Re: Passwords in plain text

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 06/17/2018 09:11 AM, Alice Wonder via CentOS wrote:
On 06/17/2018 08:52 AM, Michael Hennebry via CentOS wrote:
I'm petty sure I messed up attributions, so am deleting them.

I believe this is a DMARC issue. Yahoo, among other places, has set
their dmarc records to p=reject:

So, if your mail hosting provider enforces dmarc,(gmail does) and you
get mail from a list that doesn't rewrite the headers, and people
from places like yahoo post to the list, you'll likely get some form
of warning about being being kicked off the mailing list every now
and then. The frequency depends on how often people from p=reject
places post, and what the settings are for bounce handling of the
mailing list in question.

This is indeed what happened.  An email from yahoo.com.uk caused gmail
to reject all the mails sent by that user because of the yahoo DMARC
settings.

Say it isn't so: *An* e-mail, just *one* from yahoo.com.uk
caused every gmail user to have his account disabled.

I'd heard of the DMARC thing with mailing lists before,
but had not known it enabled single e-mails of mass destruction.

I run dmarc on my mail server but only in report mode, it doesn't reject.

I did it as a test (for years) and am fully convinced that dmarc is
worthless for real world protection.

Numerous mail lists out there are configured in such a way that dmarc
gets triggered and that just isn't going to change.

It's a neat idea but it's not backwards compatible with the way SMTP
already works.

I can not recommend its use. I do recommend mail server software update
if possible to be compatible but I just can not recommend mail servers
enforce dmarc.

DKIM is a good thing, but dmarc breaks things too badly.

Even DKIM though is of limited usefulness - it seems the spammer
blacklists don't really care. Even with proper DKIM signature on a
domain with correct reverse DNS set up for years, they will still add
you to the spam blacklist if any other host on your subnet is identified
as a spammer.

So even the blacklists don't really utilize this anti-spam anti-spoof
technology, which makes it kind of worthless.

Using DKIM as one of several factors in spamassassin though is possibly
helpful, though most spammers these days have a validating DKIM sig.

_______________________________________________


Let me put it this way - in the several years of running dmarc is report only mode, over 99% of reported violations are false positives from mail lists.

That high of a false positive rate tells me it is broken technology.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux