Menu
Reply
  • 53
  • 1
  • 0
MacNala2
On our wavelength
249 Views
Message 1 of 14
Flag for a moderator

DMARC Introduction

When was DMARC introduced to virginmedia.com?

0 Kudos
Reply

Helpful Answers
  • 13.64K
  • 719
  • 4.72K
Superuser
Superuser
437 Views
Message 2 of 14
Flag for a moderator
Helpful Answer

Re: DMARC Introduction

For inbound mail it's been running since the end of April.

Ravenstar68

________________________________________


Only use Helpful answer if your problems been solved.


All Replies
  • 13.64K
  • 719
  • 4.72K
Superuser
Superuser
438 Views
Message 2 of 14
Flag for a moderator
Helpful Answer

Re: DMARC Introduction

For inbound mail it's been running since the end of April.

Ravenstar68

________________________________________


Only use Helpful answer if your problems been solved.

  • 53
  • 1
  • 0
MacNala2
On our wavelength
212 Views
Message 3 of 14
Flag for a moderator

Re: DMARC Introduction

Thanks for that.

How was it announced, if at all?

0 Kudos
Reply
  • 13.64K
  • 719
  • 4.72K
Superuser
Superuser
197 Views
Message 4 of 14
Flag for a moderator

Re: DMARC Introduction

I'm not sure it was announced officially on the main forums.  It's something very few email providers have announced with any great fanfare.

________________________________________


Only use Helpful answer if your problems been solved.

0 Kudos
Reply
  • 252
  • 19
  • 114
Wrock
Fibre optic
160 Views
Message 5 of 14
Flag for a moderator

Re: DMARC Introduction

Now if only Virgin Media would address their large number of cases of accounts which have been hijacked and used for chronic spoofing with a DMARC p=reject policy, there would be several hundred fewer people who are having to abandon their decades-old Virgin Media addresses.

There was a good deal of fanfare when Yahoo! and AOL introduced DMARC p=reject in 2014.  Responsible email providers do inform their customers of changes.  AOL put in DMARC p=reject in response to precisely the same hackers/spammers who have wormed their way into hundreds of Virgin Media accounts since August 2015.  AOL took significant action and called in law enforcement within days!  Virgin Media (and TalkTalk) appear to operate on a very different timeline and continue to ignore the issue and its potential security implications after 16 months.

Other email providers announcing DMARC changes:

AOL, http://postmaster-blog.aol.com/2014/04/22/aol-mail-updates-dmarc-policy-to-reject/

Yahoo!, https://help.yahoo.com/kb/SLN24016.html

-Wrock.

 

 

0 Kudos
Reply
  • 13.64K
  • 719
  • 4.72K
Superuser
Superuser
146 Views
Message 6 of 14
Flag for a moderator

Re: DMARC Introduction

Actually if you read the posts you'll see they don't mention inbound DMARC checking at all

They state that they've set their own DMARC policies to reject in order to prevent third parties spoofing their domains.

Virgin Media haven't changed their own DMARC policy - and unless they implement DKIM as well as SPF I certainly would not recommend them setting a policy of reject.  Also note that yahoo's reject policy does not play nice with G-Suite (formerly Google Apps) domains where domains have an Append footer option set to automatically add a footer to outbound mails.  Virgin have rejected mails sent to users on a G-Suite for education address and auto forwarded on to an ntlworld.com address because the footer is appended to the forwarded mail - which breaks DKIM.

Note this will also apply to mails sent from AOL domains - Note in this case this is NOT incorrect blocking by Virgin Media, this is correct blocking because Google is incorrectly modifying a mail that was not originally sent by their servers.

Ravenstar68 

________________________________________


Only use Helpful answer if your problems been solved.

0 Kudos
Reply
  • 53
  • 1
  • 0
MacNala2
On our wavelength
139 Views
Message 7 of 14
Flag for a moderator

Re: DMARC Introduction

Thanks to both for information.

It still does not answer my question. How was the introduction of DMARC on Virginmedia.com addresses announced.

My problem appears to be someone attempting to send me mail purporting to be from someone that I might trust and therefore open with suspected dire results. The email address they are sending them to is my mail forwarding company which correctly sends them to my virginmedia.com address who reject the email and send a rejection notice back to my mail forwarder.

Now this is a good thing in that the rejection notice is also forwarded to me so I get a warning that all is not well. But it is starting to clutter up my mail forwarder's storage and I need to go online to them and clear the storage. It also must be sending more traffic between the mail forwarder and VM than is necessary.

There is a lot to do to clean up the disaster of unsecured email but when they first started they AOL & Yahoo had good intentions but look where they are now.

0 Kudos
Reply
  • 7.36K
  • 830
  • 3.1K
Superuser
Superuser
134 Views
Message 8 of 14
Flag for a moderator

Re: DMARC Introduction

This is rather going round the houses to answer your real question. Why don't you post an anonymised copy of one of the rejection mails in this thread and we'll take a look at it.. It doesn't matter what VM's DMARC policy is or whn it was implemented. What matters is that you have an issue with mail rejection which the experts here ought to be able to solve for you.

-----------------------

Superuser 2017/18
Use Kudos to say thanks
Mark answer as "helpful" only when the problem is solved
Please don't send me private messages unless I ask you to.
I do not work for VM. The advice I give is based on my best understanding of VM policy and practice. You rely on it at your own risk.
0 Kudos
Reply
  • 53
  • 1
  • 0
MacNala2
On our wavelength
115 Views
Message 9 of 14
Flag for a moderator

Re: DMARC Introduction

I would not want to broadcast the contents of the email any wider than is necessary I will however attach the headers information redacted.

<q>

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es)
failed:

XXXX.XXXXXXXX@virginmedia.com: ****my email address****
SMTP error from remote server for GREETING command, host: mx.tb.ukmail.iss.as9143.net (212.54.56.11) reason: 550 mx1.tb.ukmail.iss.as9143.net bizsmtp Connection rejected. Your IP 82.1
65.159.131 is in RBL. Please see http://www.mail-abuse.com/cgi-bin/loo
kup?82.165.159.131

 

--- The header of the original message is following. ---

Return-Path: <bounce-4082988-93433308@lists.office-watch.com>
Received: from lists.office-watch.com ([69.39.77.52]) by mx.mail.com
 (mxgmxus005 [74.208.5.20]) with ESMTP (Nemesis) id 0MEH1y-1cLxjB2yUK-00FWDy  for <XXXX.XXXXXXX@XXXXX.com>; Wed, 21 Dec 2016 23:08:13 +0100
From: Office Watch <wow.robot@woodyswatch.com>
To: XXXX.XXXXXXX@XXXXX.com
Subject: Send docs via WhatsApp, Preview docs on Apple devices
Date: Wed, 21 Dec 2016 17:07:47 -0500
MIME-Version: 1.0
Content-Type: text/html;
 charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
List-Unsubscribe: <mailto:leave-4082988-93433308.68a9bf529e07d8c24a6314324b1ec84e@lists.office-watch.com>
Message-ID: <LYRIS-93433308-4082988-2016.12.21-17.07.54--XXXX.XXXXXXX@XXXXX.com@lists.office-watch.com>
Envelope-To: <XXXX.XXXXXXX@XXXXX.com>
X-GMX-Antispam: 0 (Mail was not recognized as spam); Detail=V3;
X-GMX-Antivirus: 0 (no virus found)

</q>

What followed was what I believe to be malware.

Other emails are from different sources, some of which contained details that are never transmitted via email but could mean that the source system is compromised. I am addressing these with the purported source owners.

0 Kudos
Reply
  • 13.64K
  • 719
  • 4.72K
Superuser
Superuser
127 Views
Message 10 of 14
Flag for a moderator

Re: DMARC Introduction


MacNala2 wrote:

Thanks to both for information.

It still does not answer my question. How was the introduction of DMARC on Virginmedia.com addresses announced.

My problem appears to be someone attempting to send me mail purporting to be from someone that I might trust and therefore open with suspected dire results. The email address they are sending them to is my mail forwarding company which correctly sends them to my virginmedia.com address who reject the email and send a rejection notice back to my mail forwarder.

Now this is a good thing in that the rejection notice is also forwarded to me so I get a warning that all is not well. But it is starting to clutter up my mail forwarder's storage and I need to go online to them and clear the storage. It also must be sending more traffic between the mail forwarder and VM than is necessary.

There is a lot to do to clean up the disaster of unsecured email but when they first started they AOL & Yahoo had good intentions but look where they are now.

I believe I already stated that Virgin did not announce the fact that they turned inbound DMARC checking on officially.  As Superusers we were informed of the DMARC checking in April this year, partly so we could highlight any issues and report back to the forum team.

But here's the thing.

All the DMARC rejections I've seen have been correct.  In fact I'm in the middle of a conversation with Google about how their system is causing DMARC fails by modifying a forwarded mail.

DMARC rejections to date have been caused by one of two things

SPF failures e.g. people sending mail through Virgin's servers from a TalkTalk address.
DKIM failures - usually because the mail has been modified in transit, which DKIM is designed to detect.

Now while it's easy to simply blame Yahoo and AOL for setting a DMARC p=reject policy, or to blame Virgin Media for turning on inbound checkers as well.  The fact is that there's a third player involved in a lot of these failures.  The entity that forwarded the mail.

I will make this clear.  If DMARC fails BECAUSE OF ACTION OR OMISSION by the FORWARDING server - then the blame MUST be placed on the forwarding service.

DMARC, DKIIM and SPF are valuable tools in the fight to protect the integrity of email domains.  BUT they can only work if EVERYONE involved in the email chain plays their part.

To be clear I like to be impartial in my advice.  I have lambasted Virgin in the past when they have incorrectly bounced legitimate mails.  But with DMARC it is the turn of the forwarders to take note.

Ravenstar68

 

________________________________________


Only use Helpful answer if your problems been solved.