Hi all,
Does anybody know, if Swiss Internetproviders do send DMARC Reports in theyr Email Service? https://de.wikipedia.org/wiki/DMARC
Regards Andres
Hi Andres
Does anybody know, if Swiss Internetproviders do send DMARC Reports in theyr Email Service? https://de.wikipedia.org/wiki/DMARC
Well, publish ruf / rua _DMARC txt entry for your domain and see what you get :-)
We started sending reports about a month ago for our domains hosted on our email platform and also collect the reports.
I have not yet found easy tools to evaluate the reports. (any tips welcome).
I noticed that _many_ email addresses published via ruf/rua entries are not valid, causing lots of the reports we send to bounce. So I am not sure how useful this is.
Mit freundlichen Grüssen
-Benoît Panizzon-
Hi Benoît,
We are using those tools to generate a simple html page with DMARC reports:
https://github.com/techsneeze/dmarcts-report-parser
https://github.com/techsneeze/dmarcts-report-viewer
Hope this helps.
We are only receiving DMARC reports for now, any tips on best practices to send reports are welcome.
Mit freundlichen Grüssen
Samuel Aymon System Engineer
Idiap Research Institute Centre du Parc Rue Marconi 19 CH-1920 Martigny Tel: +41 27 721 77 11 Fax: +41 27 721 77 12 Web: https://www.idiap.ch/
On 04/08/2020 12:20, Benoit Panizzon wrote:
Hi Andres
Does anybody know, if Swiss Internetproviders do send DMARC Reports in theyr Email Service? https://de.wikipedia.org/wiki/DMARC
Well, publish ruf / rua _DMARC txt entry for your domain and see what you get :-)
We started sending reports about a month ago for our domains hosted on our email platform and also collect the reports.
I have not yet found easy tools to evaluate the reports. (any tips welcome).
I noticed that _many_ email addresses published via ruf/rua entries are not valid, causing lots of the reports we send to bounce. So I am not sure how useful this is.
Mit freundlichen Grüssen
-Benoît Panizzon-
Andres wrote:
Does anybody know, if Swiss Internetproviders do send DMARC Reports in theyr Email Service?
sunrise.net & libertyglobal.com (read: UPC/Cablecom) are reporting at least.
There are also a variety of other Swiss companies sending out reports. (switch, unibas, unil, swiss-re)
AS15600 currently does not send out reports, but if people really would want them, could look into enabling it.
On 2020-08-04 12:20, Benoit Panizzon wrote: [..]
I have not yet found easy tools to evaluate the reports. (any tips welcome).
For AS15600 we peek at the results gathered with:
https://github.com/domainaware/parsedmarc
Though it is a primarily to just peek, not to monitor, there are other tools for that.
Be prepared to learn that: - Google receives most email (quelle surprise). - Google also sends mail for your domains (likely forwarding as the DKIM headers are intact) - there are a few persistent spamming hosts spamming towards Google, that never get cleaned up or blacklisted (but SPF/DKIM/DMARC causes the mail to not be accepted) Looking at boracaybeachhouses.com / 209.59.154.15 - Spammers generate sometimes more mail than you, that nicely all get rejected (SPF/DKIM/DMARC) - Some obscure domain on your mailplatform is used as a source for spam, but SPF/DKIM/DMARC drops that :) - 70% DMARC Passage, 65% DKIM Alignment, 46% SPF Alignment
It is thus quite educational, as it shows that the SPF/DKIM/DMARC combo is actually effective and avoids quite some backscatter when verified during the SMTP-DATA phase.
Of course, there are side-effects, forwarding is horribly broken. But...
For the encrypted remailer that is trident.li, used in a variety of places (one recently part of a flamewar on the RIPE lists ;), I've solved that with a 'via' address:
When an incoming mail has a DKIM-Signature header, trident rewrites From: to:
From: "Jeroen Massar [jeroen@massar.ch]" jeroen=massar.ch@via.example.net
This so that it is clear what the From is; noting that many MUAs store emails automatically in the addressbook; thus using e.g. list@example.net in the From will just cause problems (see also Jira notifications).
then it adds it's own DKIM + ARC(Authenticated-Results/ARC-AR) signatures, which validate happily.
When a user hits 'reply-all' then both From + To: are considered and goes to the right recipients. When the user hits 'reply list' it goes correctly to the list (as that To: address is still valid and the List-Reply header is there. When the user hits 'reply' it goes to the From which is the @via address at example.net, which can rewrite it back to the normal user and forward the message along.
Greets, Jeroen
-
Benoit Panizzon -
Bohren, Andres -
Jeroen Massar -
Samuel AYMON