CheckDMARC now analyzes SPF policies, too

As SPF is a base technology for DMARC this was just a small logical step. The script can check for »real« SPF DNS records (which are rarely being used) or the TXT record of a domain for its analysis: $ ./checkdmarc –help Check DMARC Checks all effective TLD subdomains of a given brand for a DMARC record and presents the results. Synopsis checkdmarc options… [brand]… [brand] can be a string like ‚gmx‘ or ‚yahoo‘. Temporary files are being left behind in the current working directory for debug reasons. Options -c, –cleanup      Cleanup temporary files. –dmarc      Check the DMARC policies for … Weiterlesen

Wahlempfehlung zur Europawahl

Heute in einer Woche kennen wir bereits die ersten Prognosen und Hochrechnungen. Da wird es Zeit für eine Wahlempfehlung. Schließlich bin ich ja als nicht ganz unpolitischer Mensch bekannt. 😉 Die großen Parteien Wer mich kennt weiß schon, was ich hier zu Linke, SPD, Grüne, FDP, CDU und CSU schreiben werde: Alle diese Parteien haben sich schon mit diversen lächerlichen Ausreden (Klassiker: »parlamentarische Zwänge«) oder sogar als treibende Kraft an Verschärfungen von Überwachungsgesetzen beteiligt. Ich bin fest davon überzeugt, dass wir genau den umgekehrten Weg nehmen müssen: Es braucht mehr Freiheit auf dieser Welt. Somit fallen diese Parteien alle durch’s … Weiterlesen

TLS 1.3 without RSA key transport?

Sometimes I really wish IT media would report more in detail. Everybody was ranting about the Heartbleed TLS vulnerability, but none I know of followed the discussion long enough to see the TLS 1.3 IETF working draft appear. OK, so far it is basically just a copy of RFC 5246 aka »The Transport Layer Security (TLS) Protocol Version 1.2« but this would nevertheless make a good headline in my humble opinion. And while others are trying to fix current TLS implementations (which is also a very good result from the Heartbleed debates) the IETF working group discusses interesting proposals: supporting … Weiterlesen

Determining SSL/TLS capabilities of a mail server

Especially in Germany where the so called »NSA-leaks« by Edward Snowden caught a lot of public attention encryption is becoming more and more popular. Or at least everybody seems to talk about it. And everybody seems to know someone who knows someone who might have encrypted something … well, you get the picture. In any way the largest ESPs in Germany (Disclaimer: Although I might be associated with one of those I am not in any way an official representative, so all the opinions stated here are my very own and not those of a specific company) have decided to … Weiterlesen

DMARC p=reject: AOL follows in the footsteps of Yahoo!

Just a few days after Yahoo! AOL also announced to enforce a stronger DMARC policy. The CheckDMARC result was a bit surprising for me: $ ./checkdmarc aol This script is going to make several thousand DNS request. Proceed at your own risk, iff you know what you are doing. Type ‚yes‘ to proceed, anything else to abort. yes Running 6567 queries, this may take a while … SERVFAIL: 67 connection timed out; no servers could be reached: 19 has no TXT record: 68 NXDOMAIN: 6322 is an alias for: 93 p=none: 0 p=quarantine: 0 p=reject: 1 p=none details: p=quarantine details: … Weiterlesen