* Posts by Dammit

6 posts • joined 16 Sep 2009

IETF group proposes better SMTP hardening to secure email. At last


Have a look at DMARC.org

Next-gen secure email using internet's own DNS – your help needed


Re: a customer had a similar attack recently

Problem with that is that if an email is forwarded (which it may be for totally legitimate reasons) then SPF will fail as the check is performed on the last IP before the receiving MTA.

That's why you pair SPF with DKIM, as that (properly configured) survives forwarding.

If you use them both as part of DMARC then you also get full reporting on whether or not you listed all your sending IP's correctly, or missed off the payroll server/that SaaS vendor you just brought on etc.

DMARC also gives you (not the ISP) control over what happens to email that looks like it came from you but fails authentication - you specify in the p=tag whether they should do nothing, send it to spam or reject it.

Have a look at DMARC.org for the details - it's free, it's effective, there's no need to use a CA.

Your new car will dob you in to the cops if you crash, decrees EU


Re: Gah!

You might make less of an effort to avoid slamming into a tree at 90mph if you believe yourself to be safer - http://en.wikipedia.org/wiki/Risk_compensation

The safest car is one driven by someone who is REALLY trying to avoid having a crash, no seatbelt, no ABS, nice hard surfaces to cannon into that would make sure lots of bones are broken - basically a 1950's American car - would arguably be safer than todays modern vehicles in terms of getting people to pay attention.

Verizon to world: STOP opening dodgy phishing emails, FOOLS


DMARC is an open standard that Microsoft is on the verge of implementing (fully) in EOP and M365, it ensures that the 5322.From (what is visible to the user) has been used legitimately- so if they receive an email from HSBC.co.uk, and HSBC are using DMARC correctly*, AND the client which the user opens the email with validates DMARC correctly (such as Gmail, Yahoo!, AOL, Live/Hotmail and, soon, M365/EOP) then it was indeed sent by either HSBC or one of their trusted third parties.

The reply-to can be different (often a bounce processing address/etc), the key thing is that the domain in the visible from is the actual domain that authorised the email to be sent, not spoofed by Phil the Phisher.

*This assumes that HSBC has implemented DMARC fully have have got to p=reject

James Martin apologises for cyclist outrage


End the hate?

Another cyclist was killed this morning in Whitechappel by an HGV turning left.

I believe we are now on 8 or 9 deaths this year caused by motorised vehicles hitting cyclists.

So if we could move past the Road Tax issue- which does not exist and anyone who thinks it does is a complete idiot, and maybe gain some perspective?


AC above

You got just about everything in your comment wrong- clearly you are too stupid to breath and walk down the street at the same time.


Biting the hand that feeds IT © 1998–2020