[dmarc-discuss] Anything to be done about DMARC failures caused by internal Microsoft forwards?

Jonathan Kamens jkamens at quantopian.com
Wed Aug 2 12:39:54 PDT 2017


On 7/16/17 3:22 AM, John R Levine wrote:
>> So, what am I trying to accomplish, aside from the trivial goal of
>> making hackers stop emailing me?
>
> As we hardly need tell you, there's no cure for stupid.  Perhaps a
> comment in your DMARC record saying that bug reports will be met with
> ridicule, and some procmail scripts to ridicule any bug reports that
> mention DMARC would help.

Oh, how I would love to do that, but alas, it would not be in my
employer's best interest for me to be anything but unfailingly polite to
the people reporting security issues to us, regardless of how much they
try my patience.

> I use p=none and ask for reports, which I process automatically with
> some little scripts that put the interesting bits in a mysql database
> at which I very occasionally look.  Sounds like that's right for you,
> too.
>
> The scripts are here:  https://www.taugh.com/rddmarc/

Thanks for the pointer. There are actually a lot of open-source DMARC
tools out there. I uncovered a lot of them inadvertently when I was
actually trying to figure out why Github was generating emails claiming
to be from our domain that were failing DMARC... I searched for "github
dmarc" <https://www.google.com/search?q=github+dmarc> and uncovered a
whole bunch of interesting public repositories.

For the time being, I'm using the free DMARC aggregator provided by
Postmark <https://dmarc.postmarkapp.com/>, which has been sufficient to
uncover a number of issues, some of which we've already resolved and
others (including the mysterious Github emails I'm trying to figure out)
we're still working on.

  jik


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20170802/f36fcf84/attachment.html>


More information about the dmarc-discuss mailing list