←back to thread

Spammers are better at SPF, DKIM, and DMARC than everyone else

(toad.social)
429 points pabs3 | 1 comments | 25 Mar 25 08:14 UTC | HN request time: 0.001s | source
Show context
jeroenhd ◴[25 Mar 25 11:00 UTC] No.43469827[source]
For me, as someone with their own mail server, these technologies mostly serve to inform me that Russian IP addresses are still trying to send email in the name of my domain for some stupid reason.

It makes sense that people whose business is sending email know how to set up email correctly. I'm mostly surprised at how many legitimate sysadmins struggle with getting the basics correct. Surely those dozens of DMARC emails you get that your sendgrid email has been refused because of a bad SPF signature should set in motion some kind of plan to ask if maybe marketing is using them legitimately?

Automated signatures are of limited value but I rarely see rejections based on SPF and DKIM that are a mistake. Things are probably worse for big organizations but as a small email server, technical rejections are usually the right call. The only exception is mailing lists, but the dozens of people who still use those can usually figure out how to add an exception for them.

replies(6): >>43470005 #>>43470195 #>>43470668 #>>43471472 #>>43473790 #>>43482338 #
chillfox ◴[25 Mar 25 11:31 UTC] No.43470005[source]
In most organizations there is no point in a sysadmin to spend the effort in understanding how to set it up correctly as Marketing has got more authority on email. Marketing will simply demand changes to the config that they do not understand and there is nothing you can do to stop it as they will have the CEO on their side.
replies(7): >>43470020 #>>43470038 #>>43470121 #>>43470300 #>>43470650 #>>43471488 #>>43472049 #
JohnMakin ◴[25 Mar 25 14:51 UTC] No.43472049[source]
even worse when you have even less control than that, if you run some type of hosting and are trying to convince non-technical clients (or even worse, non technical clients who think they are technical) to “please just add this record exactly as it says here to your domain” and they’re somehow unable to for months and months
replies(1): >>43473871 #
WarOnPrivacy ◴[25 Mar 25 17:38 UTC] No.43473871[source]
> "please just add this record exactly as it says here to your domain" and they’re somehow unable to for months and months

I ran into this helping a friend whose biz emails to gmail recipients were getting dropped; the IT dept of the umbrella corp wouldn't respond. Same to me when I sent the correct DMARC, SPF etc.

(My friend's biz was his own but it shared some resources with a larger corp.)

I eventually realized that the (wrong) DMARC reporting domain wasn't even registered. I did what you'd expect and I soon had DMARC reports for subsidiaries of the umbrella corp. My friend passed that up to the CEO and suddenly IT was responsive.

In the end, it turned out that IT was deliberately blocking his biz emails to his biz family members. After 10 years they suddenly decided that email to family+gmail was risky and that they were going to gaslight my friend about it. Because reasons.

replies(1): >>43474541 #
1. JohnMakin ◴[25 Mar 25 18:53 UTC] No.43474541{3}[source]
That’s a wild story, thanks for sharing - I find interfacing with external IT teams extraordinarily frustrating. I suspect it’s because businesses often don’t manage their IT teams well or have a good process to expedite business -> IT requests that really should be super easy and provide a lot of tangible value for the amount of comparative effort involved.

I’ve run into outright malicious stuff internally like this, but never externally - I would probably go apoplectic if I was your friend