It is very fascinating. I do encourage folks to get a DMARC record created for their respective domain(s), and set it to an initial policy of none e.g. p=none (do nothing). Include a third party processor to act as the record keeper for the receiving systems that honor DMARC and will send reports back on actions taken. It’s the first, and most important step, in understanding what’s going on with your domain’s email i.e. who’d spoofing what, and are you missing authorized third parties. Eventually you’ll get to a point where you can get to a p=quarantine or p=reject.
I use https://dmarcian.com/ and have found it enlightening – especially the number of list servers that still spoof users. Jeff From: "wireless-lan@listserv.educause.edu" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of "Forrester, Matthew" <mforres...@berry.edu> Reply-To: "wireless-lan@listserv.educause.edu" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Date: Friday, November 10, 2017 at 10:39 AM To: "wireless-lan@listserv.educause.edu" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Wireless Door Locks? Fascinating! I appreciate this information. I did find that “blog” by Terry Zink once I started googling the error. I’m glad to understand this function. Again, I apologize for the off-topic conversation. Hope you all enjoy the weekend, Matt Forrester (07C) Senior Systems Engineer Berry College O: 706-802-6725 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler Sent: Friday, November 10, 2017 1:15 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless Door Locks? This is likely a DMARC failure based on that sender’s record for their domain. They’ve basically told other receiving systems to reject messages that fail DKIM/SPF. In the case of listservers like this one, which may spoof the sender’s address, it will result in rejections or warnings on receiving systems that honor DMARC. This is partially solvable if the LSOFT listserve platform is up-to-date and has enabled DMARC handling. In the case of senders who have a DMARC record with reject or quarantine, listserv will not spoof the sender. There is more on the O365 anti-spoofing here. https://blogs.msdn.microsoft.com/tzink/2016/11/02/troubleshooting-the-red-suspicious-safety-tip-for-fraud-detection-checks/ LSOFT (makers of Listserv) really hate DMARC, DKIM, and so on because they break a fundamental feature (user spoofing) that the software tends to default to. Jeff From: "wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of "Forrester, Matthew" <mforres...@berry.edu<mailto:mforres...@berry.edu>> Reply-To: "wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Friday, November 10, 2017 at 8:49 AM To: "wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: Re: [WIRELESS-LAN] Wireless Door Locks? Hi all, Off-topic, but I received an odd error when sending this last e-mail to the listserv. Did anyone else receive this notice shown in this screenshot? It appears that this is probably just an issue with some security setting in our Office 365 tenant, but I was just curious. Apologies for the off-topic message. [cid:image001.png@01D35A19.C316A600] Thank you, Matt Forrester (07C) Senior Systems Engineer Berry College O: 706-802-6725 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Forrester, Matthew Sent: Friday, November 10, 2017 11:37 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Wireless Door Locks? This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing<http://aka.ms/LearnAboutSpoofing> Feedback<http://aka.ms/SafetyTipsFeedback> Hi all, I hope I’m not late in replying to this e-mail thread. We had a number of Assa Abloy wifi locks in one of our residence halls. The wireless coverage in that building was not up to snuff to cover those locks, unfortunately. As we could not upgrade wireless in that location and more and more issues popped up with those locks, we eventually pulled them out in favor of wired locks that were replaced by the vendor. This doesn’t totally address the question here, but our locks would have been perfectly fine and required nearly no attention had WAPs been deployed properly up front. Best wishes! Thank you, Matt Forrester (07C) Senior Systems Engineer Berry College O: 706-802-6725 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Barros, Jacob Sent: Thursday, November 9, 2017 10:47 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Wireless Door Locks? I am not directly involved, but my understanding is the wireless locks are less than ideal. Two primary issues are that the units we use have a limited character string, so we had to create a process to truncate the IDs before uploading to the lock. Also, these have a limited amount of IDs they can hold and don't purge records when the database is updated. Inactive IDs are only disabled so a manual purge of each individual lock at least once a year. Jake Jacob Barros Associate Director of IT, Network and Operations Email: jkbar...@grace.edu<mailto:jkbar...@grace.edu> Phone: 574.372.5100 ext. 6178 [https://lh4.googleusercontent.com/UL13vM331_cldE--6pe0tmF8xi10XejwQWh_iIo3_WnKqa3GNTj7qfC8zMm-AathAnMQoUG1LNv5GzD35OyxQ_x_V2RG30D4r5ucKFdYJkE1-Z-d98UW1NPWapbWxgOAi68e0c7q] On Wed, Nov 8, 2017 at 3:16 PM, Greg Briggs <brigg...@plu.edu<mailto:brigg...@plu.edu>> wrote: I said co-channel, but I meant adjacent. Greg On Wed, Nov 8, 2017 at 12:05 PM, Greg Briggs <brigg...@plu.edu<mailto:brigg...@plu.edu>> wrote: We have a couple locks on campus that use 802.15.4. I think it is a Stanley product. I was told by the engineer who was trying to sell us on the product campus wide, that it would cause no interference. (haha!) I can confirm co-channel interference, but no user reported problems wifi problems that i could specifically say were caused by that equipment. So that statement was inaccurate, as I knew it would be, but only in a boastful way. It also took a couple of visits an i want to say a couple of months to get it to work. (I don't remember exactly) I have expressed to our access staff that I do not like the deployment, and if I was the deciding vote, I would say no to a proposal to deploy more like it. I was initially skeptical of the ASSA ABBLOY locks we have on campus, but they have been great. For a purely network standpoint they are my choice. Our access staff likes them as well. The only problem I have had is that my older wireless plans didn't really plan for coverage of outside doors. In one or two places that has been an issue we have had to overcome, but that wasn't the lockset's fault. TLDR: I would be uneasy about 802.15.4 locks. Your access folks should get competing quotes for locks that use 802.11g/n over your existing infrastructure. If you do decide on an 802.11g/n based product, check for adequate coverage. Greg Briggs Network Manger Pacific Lutheran University On Mon, Nov 6, 2017 at 12:24 PM, Matthew Ballard <mball...@otis.edu<mailto:mball...@otis.edu>> wrote: Note that there two different types of locks that don’t require individual cabling, usually referred to wireless or wi-fi. These comments are related to Wi-Fi vs Wireless: Advantages: 1. Cheaper installation (due to being able to use the existing Wi-Fi network instead of installing access control specific infrastructure). 2. Lower probability of interference – but note that the locks transmit very little data (and the Wi-Fi ones generally only come on periodically, often only once a day). Disadvantages: 1. The locks are offline most of the time (they come online on a periodic basis). That means that updates are slower (as the locks only update periodically), so you can’t do lock-downs with them, lost card updates don’t take effect right away, etc. 2. It’s harder to diagnose certain types of lock problems (since it’s offline most of the time, you don’t see updates right away, and checking whether the lock is online or offline doesn’t matter since it’s offline most of the time). 3. Battery life is often worse (especially if you turn up the update frequency to deal with the other problems). Wi-Fi locks can be great for locks that don’t need updates very often and where you don’t need lockdown functionality. I would personally recommend going with wireless over wi-fi whenever possible, but there are times Wi-Fi is absolutely more practical. If you have specific questions on the above feel free to ask (I manage the electronic access control locks at Otis College as well as the Wi-Fi network). Matthew Ballard Director of Technology Infrasture Otis College of Art and Design mball...@otis.edu<mailto:mball...@otis.edu> CONFIDENTIALITY NOTICE: This electronic message transmission contains information from Otis College of Art and Design, which may be confidential. If you are not the intedned recipient, be aware that any disclosure, copying, distribution or use of the content of this information is prohibited. If you have received this communication in error, please notify us immediately by e-mail an delete the original message any any attachment without reading or saving in any manner. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Chuck Enfield Sent: Monday, November 6, 2017 6:47 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Wireless Door Locks? Hi Greg, Locks tend to have a very low network duty-cycle, so interference between the 802.15.4 network and 2.4GHz Wi-Fi will be minimal. That said, it may be worth considering Wi-Fi locks instead. That will ensure that they play well with other Wi-Fi devices and will spare the institution the cost of installing and managing a separate network for locks. On the down side of using Wi-Fi locks, the refresh cycle for Wi-Fi is shorter than for locks. If you have a bunch of locks reliant on outdated features it could hamper Wi-Fi performance down the road. The refresh cycle would have to be discussed with your facilities management, and/or security people. To the group, can you think of any other advantages/disadvantages of putting the locks on Wi-Fi? Chuck From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Monday, November 6, 2017 9:09 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Wireless Door Locks? It’s not what you’re asking, but we are using ASSA-ABLOY .11n locks. Fairly easy to support. Lee Badman (mobile) On Nov 6, 2017, at 8:32 AM, Gregory Fuller <gregory.ful...@oswego.edu<mailto:gregory.ful...@oswego.edu>> wrote: Haven't seen any recent discussion here about wireless door locks. Our physical access team is looking to install some wireless door locks in an administrative building. I can see it growing past this building pretty rapidly and want to make sure they aren't putting in something that is going to cause us headaches. They are looking to install Aperio "HUB's" as they call them: https://vo-general.s3.amazonaws.com/53aee5c6-9690-4c74-a82a-09f1d0f1ec68/d0vBYdO5QWWKURZqvp0w_AA%20Aperio%20Family%20Brochure.pdf?AWSAccessKeyId=AKIAJ3YBR5GY2XF7YLGQ&Expires=1582662909&response-content-disposition=inline%3B%20filename%3DAA%20Aperio%20Family%20Brochure.pdf&response-content-type=application%2Fpdf&Signature=920fJFxmRxXi9vkJ7zrIVHZao9o%3D This appears to be using some variant of 802.15.4, which has the ability to run between our 802.11g/n 2.4Ghz channels, but will cause co-channel interference. I'm a bit concerned that there will be some impact to our 2.4Ghz clients (we have a ton of them out there still). Anyone else out there have these or something similar and can speak for how they work and if there are any issues in your environment? --greg Gregory A. Fuller - CCNP R&S, CCNP Security, CCNA Wireless Network Manager State University of New York at Oswego Phone: (315) 312-5750<tel:(315)%20312-5750> http://www.oswego.edu/~gfuller _____________________________________________________ Campus Technology Services will never ask you to email us sensitive personal information such as a password. Please contact us if you are unsure if an email is genuine. (h...@oswego.edu<mailto:h...@oswego.edu>) ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
