Cybersecurity

30 readers

2 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

founded 2 years ago

MODERATORS

shellsharks@fedia.io

tweedge@fedia.io

Scammers set up domains with instructions to ignore email security failures on their emails via a DMARC record and Google et al. deliver their obvious dangerous spam to you. I thought, "how stupid" to (hear-me.social)

submitted 4 months ago by Jerry@hear-me.social to c/cybersecurity@fedia.io

2 comments fedilink hide all child comments

But, I realize it was NEVER designed to protect YOU from spam. It has ONE purpose. Protect corporations from being spoofed. Period. They set their DMARC to reject or quarantine emails from their domains that fail security. It works perfectly for this and ONLY this. They are protected. You, not so much, but you are not their concern.

It could have been easily expanded to kill spam by not allowing the checks to be ignored, but why should they? They are protected. Common attitude today by too many people.

Am I wrong?
#CyberSecurity #EmailSecurity

top 2 comments

sorted by: hot top controversial new old

[–] faebudo 1 points 4 months ago

Yes, when setting up their own domain they can as well set the dmarc policy to reject and add valid spf and dkim records. They also do this sometimes.

[–] voracitude@lemmy.world 1 points 4 months ago

Heh. Meanwhile, I spend my day helping business owners who are incensed their emails go to spam so often, and help them set up DNS to authenticate their emails while cautioning them it still isn't the be-all end-all for their email delivery.

This system was cobbled together in production, and had to take into account current use cases; that's not a conspiracy, it should not be surprising that it barely works.