I haven’t done extensive research but here is a live example where treewalk will cause a result change. From: is in the domain Ret.bmcc.cuny.edu which has no DMARC record. _dmarc.bmcc.cuny.edu.300INTXT"v=DMARC1; p=quarantine; fo=1; rua=mailto:dmarc_...@emaildefense.proofpoint.com; r
Lots of people have wildcard TXT records which mean that if you look up a DMARC
record you get an SPF record. They get the delivery they’d get with no DMARC
record on the systems I know about and it doesn’t seem to annoy them enough to
make them stop, which is reasonable evidence it doesn’t mak
> On Jan 25, 2022, at 10:35 AM, John R Levine wrote:
>
> Do we have any stats on how often real mail depends on sibling alignment? If
> nobody actually uses it, the spec would be simpler if we could take it out.
Stats are tricky, but here are some senders using sibling alignment like
From dom
The problem with that language is that
> o The identifier evaluated by DKIM and the DKIM result, if any
is genuinely unclear. Often there are multiple identifiers. Does this mean I
can pick any one of them? (That does not actually provide sufficient
interoperability.) If there’s a specific on
I believe they MUST contain any aligned DKIM signature regardless of validity
and SHOULD contain an entry for each domain, selector, result triple.
Elizabeth
> On Jun 21, 2019, at 11:46 AM, John Levine wrote:
>
> In article <7cd366d2-ab8d-cce8-67ff-59b79183c...@tomki.com> you write:
>> As
RFC 7960 has an extensive discussion of mail flows that modify mail (as well as
other cases that are problematic for DMARC). Mailing lists are not the only
case, and, as John has pointed out, reformatting and part stripping are things
that happen in mail flows.
Elizabeth
> On May 31, 2019,
I’m not sure you realize that spam authenticates at a higher rate than good
mail. This isn’t a bad thing — it helps in blocking — but it means that
authentication is nearly orthogonal to spam filtering in large systems.
Elizabeth
> On Mar 22, 2019, at 8:10 AM, Douglas E. Foster
> wrote:
>
http://www.usablesecurity.org/emperor/
Is the most classic paper on the complete uselessness of icons. You’ll note
that browsers have changed to putting up intrusive pages with unobtrusive ways
to continue, among other options, instead of showing broken lock icons.
Elizabeth
zwi...@otoh.org
6.html
>
>
> Summary: How should DMARC aggregate reports reflect messages with
> multiple DKIM results? And should DKIM selectors be included in DMARC
> aggregate reports?
>
>
>> On 07/07/2016 09:16, Elizabeth Zwicky via dmarc-discuss wrote:
>>
>> And yes, it&#x
Rows are defined by IP; if the same IP uses multiple MAILFROM and SPF is
bounded what is the reporter supposed to do? Duplicate rows?
Limiting SPF changes the row key in bad ways. (Unless all senders are
well-behaved in ways they are not required to be.)
Elizabeth
zwi...@otoh.org
> On Mar 1
but was interrupted for a few days.
Elizabeth Zwicky
On Friday, November 14, 2014 9:52 AM, "Silberman, Sam"
wrote:
In anticipation of today's DMARC WG meeting, I want to highlight one of
the many important use cases. Specifically:
Use of "unrelated" outboun
OK, so I've dived into Yahoo's incoming metadata to look at what fails DMARC
and why. Conclusion 1: I cannot automatically tell the cases apart with any
accuracy. Hand coding them is so time-consuming as to be beyond my ability to
do at scale.
So, not many numbers, but I have developed some very
-- somebody uses business services to send mail but the business has
an email address in somebody else's domain (think "happy birthday" from your
dentist, for instance).
Elizabeth Zwicky
From: "Kelley, John"
To: "dmarc@ietf.org"
Sent:
Subject: [dmarc-ie
On 6/12/14, 3:59 PM, "Stephen J. Turnbull" wrote:
>Elizabeth Zwicky writes:
>
> > I did not say that the levels were the same; I said the attackers
> > have not gone away. They are not at high volume, but they're sure
> > sitting there checking to see w
On 6/12/14, 9:36 AM, "Terry Zink" wrote:
>> Franck Martin wrote:
>>
>> I found that to build the override list for mailing list, I could log
>>DMARC rejected
>> emails that contained a List-Id or List-Post header. Once reviewing the
>>logs
>> (once a week, or once a month), you can make an e
pam in close to real time.
>
>Is this a practical concern, though? The levels of spam etc that
>drove Yahoo! and AOL to "p=reject" were *huge*, and have persisted
>(according to Elizabeth Zwicky of Yahoo!) for several weeks after
>imposition of "p=reject". The "
On 6/3/14, 4:26 AM, "Stephen J. Turnbull" wrote:
>Elizabeth Zwicky writes:
>
> > At this point, I do not see going to p=quarantine in the hope
> > that attackers won't exploit data they already have exactly the same
> > way
>
>Has Yahoo! has already
Whitelisting mailing well-behaved mailing lists is a hole, but not in general a
horrible one; the problems are receiver consistency, scaling and maintenance,
and they are pretty intractable.
One variant of the minimal DKIM signature which has been suggested to me is to
double-sign, with a mini
zabeth
zwi...@yahoo-inc.com
On 5/31/14, 7:37 AM, "Stephen J. Turnbull" wrote:
>Elizabeth Zwicky writes:
>
> > So changes that maintain effective protection for users who are
> > being targeted by attackers with addressbook information, with less
> >
rs with addressbook information, with less disruption
to email that people want, are of great interest to us.
Elizabeth Zwicky
zwi...@yahoo-inc.com
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
Somebody determined along the way that the default minOccurs in this XML is 1.
On the other hand, does occur -- the question is whether it is
syntactically valid for it to be null, which, as far as I can tell, it is not
(it's an enumeration of strings).
As Roland points out, that leaves the que
+1. The only uptake we've noticed is from people who complain that the name
returns a non-TXT non-fail for yahoo.com (which the standard says is a
legitimate case meaning "there is no ADSP record here, move on"). So uptake
looks both minimal and buggy.
Elizabeth
From: Krish Vitaldevara mailto:
22 matches
Mail list logo
