DMARC Works

Tue 01 September 2020

Earlier today I received a few notifications of bounced mail from Google. This was odd seeing as how I hadn’t sent any mail to Google in a while. Upon further inspection, the messages originated from an application running on one of my servers. These were password reset messages destined to a real user but were rejected because I hadn’t properly setup SPF and DKIM for this domain and Google had kindly rejected the messages based on my DMARC policy of reject.

I’ve talked about e-mail server security in a previous post and it clearly worked in this case. A quick fix on my server and to a DNS entry fixed this problem, but I wondered if there were other messages that had been rejected recently that I wasn’t aware of.

I use Mailhardener to collect all my security reports regarding e-mail. Reviewing the last few weeks showed that a few Chinese servers had been trying to send mail using my aehe.us domain but had been thwarted by my DMARC policy. The fact that the policies I have in place kept these spam messages out of circulation is a testament to how far we’ve come with easily deployable authentication mechanisms that should be common place on the Internet today.

By Sparks, Category: Information Security

Tags: DMARC / SPF / DKIM /

Other articles

E-mail Security

Wed 01 July 2020

Way back when, e-mail was from server-to-server, and really client-to-server as well, without much thought to security. Messages were transmitted in plain text (no encryption) and the only people reading your mail (literally) were the system administrators who ran the email server. Of course, those system administrators knew what was …

By Sparks, Category: Information Security

Continue reading …