May 2013 – Matt Simerson

Geeky things to do with DMARC

May 25th edition.

Between 2013-05-24 17:00:00 and 2013-05-25 16:59:59, somebody at the United States Army base in Fort Huachuca, Arizona (home of the “U.S. Army Intelligence Center and the U.S. Army Network Enterprise Technology Command (NETCOM)/9th Army Signal Command”) attempted to forge an email to a Yahoo email address purporting to be from my domain cadillac.net.

I discovered this while testing the report analysis tools in Mail::DMARC, my nearly complete implementation of DMARC. DMARC is a nifty bit of tech where mail server operators (in this case, Yahoo!) report message delivery information to domain owners (in this case, me). In this case, Yahoo received the non-conforming message attempt from IP 141.116.211.97, which resolves to host-141-116-211-97.ptr.hqda.pentagon.mil. GeoIP locates the IP at:

US, AZ, Fort Huachuca, 85613, 31.527300, -110.360703, 789, 520.

Because the message didn’t conform to my published DMARC policy, Yahoo rejected it and reported information about the attempt to me. To rule out the possibility of this being a legit message being forwarded, I checked my logs and found zero messages being sent from that domain during the time period. I’d be quite curious to hear an explanation for this attempt.

Google Checkout being put out to pasture

“As we continue to build the Wallet platform, we must focus our priorities. That is why we are announcing today that we will retire Google Checkout….on Nov 20, 2013.”

DKIM and mailing lists

I recently deployed DKIM on a number of my domains. For those readers of my blog that are unfamiliar with DKIM (Hi Mom and Dad, I love you.), DKIM is just a fancy way to stamp emails with a special digital signature. DKIM makes it so other mail programs can inspect the message and determine if it really is from me.

I also manage a number of email lists, and I subscribe to a number of other lists. Email lists have a habit of appending trailers with helpful instructions for managing subscriptions, and adding prefixes to the subject. This altering of the message as it passes through the mailing list invalidates the DKIM signature.

Today I tested a “fix” for one of my Ezmlm mailing lists with these commands:

cd path/to/ezmlm/list; rm prefix text/trailer addtrailer

Then I sent a test email to the list, and voila, the message passes DKIM validation.