Skip to main content
#DMARC #email #DKIM
"STOP DOING MATH" meme, but it is "STOP DOING DMARC" The text in the "slide" reads: - AUTHENTICATION FAILURES WERE NOT SUPPOSED TO BE REPORTED - MILLIONS OF DMARC XML REPORTS generated yet NO REAL-WORLD USE FOUND receiving them - Wanted to receive reports anyway for a laugh? We had a tool for that: It was called "DELIVERY STATUS NOTIFICATIONS" - "Yes please reject pct=0 spoofed emails. Please quarantine pct=15 of them" - Statements dreamed up by the utterly Deranged LOOK at what they have been demanding your Respect all this time, with all the software we built for them (This is REAL DMARC, done by REAL providers): 1. Picture of terminal with invalid DMARC records 2. DMARC alignment diagram with arrows pointing to domain in various headers and DKIM signature header 3. 3D pie chart showing that 70% of domains use p=none policy as of 2022 taken from dmarc.org "Hello I would like you to Quarantine my message please" They have played us for absolute fools
#email #dmarc #dkim
vv221
vv221  
I never read even a single one of DMARC reports I got. Ever.
l
l  
You can also unsubscribe from them. My preferred setup currently is "v=DMARC1;p=reject;adkim=s;aspf=s", the strictest policy possible with no reports. Yet it is still not as strict as I want, because I want DKIM enforced and don't care about SPF. Relying on SPF for authentication is like using Telnet with IP address based authentication instead of SSH, this should have been deprecated long ago.
This entry was edited (9 months ago)
vv221
vv221  

Oh, I did not know rua is an optional field. Then I guess I will update my setup from:

v=DMARC1;p=reject;rua=mailto😛ostmaster\@example.comto:
v=DMARC1;p=reject

This entry was edited (9 months ago)
⇧