• Sp chevron_right

      A DMARC Dictionary from dmarcian (and more!)

      pubsub.slavino.sk / spam_resource · Friday, 29 October, 2021 - 12:00 · 1 minute

    I've got just enough time for a quick post today, to share with you this very useful DMARC Dictionary put together by the fine folks at dmarcian . Check it out ! And since that would make for a very short blog post, here's four bonus online resources that you might also want to bookmark, if you didn't already know about them:

    • The ISP Information page from Laura Atkins and Steve Atkins over at Word to the Wise , where they've collected info on which ISPs offer ISP Feedback Loops (FBLs), which ones have Postmaster information pages, help/support ticketing systems, etc.
    • My new friends at Kickbox (disclaimer: they are my employer) have put together this great "Developer's Guide to Email" website that you are going to find quite useful if you are looking to learn more about email technology or study how it all comes together.
    • Postmark's SMTP Field Manual allows you to look up example bounce messages for different ISPs, often with links to more information about a particular ISP's spam filtering.
    • And finally, my very own XNND.com , a simple site that lets you DNS lookups and check various things about an IP address or domain name. (Like, does a domain have a DMARC or BIMI record?) Very recently, I moved XNND to Amazon's AWS EC2 platform, to make it faster, and I've got plans to add more features in the future, including re-incorporating my spamtrap data into lookups. (And you should give me your feedback on what else you think I should add to it!)

    Happy Friday and happy bookmarking!


    Značky: #dmarcian, #kickbox, #dmarc, #useful, #wttw, #Network, #postmark, #guide, #bimi, #xnnd

    • Sp chevron_right

      Google Postmaster Tools (GPT) is back

      pubsub.slavino.sk / spam_resource · Monday, 18 October, 2021 - 14:25 edit

    Multiple sources are reporting that Google Postmaster Tools (GPT) has returned. I've confirmed it myself; graphs and data are back. As previously mentioned , Google Postmaster Tools went down around October 4th (and DMARC reports ceased to be sent, around the same time).

    In my Google Postmaster Tools dashboard, I'm getting a warning that says "Data shown with missing records. Some data may be unavailable," suggesting that Google could still be working on loading missing data.

    Google began to send DMARC reports again starting on October 9th or 10th.


    Značky: #dmarc, #Network, #gpt, #google, #gmail

    • Sp chevron_right

      Google Postmaster Tools and DMARC reporting offline

      pubsub.slavino.sk / spam_resource · Friday, 8 October, 2021 - 17:08 edit

    I've received multiple reports from different folks that Google Postmaster Tools (GPT) and Google's DMARC reporting have both been offline since sometime around October 4th. GPT is still accessible but has no data later than 10/3, and for those used to receiving DMARC reports from Google, none have been received since 10/3.

    I'll share more information when known. Feel free to drop me a line if you have any updates.

    (As an aside, Google has a helpful DMARC overview and tutorial for domain administrators. It's worth reading!)

    [ H/T: Hagop Khatchoian, Benjamin Billon and others. ]


    Značky: #google, #dmarc, #Network, #downtime, #gmail, #gpt

    • Sp chevron_right

      Ask Al: Help! I'm getting bounces for mail I didn't send

      pubsub.slavino.sk / spam_resource · Monday, 27 September, 2021 - 12:00 · 4 minutes

    help2.gif
    Help! I'm getting mail from MAILER-DAEMON@(various domains) with subject lines like: Delivery Status Notification (Failure), failure notice, Mail delivery failed: returning message to sender, Message Delivery Failure - Mail Delivery System, **Message you sent was blocked by our bulk email filter**, Recapito fallito, Returned mail: see transcript for details, Undelivered Mail Returned to Sender. These all seem to be bounces back from mail I didn't send. What is happening and how do I make it stop?

    In this case, my friend (the person experiencing this pain) owns their own domain name. What's happening here is that spammers are forging email addresses at their domain, using them as from addresses for their unwanted, garbage spam runs, so that bounces back from the spam come to them, because the spammer doesn't care about or want to process bounces.

    The good news is, as I mentioned all the way back in 2013 , is that spammers don't tend to fixate on one domain name or email address forever, so they'll probably move on to annoying somebody else shortly. But there are a few things you can do, as a domain owner, to help minimize the chances of having to receive these unwanted bounces:

    • Implement a Sender Policy Framework (SPF) DNS record for your domain name, specifying the IP addresses that are meant to send mail for your domain. Set it to " dash all " -- you want ISPs to know that they should be free to filter mail more harshly if it fails SPF validation checks.
    • Implement DKIM for your email sends. Even at the SMB level, most mail platforms provide instructions on how to configure things so that your email sends will all be authenticated via a DKIM signature. If you can't easily do this, SPF is quite likely "good enough" -- but if you can implement DKIM, you should. In some cases it's going to provide more robust email authentication compared to SPF. (I could spend another six pages diving into why I think that's the case, but in the interest of helping you move on with your life, I'll spare you.)
    • Implement DMARC . DMARC can be a bit scary in that you have to make sure all of the email you send legitimately is authenticated with SPF or DKIM. But, especially at the SMB level, you can do this. It's not hard, and don't let yourself be scared -- there are tools (like the colorful Mail Tester ) that will help you test your email authentication settings to make sure you've got it right. But the key here is that enabling DMARC, with a restrictive policy like p=reject, tells ISPs to block mail that purports to be from you, but doesn't pass SPF or DKIM. You don't HAVE to work with a DMARC monitoring partner to enable DMARC -- you can publish a TXT record for _dmarc.(your domain) that contains nothing more than "v=DMARC1; p=reject;" (without quotes) and that'd do it.

    DMARC is the key there. Turning that on means your domain name is no longer going to be useful to deliver spam to ISPs (like Gmail) that will block mail that fail DMARC. It makes your domain name much less palatable as an unauthorized spam sending domain.

    Bonus tip: If you own your own domain name and use it for email with something like Google Workspace, there's another setting you should look for and configure: The wildcard or catch-all email setting . It can be handy (and quite useful) to configure your email service to accept mail to any address at your domain -- for example, it can be used to create custom email addresses for different registration forms -- give irs@yourdomain to your accountant and bestbuy@yourdomain to the electronics retailer, so you can track usage and/or turn off an address later, if you want. Unfortunately, if you leave "catch-all" forwarding on, that means if a spammer makes up the address ihateyourguts@yourdomain and sends a bunch of spam, those bounces are going to come back to the "ihateyourguts" address and end up in your inbox. If you turn off the catch-all, that puts a stop to that. I know, it's a bummer to turn off the easy custom address ability, but it's something to consider -- weigh the plusses and minuses of being able to receive mail at any address at your domain, versus the unintended side effects of receiving unwanted "backscatter" bounces.

    I helped my friend implement all of these -- including disabling "catch-all" email forwarding (while helping them build a manual list of email aliases to continue forwarding to their main inbox) -- and we think it helped. It's not like we did a scientific study, but the bounces dropped off and disappeared pretty quickly. I think the spammers moved on to greener pastures.

    If you're new to all of this and wondering what SPF, DKIM and DMARC DNS records look like, here are the ones for spamresource.com: SPF , DKIM , DMARC . The SPF record contains the IP addresses of a couple of servers I own as well as an include showing that I utilize Google Workspace. The DKIM record (called a DKIM public key) is a DNS string provided by Google Workspace's DKIM configuration tool, and the DMARC record is just a very simple "tell ISPs to reject it if it doesn't pass authentication."


    Značky: #forgery, #help, #spam, #Network, #backscatter, #bounces, #spf, #dkim, #dmarc