[HN Gopher] Learn and Test DMARC ___________________________________________________________________ Learn and Test DMARC Author : timsneath Score : 123 points Date : 2023-10-01 19:58 UTC (3 hours ago) (HTM) web link (www.learndmarc.com) (TXT) w3m dump (www.learndmarc.com) | normaldist wrote: | Appears to be operated by uriports.com, in case anyone wondered | where their email was going.. | guessmyname wrote: | I sent an email via Apple's "Hide My Email" service [1]. | | > _Unhandled Promise Rejection:_ | | > _TypeError: a.from.replace( /[<]/gi," is not a function. (In | 'a.from.replace(/[<]/gi,"(")', 'a.from.replace(/[<]/gi,"' is | undefined)_ | | > _dist.min.js:3:32767_ | | This error occurred after the interface began displaying the | following information: | | > _Here are the message headers and message body:_ | | > _DKIM-Signature: d=icloud.com s=1a1hai_ | | It's been over a year since the website was featured on Hacker | News (January 10, 2022), so I suspect that the JavaScript code | may have become outdated and non-functional. It's possible that | it never supported Safari browsers in the first place, or perhaps | it's a combination of both issues. Nevertheless, I've learned a | lot from the initial [2] and second [3] parts of the DMARC test, | which gives me some insight into what might be happening in the | subsequent steps. | | [1] https://support.apple.com/en-us/HT210425 | | [2] dig +noall +answer -t TXT <EMAIL_DOMAIN> | grep -i SPF | | [3] dig +noall +answer -t A <HOSTNAME> | jrockway wrote: | I also get the same error (in Chrome) when testing a forged | email: telnet learndmarc.com 25 Trying | 87.239.13.42... Connected to learndmarc.com. Escape | character is '^]'. 220 allspark.uriports.com ESMTP | URIports Mail Portal 1.03.2 Sun, 01 Oct 2023 21:55:40 +0000 | HELO there 250 allspark.uriports.com Hello <my host> [<ip | address>] MAIL From: me@example.com 250 OK | RCPT To: ld-49101f55f6@learndmarc.com 250 Accepted | DATA 354 Enter message, ending with "." on a line by | itself . 250 OK id=1qn4QF-00CUhd-5j | | It's funny because while I was typing this, it's like "you | don't have to write a love letter". Maybe not, but you do have | to repeat the From: and To: header in the data segment, I | guess. | | I remain amused at how much email I've sent over the years with | "HELO there" instead of my hostname in there. I also wonder | what % of internet traffic is "Enter message, ending with . on | a line by itself". | jauntywundrkind wrote: | You sent an email without a "from" field and it broke. | Programmer didn't think to test for bad users doing bad things. | Nothing special here, no big conspiracy. | [deleted] | [deleted] | dang wrote: | Related: | | _See how DMARC, SPF, and DKIM work interactively_ - | https://news.ycombinator.com/item?id=29869266 - Jan 2022 (108 | comments) | [deleted] | ChrisArchitect wrote: | Bunch of discussion from 2022: | | https://news.ycombinator.com/item?id=29869266 | graypegg wrote: | This is so cool! I would love to see this for other protocols | actually, maybe SSL or something! | [deleted] | supriyo-biswas wrote: | For TLS, there's https://bytebybyte.dev/ and | https://tls13.xargs.org/ | teddyh wrote: | See also: <https://webencrypt.org/illustrated-tls/> | supriyo-biswas wrote: | (For reference, the original is here, | https://tls13.xargs.org/) | [deleted] | patmorgan23 wrote: | https://www.ssllabs.com/ssltest/ | pests wrote: | Very cool. | | > For DMARC to pass, DKIM and/or SPF checks need to pass and the | domains must be in alignment. | | AFAIK this is incorrect. | | It is not "and/or" but rather "or" - only DKIM or SPF needs to | pass. There is no method to require both. | rob-olmos wrote: | Dunno why you're being downvoted, you're correct that it's only | "or". | bawolff wrote: | I think you are just misparsing their grammer. I believe and/or | just means inclusive or. It does not mean "and" is neccesarily | an option. | pests wrote: | I think its unambiguous. If they want "and/or" to just mean | inclusive or why not just use "or". Its shorter, simpler, | easier to understand. I also feel "and/or" in general usually | means either option are possible/acceptable. | | The point I was making is that "DMARC passes if DKIM _and_ | SPF passes" and "DMARC passes if DKIM _or_ SPF passes" are | both true - you can't specify "DMARC passes if, and only if, | DKIM _and_ SPF passes" | pests wrote: | This was a recent problem with Cloudflares partnership with | MailChannels[1] that allowed email spoofing which was related | to this. | | The basic problem being that mailchannel did not require | authentication - cloudflare workers could just hit an API | endpoint on mailchannel to send email. Mailchannel required you | to add an include: record to your SPF policy. This allowed | anyone to impersonate anyone else due to mailchannel being a | valid sender for all domains. | | Only ~400 domains of the 2M hosted had DKIM set up but even if | they did the passing SPF caused DMARC to pass. | | [1] https://blog.cloudflare.com/sending-email-from-workers- | with-... | bawolff wrote: | I mean i dont think requiring dkim would stop attacks based | on totally broken authentication. In that scenario, mailchimp | might as well be signing the emails for the incorrect domain | as well. | pests wrote: | True. MailChannels, not MailChip though. They handle email | for a lot of webhosting providers. | sylware wrote: | And if you use IP address literals instead of paying for a | domain, you get a free SPF: | | If the "From:"/"Reply-To:" fields contains only the email | address with the IP address literal, you get your "SPF" and it | gets a much better score in order to avoid grey listing for the | first transaction. And if there are no URLs in the content, | even better. | | But that is common sense. | amelius wrote: | This is how email is _supposed_ to work. In reality, there are | whitelists ... | ingen0s wrote: | Dope af ___________________________________________________________________ (page generated 2023-10-01 23:00 UTC)