Andres wrote:
Does anybody know, if Swiss Internetproviders do send DMARC Reports in theyr Email Service?
sunrise.net & libertyglobal.com (read: UPC/Cablecom) are reporting at least.
There are also a variety of other Swiss companies sending out reports. (switch, unibas, unil, swiss-re)
AS15600 currently does not send out reports, but if people really would want them, could look into enabling it.
On 2020-08-04 12:20, Benoit Panizzon wrote: [..]
I have not yet found easy tools to evaluate the reports. (any tips welcome).
For AS15600 we peek at the results gathered with:
https://github.com/domainaware/parsedmarc
Though it is a primarily to just peek, not to monitor, there are other tools for that.
Be prepared to learn that: - Google receives most email (quelle surprise). - Google also sends mail for your domains (likely forwarding as the DKIM headers are intact) - there are a few persistent spamming hosts spamming towards Google, that never get cleaned up or blacklisted (but SPF/DKIM/DMARC causes the mail to not be accepted) Looking at boracaybeachhouses.com / 209.59.154.15 - Spammers generate sometimes more mail than you, that nicely all get rejected (SPF/DKIM/DMARC) - Some obscure domain on your mailplatform is used as a source for spam, but SPF/DKIM/DMARC drops that :) - 70% DMARC Passage, 65% DKIM Alignment, 46% SPF Alignment
It is thus quite educational, as it shows that the SPF/DKIM/DMARC combo is actually effective and avoids quite some backscatter when verified during the SMTP-DATA phase.
Of course, there are side-effects, forwarding is horribly broken. But...
For the encrypted remailer that is trident.li, used in a variety of places (one recently part of a flamewar on the RIPE lists ;), I've solved that with a 'via' address:
When an incoming mail has a DKIM-Signature header, trident rewrites From: to:
From: "Jeroen Massar [jeroen@massar.ch]" jeroen=massar.ch@via.example.net
This so that it is clear what the From is; noting that many MUAs store emails automatically in the addressbook; thus using e.g. list@example.net in the From will just cause problems (see also Jira notifications).
then it adds it's own DKIM + ARC(Authenticated-Results/ARC-AR) signatures, which validate happily.
When a user hits 'reply-all' then both From + To: are considered and goes to the right recipients. When the user hits 'reply list' it goes correctly to the list (as that To: address is still valid and the List-Reply header is there. When the user hits 'reply' it goes to the From which is the @via address at example.net, which can rewrite it back to the normal user and forward the message along.
Greets, Jeroen