←back to thread

Spammers are better at SPF, DKIM, and DMARC than everyone else

(toad.social)
429 points pabs3 | 2 comments | 25 Mar 25 08:14 UTC | HN request time: 0.001s | source
Show context
jeroenhd ◴[25 Mar 25 11:00 UTC] No.43469827[source]
For me, as someone with their own mail server, these technologies mostly serve to inform me that Russian IP addresses are still trying to send email in the name of my domain for some stupid reason.

It makes sense that people whose business is sending email know how to set up email correctly. I'm mostly surprised at how many legitimate sysadmins struggle with getting the basics correct. Surely those dozens of DMARC emails you get that your sendgrid email has been refused because of a bad SPF signature should set in motion some kind of plan to ask if maybe marketing is using them legitimately?

Automated signatures are of limited value but I rarely see rejections based on SPF and DKIM that are a mistake. Things are probably worse for big organizations but as a small email server, technical rejections are usually the right call. The only exception is mailing lists, but the dozens of people who still use those can usually figure out how to add an exception for them.

replies(6): >>43470005 #>>43470195 #>>43470668 #>>43471472 #>>43473790 #>>43482338 #
wruza ◴[25 Mar 25 17:31 UTC] No.43473790[source]
As a non-email guy, I can tell you that if a system that boils down to having an (optionally certified?) key requires much more than just putting it into a folder with a domain name and running a service, it’s badly designed and has unnecessary complexity. Which will result into abusers having more expertise than legitimate users. The fact that you can “get” DMARC SPF DKIM wrong, while it’s basically a hard requirement for operation, is just screaming something important to the email software.
replies(1): >>43476659 #
trod1234 ◴[25 Mar 25 22:19 UTC] No.43476659[source]
As a generalist admin, would you say the same about DBA operations or would you say that's just not my specialty?

The reasoning you provide doesn't differentiate, and speaks more of frustration which naturally comes with any area you aren't steeped in, or knowledgeable about.

replies(1): >>43477859 #
wruza ◴[26 Mar 25 01:16 UTC] No.43477859[source]
Frustration doesn't come naturally. It comes with shitty software design.

"I don't know" is not a problem, you learn and you know, no frustration.

The problem is "I spent N hours/days on a thing that everyone does and which is a 99.99% of use cases and boils down to just having a keyfile in a proper(?) location and this knowledge doesn't translate effing nowhere".

would you say the same about DBA operations or would you say that's just not my specialty

It depends on the absurdity of the complexity of setting something up, not on operations themselves. Getting some results is absurdly complex -- not naturally complex and not necessarily very complex, just much more complex than the nature of the result itself.

For example, that's how you were supposed to install openvpn before angristan scripts: https://www.digitalocean.com/community/tutorials/how-to-set-... . To save someone a click, it's 50 pages "installation tutorial" with around 50 commands and a dozen of config files. And guess what, it uses "easyrsa" package to "set up RSA PKI easily". So it's not how openvpn meant to be installed, but an "easy" way.

replies(1): >>43478156 #
trod1234 ◴[26 Mar 25 02:14 UTC] No.43478156[source]
You are mistaken. Your reasoning is flawed because the heuristics you use are flawed, and the consequences of the heuristics are the reason you are frustrated.

There are critical tools that you clearly have not learned, and likely were never taught. Tools that have been around since the time of the Greeks.

This is evident in your use of poorly defined language running you indirectly in a circular path (trauma/torture loop).

There is irreducible complexity in software. Domain knowledge is needed to use complex software for purpose.

The script you say makes assumptive choices for you. What will you do now that RSA has practically become broken at small key sizes, and instead you need to use a different algorithm?

Do you know how to transition this without starting from scratch, or have you become corrupted by dependency, on someone who provided that for you that did have that knowledge? Are you helpless to do anything but wait.

If you want to correct the underlying reason for your troubles, I'd suggest going over the associated material covered in a Trivium based curricula.

It will require unlearning bad heuristics and re-learning good heuristics. It requires a lot of effort and constant attention until you've got your thought processes fixed and these provide the basics for rational thought.

You should have been taught these things in school.

Logic (Aristotle), Philosophy (metaphysical objectivity, identity and its requirements), Argumentation, Descartes Method, and Kant with regards to A priori knowledge, reasoning, and argumentation.

Small things with an outsized bigger impact.

If you can't understand what is written in the whitepapers, you have no hope of following the conformant requirements.

Software reduces to practice the requirements of business logic, which is described in those whitepapers.

Sometimes its irreducible, and you have to approximate, and they won't hand this ready-made to people that aren't willing to put the time cost and professional skill needed to do so correctly.

You have to offer tribute, in the form of expertise, and time to benefit from these systems. As you have to do for any other specialized career.

replies(2): >>43481272 #>>43485439 #
1. wruza ◴[26 Mar 25 12:05 UTC] No.43481272[source]
You’re just arrogant here imo, and I regret the time spent on elaborating. Your comment is straight from the 25 years ago when it was normal to read toxic lectures to lame noobs on forums and create software that has no last mile connection to reality. I’m glad that that era is long over except for a few remnants. Have a regular day.
replies(1): >>43485711 #
2. trod1234 ◴[26 Mar 25 19:05 UTC] No.43485711[source]
You have willfully blinded yourself to opportunities that if taken to heart could have prevented yourself a world of suffering.

You mistake the environment you are in, and where it is going, which will threaten your ability to survive at some point as you are helplessly dependent on an environment that will cease to exist in the near future.

This was neither toxic, nor arrogant, just the facts and advice provided in good will and faith, something that is vanishing along with tolerance, and those facts should frighten you because they have detrimental outcomes as a consequence for you.

You didn't want to hear it because of indoctrination, and an inability to to comprehend. As a result, you have only yourself to blame for the choices you've made and what predictably comes next. Struggle and frustration.

Those that can't help themselves won't be helped by others. Those that cannot learn and adapt doom themselves by their own choices. Darwin's fitness.

A time is coming where the blind in their unpredictable and crazy behavior may be given a final mercy that can't be taken back, for the good of all because these people are a detriment to all if left alone. Historically, this is well known and it wasn't until modern times that we had the resources to care for such illness in seeming perpetuity.

Until things change, you've made it clear the only path for you is to struggle on needlessly, without any help, and let it distort you in a spiral of madness until you succumb to your self-fulfilling prophecy and break moreso than you already have.

Slapping goodwill and advice down falsely believing its toxic, when in fact its just unpleasant/harsh truths you weren't strong enough or willing to face speaks greatly to the character and outcomes you will face.

There are people who happen to know more than you do, about a great many things; because you were given a poor foundation purposefully. Its not arrogance to want to give people the opportunities that an education they should have been given as a child provides. The alternative is delusional adult children running amok destroying the pillars of their own survival.

You tread forward down the path those malevolent people laid for you, deceived, and never straying; biting any hand that offers help. Its sad because its preventable and needless.

I'll pray you revisit this when you get tired of the madness you put yourself through.