1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#754809: Still not fixed

    From Marco d'Itri@21:1/5 to Martina Ferrari on Sat May 17 16:20:02 2025
    On May 17, Martina Ferrari <tina@tina.pm> wrote:

    I have recently updated much of my email server setup, including DKIM >signing and validation, and publishing DMARC records. Since I changed
    the DMARC policy away from p=none (as that it is supposed to be only
    for testing purposes),
    This is not really correct... A restrictive DMARC policy should be used
    if a domain is subject to spoofing (e.g. because it is a phishing
    target). But p=none is a totally valid configuration.

    --
    ciao,
    Marco

    -----BEGIN PGP SIGNATURE-----

    iHUEABYKAB0WIQQnKUXNg20437dCfobLPsM64d7XgQUCaCiagAAKCRDLPsM64d7X gXUrAQDNs4j+fCINOCwTNnEs98K0M1mx6TVHgwFvF4yHFOh8IQD/VDG66H2gU2DQ cmWzaapFFlw5MslSZjIaJsyHfuQhLAw=
    =/UK/
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrea Pappacoda@21:1/5 to Marco d'Itri on Sat May 17 17:50:01 2025
    On Sat May 17, 2025 at 4:17 PM CEST, Marco d'Itri wrote:
    A restrictive DMARC policy should be used if a domain is subject to
    spoofing (e.g. because it is a phishing target). But p=none is
    a totally valid configuration.

    Isn't any domain potentially subject to spoofing and phishing? One
    shouldn't use strong passwords only if targeted by criminals :)

    Bye!

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco d'Itri@21:1/5 to Andrea Pappacoda on Sat May 17 18:30:01 2025
    On May 17, Andrea Pappacoda <tachi@debian.org> wrote:

    Isn't any domain potentially subject to spoofing and phishing? One Potentially, obviously yes.
    But experience shows that it is an actual problem only for a tiny number
    of domains.

    --
    ciao,
    Marco

    -----BEGIN PGP SIGNATURE-----

    iHUEABYKAB0WIQQnKUXNg20437dCfobLPsM64d7XgQUCaCizhAAKCRDLPsM64d7X gZqeAP95zrwFR26+rgtJvGvB4WYjhf3QdtrhIPdjj/Y+s0WmIgD+IQ8XFkGjRjE2 r95Fv6SpRP6pX+j3ZkTa8j28qzD20g8=
    =Nkh4
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Don Armstrong@21:1/5 to Martina Ferrari on Sun May 18 01:10:01 2025
    On Sat, 17 May 2025, Martina Ferrari wrote:n
    Do we need to all change/downgrade our email setups, or is there a
    plan to address this at some point?

    Addressing it requires having the BTS resend all messages from its own addresses since the BTS has to rewrite parts of the mail in order to
    function. That's a pretty big architectural change which I've been
    working on very, very, slowly.

    So you're better off not using DKIM until that's fixed.

    --
    Don Armstrong https://www.donarmstrong.com

    6: If we are one, then we can defeat 2.
    -- "The Prisoner (2009 Miniseries)" _Schizoid_

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)