[dmarc-discuss] FYA: Class action administrators send out millions of emails that violate DMARC and are rejected
jik at kamens.us
Sat Aug 3 04:31:54 PDT 2019
I though y'all might find this amusing.
The class action administrators of the lawsuit against Experian for the
breach of 15 million T-Mobile customers' data revealed in 2015 just sent
out emails to the millions of class members notifying them about how to
collect their benefits under the lawsuit settlement.
The domain the emails came from has a p=reject pct=100 DMARC policy, and
the emails failed DMARC checks, since neither SPF nor DKIM was aligned:
the From: line of the emails said "@classact.com", while both the DKIM
signature and envelope sender domain said "bluehornet.com".
This means that most of the victims sent these emails will never see them.
It gets better. When I attempted to email the lawyers from the lawsuit
to notify them about the problem and ask them to fix it, my email was
bounced for two of the recipients, because the email list for the
lawyers is hosted on outlook.com and it modified my message and broke
the DKIM signature before forwarding it on to those two recipients.
You can read more details on my blog
if you're curious.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dmarc-discuss