsd.edu University of California, San Diego ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] When Will Outlook Rollout SRS for All of Their Email Servers? (For the sake of bimi)
Looks like the bad guys are exploiting Outlook's forwarding feature to bypass BIMI. https://twitter.com/chrisplummer/status/1664075886545575941 We reported this issue in April: https://www.sysnet.ucsd.edu/~voelker/pubs/forwarding-eurosp23.pdf -- Regards, *Enze "**Alex" **Liu* PhD Student Department of Computer Science and Engineering e7...@eng.ucsd.edu University of California, San Diego ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Microsoft Office365 not rejecting emails when instructed so by SPF recored?
Indeed, an email will only be rejected if it has DMARC setup as reject. I can attest that personal email services such as Outlook / MSN do reject email properly (in case of DMARC fail and the FROM domain has a reject policy). On Tue, May 23, 2023 at 7:43 AM Matthäus Wander via mailop < mailop@mailop.org> wrote: > Benoit Panizzon via mailop wrote on 2023-05-23 15:35: > > Hi List > > > > I'm surprised... > > > > six-group.com is the biggest payment platform in Switzerland. Of course > > they use SPF to protect their domain from being abused by phishers. > > six-group.com does not use DMARC, so I would say there is room to > improve the anti-phishing measures. > > > It looks like GV0CHE01FT013.mail.protection.outlook.com is happily > > accepting phishing emails which, according to SPF should get rejected. > > As SPF does not work in legitimate mail relaying scenarios, it is wise > to not reject every message that fails SPF, but rather use it for spam > filter scoring. > > Regards, > Matt > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > -- Regards, *Enze "**Alex" **Liu* PhD Student Department of Computer Science and Engineering e7...@eng.ucsd.edu University of California, San Diego ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Hotmail will start rejecting messages that fail DMARC
Good to know! On Wed, Mar 22, 2023 at 11:53 AM Al Iverson via mailop wrote: > This is great to hear. Thanks very much for sharing! > > Cheers, > Al Iverson > > On Wed, Mar 22, 2023 at 9:31 AM Jeff Dellapina via mailop < > mailop@mailop.org> wrote: > >> Hey Mailop, >> >> >> >> Microsoft is proud to announce our Consumer email service >> (Outlook/Hotmail/MSN/Live) *will now honor the DMARC record of >> “p=reject” by rejecting the message if the domain fails DMARC*. >> Previously, messages that failed DMARC were sent to the junk folder >> (Quarantine). Over the next 30 days these DMARC-failing messages will be >> rejected. >> >> >> >> If you see any problems with our Consumer platform, please create a >> support ticket here https://olcsupport.office.com/ >> >> >> >> Thanks, >> >> Jeff Dellapina >> >> >> >> >> >> Thanks, >> >> Jeff Dellapina >> >> >> >> Sr. Email Delivery Manager >> >> SAGE Team >> >> >> ___ >> mailop mailing list >> mailop@mailop.org >> https://list.mailop.org/listinfo/mailop >> > > > -- > > Al Iverson / Deliverability blogging at www.spamresource.com > Subscribe to the weekly newsletter at wombatmail.com/sr.cgi > DNS Tools at xnnd.com / (312) 725-0130 / Chicago (Central Time) > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > -- Regards, *Enze "**Alex" **Liu* PhD Student Department of Computer Science and Engineering e7...@eng.ucsd.edu University of California, San Diego ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Student trying to attend M3AAWG
Hi Everyone, It's really fun to meet a lot of you at M3AAWG. Hope to see you in future M3AAWG events. BTW, if you have any feedback for our paper ( https://arxiv.org/abs/2302.07287), please send it my way and I very much appreciate it. On Fri, Feb 17, 2023 at 7:00 PM Alex Liu wrote: > Hi Everyone, > > My name is Alex and I’m a student at UCSD. I recently found out about M3AAWG. > It’s agenda is very really related to what I’ve been doing (my research: > https://alexliu0809.github.io/publications/#/). However, it seems like > registration is not open to students who are not part of a member company. > Is there still a way to register for it (e.g., through an invitation)? Any > help would be appreciated. Thanks! > -- > Regards, > *Enze "**Alex" **Liu* > PhD Student > Department of Computer Science and Engineering > e7...@eng.ucsd.edu > University of California, San Diego > -- Regards, *Enze "**Alex" **Liu* PhD Student Department of Computer Science and Engineering e7...@eng.ucsd.edu University of California, San Diego ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Student trying to attend M3AAWG
Finally got a pass :) thanks everyone for your help!! On Fri, Feb 17, 2023 at 19:00 Alex Liu wrote: > Hi Everyone, > > My name is Alex and I’m a student at UCSD. I recently found out about M3AAWG. > It’s agenda is very really related to what I’ve been doing (my research: > https://alexliu0809.github.io/publications/#/). However, it seems like > registration is not open to students who are not part of a member company. > Is there still a way to register for it (e.g., through an invitation)? Any > help would be appreciated. Thanks! > -- > Regards, > *Enze "**Alex" **Liu* > PhD Student > Department of Computer Science and Engineering > e7...@eng.ucsd.edu > University of California, San Diego > -- Regards, *Enze "**Alex" **Liu* PhD Student Department of Computer Science and Engineering e7...@eng.ucsd.edu University of California, San Diego ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Student trying to attend M3AAWG
Hi Everyone, My name is Alex and I’m a student at UCSD. I recently found out about M3AAWG. It’s agenda is very really related to what I’ve been doing (my research: https://alexliu0809.github.io/publications/#/). However, it seems like registration is not open to students who are not part of a member company. Is there still a way to register for it (e.g., through an invitation)? Any help would be appreciated. Thanks! -- Regards, *Enze "**Alex" **Liu* PhD Student Department of Computer Science and Engineering e7...@eng.ucsd.edu University of California, San Diego ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop