the most common DMARC mistake I see is publishing the record and walking away

it's the right first step

but I see domains that have been at p=none for years

the path is:

- p=none
- collect reports for 4-8 weeks
- identify all legitimate senders
- move subdomain policy to reject
- move organizational policy to quarantine
- then reject

https://dmarcguard.io/blog/dmarc-policy-not-enabled-fix/

#DMARC #EmailSecurity #EmailAdmin #InfoSec

A major new spam campaign has been launched by Linode servers using 3rd and 4th tier subdomains of throwaway domains, mostly .us and .cl all with
Return-Path: <[email protected]>

#EmailAdmin #SpamAlert

CORRECTION!

I made a post about OPENPGPKEY DNS records, and turns out I misread the content relating to it. It is the hash as bytes that is truncated, not the digest itself.

I have corrected my DNS records, the script at https://gist.github.com/TruncatedDinoSour/a0874bf1e90647a9a49985e531d9d15f and the blog post at https://blog.ari.lt/b/openpgpkey-records-are-cool/ - It was an honest mistake!

Regardless, all good now and I have put in efforts to retract the wrong version ASAP 😭 The RFC by “octets” means a byte in the actual hash of sha-256 output, not the hex digest.

Anyway, you should still set OPENPGPKEY stuff up :p Ofc now hearing with CORRECT information :D

#email #pgp #gpg #sysadmin #emailadmin #dns #rfc

"Why are you rejecting our emails?”

“Your SPF doesn’t include the servers your mail comes from.”

“What’s SPF?”

“A thing that says which servers can send mail for your domain.”

“Why do I need to do that? I don’t have problems writing to anyone else.”

“You will, and you really should fix it. Just let your mail admin know.”

“OK fine, but I’m the mail admin… so how do I fix it?”

“You just have to update a DNS record.”

“What’s DNS?”

💀 💀 💀

#SysAdmin #EmailAdmin