I haven’t done extensive research but here is a live example where treewalk will cause a result change. From: is in the domain Ret.bmcc.cuny.edu which has no DMARC record. _dmarc.bmcc.cuny.edu.300INTXT"v=DMARC1; p=quarantine; fo=1; rua=mailto:dmarc_...@emaildefense.proofpoint.com;
Lots of people have wildcard TXT records which mean that if you look up a DMARC
record you get an SPF record. They get the delivery they’d get with no DMARC
record on the systems I know about and it doesn’t seem to annoy them enough to
make them stop, which is reasonable evidence it doesn’t
> On Jan 25, 2022, at 10:35 AM, John R Levine wrote:
>
> Do we have any stats on how often real mail depends on sibling alignment? If
> nobody actually uses it, the spec would be simpler if we could take it out.
Stats are tricky, but here are some senders using sibling alignment like
From
The problem with that language is that
> o The identifier evaluated by DKIM and the DKIM result, if any
is genuinely unclear. Often there are multiple identifiers. Does this mean I
can pick any one of them? (That does not actually provide sufficient
interoperability.) If there’s a specific
I believe they MUST contain any aligned DKIM signature regardless of validity
and SHOULD contain an entry for each domain, selector, result triple.
Elizabeth
> On Jun 21, 2019, at 11:46 AM, John Levine wrote:
>
> In article <7cd366d2-ab8d-cce8-67ff-59b79183c...@tomki.com> you write:
>>
RFC 7960 has an extensive discussion of mail flows that modify mail (as well as
other cases that are problematic for DMARC). Mailing lists are not the only
case, and, as John has pointed out, reformatting and part stripping are things
that happen in mail flows.
Elizabeth
> On May 31,
I’m not sure you realize that spam authenticates at a higher rate than good
mail. This isn’t a bad thing — it helps in blocking — but it means that
authentication is nearly orthogonal to spam filtering in large systems.
Elizabeth
> On Mar 22, 2019, at 8:10 AM, Douglas E. Foster
> wrote:
>
http://www.usablesecurity.org/emperor/
Is the most classic paper on the complete uselessness of icons. You’ll note
that browsers have changed to putting up intrusive pages with unobtrusive ways
to continue, among other options, instead of showing broken lock icons.
Elizabeth
Rows are defined by IP; if the same IP uses multiple MAILFROM and SPF is
bounded what is the reporter supposed to do? Duplicate rows?
Limiting SPF changes the row key in bad ways. (Unless all senders are
well-behaved in ways they are not required to be.)
Elizabeth
zwi...@otoh.org
> On Mar
OK, so I've dived into Yahoo's incoming metadata to look at what fails DMARC
and why. Conclusion 1: I cannot automatically tell the cases apart with any
accuracy. Hand coding them is so time-consuming as to be beyond my ability to
do at scale.
So, not many numbers, but I have developed some
.
Is this a practical concern, though? The levels of spam etc that
drove Yahoo! and AOL to p=reject were *huge*, and have persisted
(according to Elizabeth Zwicky of Yahoo!) for several weeks after
imposition of p=reject. The retail spams you describe are still
going to have to run the obstacle course
On 6/12/14, 3:59 PM, Stephen J. Turnbull step...@xemacs.org wrote:
Elizabeth Zwicky writes:
I did not say that the levels were the same; I said the attackers
have not gone away. They are not at high volume, but they're sure
sitting there checking to see whether or not it's working.
What
On 6/3/14, 4:26 AM, Stephen J. Turnbull step...@xemacs.org wrote:
Elizabeth Zwicky writes:
At this point, I do not see going to p=quarantine in the hope
that attackers won't exploit data they already have exactly the same
way
Has Yahoo! has already tried 'p=quarantine
with addressbook information, with less disruption
to email that people want, are of great interest to us.
Elizabeth Zwicky
zwi...@yahoo-inc.com
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
14 matches
Mail list logo
