Discussion:
[myhdl-list] hi myhdl
develone
2016-06-02 13:00:46 UTC
Permalink
Hi myhdl

http://lazarandkalmar.com/division.php?sense=1pn5d4qnxkg2zby1



develone
Josy Boelen
2016-06-02 14:07:27 UTC
Permalink
Post by develone
Hi myhdl
http://lazarandkalmar.com/division.php?sense=1pn5d4qnxkg2zby1
develone
------------------------------------------------------------------------
develone,

it looks like you have been hacked!

Regards,

JOsy
David J. Holl, Jr.
2016-06-02 14:53:39 UTC
Permalink
Often times, the account in question wasn't hacked, but bots merely faked the from address along with other mail headers to cover their tracks. In the original SMTP specs, there's nothing to prevent From forgery, but in the recent years, DMARC was developed specifically to allow domain owners to lock down their domains to prevent such third party forgeries.

DMARC has raised some controversy, because for locked-down domains, it also prevents naive mailing lists from relaying messages --- but any real list server software today can interoperate with DMARC now.

It looks like this domain "djnewmoney.com" did not publish any DMARC DNS records
https://dmarcian.com/record-tools/djnewmoney.com

But if it did (and with the underlying SPF and DKIM records, too), then all other email servers could easily spot and reject these forgeries.

Examples of strict DMARC records:
https://dmarcian.com/record-tools/google.com
https://dmarcian.com/record-tools/yahoo.com
https://dmarcian.com/record-tools/citibank.com
https://dmarcian.com/record-tools/paypal.com
And my own domains:
https://dmarcian.com/record-tools/ad5ey.net

Summary: Any domain is at risk for these From forgeries, and I wish more domain owners would opt into DMARC to stop such schemes.

- David
Post by develone
Post by develone
Hi myhdl
http://lazarandkalmar.com/division.php?sense=1pn5d4qnxkg2zby1
develone
------------------------------------------------------------------------
develone,
it looks like you have been hacked!
Regards,
JOsy
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and
protocols are
consuming the most bandwidth. Provides multi-vendor support for
NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports.
https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
myhdl-list mailing list
https://lists.sourceforge.net/lists/listinfo/myhdl-list
Mr C Camacho
2016-06-02 15:25:15 UTC
Permalink
there is spf too which is actually quite easy to set up...
googled this simple checker http://www.kitterman.com/spf/validate.html
Post by David J. Holl, Jr.
Often times, the account in question wasn't hacked, but bots merely
faked the from address along with other mail headers to cover their
tracks. In the original SMTP specs, there's nothing to prevent From
forgery, but in the recent years, DMARC was developed specifically to
allow domain owners to lock down their domains to prevent such third
party forgeries.
DMARC has raised some controversy, because for locked-down domains, it
also prevents naive mailing lists from relaying messages --- but any
real list server software today can interoperate with DMARC now.
It looks like this domain "djnewmoney.com <http://djnewmoney.com>" did
not publish any DMARC DNS records
https://dmarcian.com/record-tools/djnewmoney.com
But if it did (and with the underlying SPF and DKIM records, too),
then all other email servers could easily spot and reject these forgeries.
https://dmarcian.com/record-tools/google.com
https://dmarcian.com/record-tools/yahoo.com
https://dmarcian.com/record-tools/citibank.com
https://dmarcian.com/record-tools/paypal.com
https://dmarcian.com/record-tools/ad5ey.net
Summary: Any domain is at risk for these From forgeries, and I wish
more domain owners would opt into DMARC to stop such schemes.
- David
Hi myhdl
http://lazarandkalmar.com/division.php?sense=1pn5d4qnxkg2zby1
develone
------------------------------------------------------------------------
develone,
it looks like you have been hacked!
Regards,
JOsy
------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports.https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
------------------------------------------------------------------------
myhdl-list mailing list
https://lists.sourceforge.net/lists/listinfo/myhdl-list
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
myhdl-list mailing list
https://lists.sourceforge.net/lists/listinfo/myhdl-list
David Holl
2016-06-02 17:00:48 UTC
Permalink
Yep, DMARC uses SPF and DKIM, and the DMARC records are just as easy to
set up as SPF.

https://dmarc.org/wiki/FAQ#How_does_DMARC_work.2C_briefly.2C_and_in_non-technical_terms.3F


-- very off-topic from the list now... --

If I recall correctly, you set up SPF (spf1) records to protect the FROM
(internal SMTP header), and DKIM to protect the displayed From:/Sender:.
(more or less)

In short sumary, DKIM without SPF, or SPF without DKIM doesn't cover all
the edge cases of mail sender protection, so DMARC integrates the two
and adds the ability for the mail server operator to get realtime
feedback. Thus, a complete modern mail server uses the combo punch of:
DMARC+DKIM+SPF+SRS. (SRS is needed to not break SPF when forwarding
mail from other sources such as through .forward files. In this case
the sender's DKIM signature protects the message contents.)

Here's where I keep a stash of notes-to-self for the various validation
tests: https://ad5ey.net/domain

And if you're going this far, these DNS records should be protected by
enabling DNSSEC (use NSEC3) to limit DNS attacks, but once DNSSEC is
enabled, creating TLSA records is easy and enables opportunistic
encryption. I love this effort:
https://datatracker.ietf.org/doc/rfc7672/

(all transparent to end users...)

I'm available to offer any pointers (Bind + Postfix) to interested
folks, but further discussion should probably be off-list... ;)

- David
Post by Mr C Camacho
there is spf too which is actually quite easy to set up...
googled this simple checker http://www.kitterman.com/spf/validate.html
Post by David J. Holl, Jr.
Often times, the account in question wasn't hacked, but bots merely
faked the from address along with other mail headers to cover their
tracks. In the original SMTP specs, there's nothing to prevent From
forgery, but in the recent years, DMARC was developed specifically
to allow domain owners to lock down their domains to prevent such
third party forgeries.
DMARC has raised some controversy, because for locked-down domains,
it also prevents naive mailing lists from relaying messages --- but
any real list server software today can interoperate with DMARC now.
It looks like this domain "djnewmoney.com <http://djnewmoney.com>"
did not publish any DMARC DNS records
https://dmarcian.com/record-tools/djnewmoney.com
But if it did (and with the underlying SPF and DKIM records, too),
then all other email servers could easily spot and reject these forgeries.
https://dmarcian.com/record-tools/google.com
https://dmarcian.com/record-tools/yahoo.com
https://dmarcian.com/record-tools/citibank.com
https://dmarcian.com/record-tools/paypal.com
https://dmarcian.com/record-tools/ad5ey.net
Summary: Any domain is at risk for these From forgeries, and I wish
more domain owners would opt into DMARC to stop such schemes.
- David
Hi myhdl
http://lazarandkalmar.com/division.php?sense=1pn5d4qnxkg2zby1
develone
------------------------------------------------------------------------
develone,
it looks like you have been hacked!
Regards,
JOsy
------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports.https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
------------------------------------------------------------------------
myhdl-list mailing list
https://lists.sourceforge.net/lists/listinfo/myhdl-list
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
myhdl-list mailing list
https://lists.sourceforge.net/lists/listinfo/myhdl-list
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
myhdl-list mailing list
https://lists.sourceforge.net/lists/listinfo/myhdl-list
--
Dr. David Holl, Jr.
President and LLC Member
Subspace Dynamics, LLC
3543 Brook St #101
Lafayette, CA 94549
281-206-4060
***@subspacedynamics.com
Loading...