Re: [myhdl-list] hi myhdl
Brought to you by:
jandecaluwe
From: David H. <da...@ad...> - 2016-06-02 17:01:02
|
Yep, DMARC uses SPF and DKIM, and the DMARC records are just as easy to set up as SPF. https://dmarc.org/wiki/FAQ#How_does_DMARC_work.2C_briefly.2C_and_in_non-technical_terms.3F -- very off-topic from the list now... -- If I recall correctly, you set up SPF (spf1) records to protect the FROM (internal SMTP header), and DKIM to protect the displayed From:/Sender:. (more or less) In short sumary, DKIM without SPF, or SPF without DKIM doesn't cover all the edge cases of mail sender protection, so DMARC integrates the two and adds the ability for the mail server operator to get realtime feedback. Thus, a complete modern mail server uses the combo punch of: DMARC+DKIM+SPF+SRS. (SRS is needed to not break SPF when forwarding mail from other sources such as through .forward files. In this case the sender's DKIM signature protects the message contents.) Here's where I keep a stash of notes-to-self for the various validation tests: https://ad5ey.net/domain And if you're going this far, these DNS records should be protected by enabling DNSSEC (use NSEC3) to limit DNS attacks, but once DNSSEC is enabled, creating TLSA records is easy and enables opportunistic encryption. I love this effort: https://datatracker.ietf.org/doc/rfc7672/ (all transparent to end users...) I'm available to offer any pointers (Bind + Postfix) to interested folks, but further discussion should probably be off-list... ;) - David On Thu, Jun 02, 2016 at 04:25:15PM +0100, Mr C Camacho wrote: >there is spf too which is actually quite easy to set up... >googled this simple checker http://www.kitterman.com/spf/validate.html > > >On 02/06/16 15:53, David J. Holl, Jr. wrote: >>Often times, the account in question wasn't hacked, but bots merely >>faked the from address along with other mail headers to cover their >>tracks. In the original SMTP specs, there's nothing to prevent From >>forgery, but in the recent years, DMARC was developed specifically >>to allow domain owners to lock down their domains to prevent such >>third party forgeries. >> >>DMARC has raised some controversy, because for locked-down domains, >>it also prevents naive mailing lists from relaying messages --- but >>any real list server software today can interoperate with DMARC now. >> >>It looks like this domain "djnewmoney.com <http://djnewmoney.com>" >>did not publish any DMARC DNS records >>https://dmarcian.com/record-tools/djnewmoney.com >> >>But if it did (and with the underlying SPF and DKIM records, too), >>then all other email servers could easily spot and reject these >>forgeries. >> >>Examples of strict DMARC records: >>https://dmarcian.com/record-tools/google.com >>https://dmarcian.com/record-tools/yahoo.com >>https://dmarcian.com/record-tools/citibank.com >>https://dmarcian.com/record-tools/paypal.com >>And my own domains: >>https://dmarcian.com/record-tools/ad5ey.net >> >>Summary: Any domain is at risk for these From forgeries, and I wish >>more domain owners would opt into DMARC to stop such schemes. >> >>- David >> >>On June 2, 2016 7:07:27 AM PDT, Josy Boelen <jos...@gm...> wrote: >> >> develone <develone <at>djnewmoney.com <http://djnewmoney.com>> writes: >> >> Hi myhdl >> http://lazarandkalmar.com/division.php?sense=1pn5d4qnxkg2zby1 >> develone >> ------------------------------------------------------------------------ >> >> develone, >> >> it looks like you have been hacked! >> >> Regards, >> >> JOsy >> >> >> ------------------------------------------------------------------------ >> >> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >> patterns at an interface-level. Reveals which users, apps, and protocols are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> planning reports.https://ad.doubleclick.net/ddm/clk/305295220;132659582;e >> ------------------------------------------------------------------------ >> >> myhdl-list mailing list >> myh...@li... >> https://lists.sourceforge.net/lists/listinfo/myhdl-list >> >>------------------------------------------------------------------------------ >>What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >>patterns at an interface-level. Reveals which users, apps, and protocols are >>consuming the most bandwidth. Provides multi-vendor support for NetFlow, >>J-Flow, sFlow and other flows. Make informed decisions using capacity >>planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e >> >>_______________________________________________ >>myhdl-list mailing list >>myh...@li... >>https://lists.sourceforge.net/lists/listinfo/myhdl-list >------------------------------------------------------------------------------ >What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >patterns at an interface-level. Reveals which users, apps, and protocols are >consuming the most bandwidth. Provides multi-vendor support for NetFlow, >J-Flow, sFlow and other flows. Make informed decisions using capacity >planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e >_______________________________________________ >myhdl-list mailing list >myh...@li... >https://lists.sourceforge.net/lists/listinfo/myhdl-list -- Dr. David Holl, Jr. President and LLC Member Subspace Dynamics, LLC 3543 Brook St #101 Lafayette, CA 94549 281-206-4060 dh...@su... |