this post was submitted on 03 May 2024
12 points (100.0% liked)

Cybersecurity

5969 readers
332 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago
MODERATORS
kid
[email protected]
12
DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (www.darkreading.com)
submitted 8 months ago by kid to c/cybersecurity
1 comments fedilink hide all child comments
top 1 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 8 months ago* (last edited 8 months ago)

Just last week I was dealing with a vendor who was responding to complaints from people in my org about the vendor's emails always ending up in spam.

I told the vendor the problem was on their end (SPF failure) and sent the headers showing exactly what server their email was leaving and a copy of the DNS results showing how that server was not part of their SPF record. They said they found no such issue when they investigated and asked us to "whitelist" their domain in our email system.

Nope. Nope. Nope.

SPF, DKIM, and DMARC exist for a number of very valid reasons. Fix your shitty email; we will not be disabling security because you're too incompetent or lazy to setup your system correctly. "Whitelisting" your domain because your SPF is not setup correctly would allow anyone to spoof emails from your domain and open us up to a number of attacks.