Menu
Reply
  • 9
  • 0
  • 1
WilliamB
Tuning in
246 Views
Message 1 of 3
Flag for a moderator

Better handling of DMARC emails

Hi, This is more of a suggestion. Recently I got a email from the TV licensing people, although it wasn't really.

I don't have a TV licence so I knew it was scam, but it did look convincing at first glance. Until I looked at the authentication results in an email browser. DMARC=fail. Yet VM quite happily let this email thru. 

So here's the suggestion. Even if stupid companies haven't implemented a DMARC policy and FYI those TV licensing boffons hadn't when I got the email, highlight in some way the fact that the email is questionable so the less tech savy aren't fleeced just because some company is dragging there heels.

Thank you.

0 Kudos
Reply
  • 17.48K
  • 957
  • 7.15K
Superuser
Superuser
234 Views
Message 2 of 3
Flag for a moderator

Re: Better handling of DMARC emails

Where to begin:

highlight in some way the fact that the email is questionable

To be fair to Virgin Media - they did actually try this several weeks ago, HOWEVER some flaws in the way they did their reporting caused unforseen problems for some users i.e. when they got a DMARC pass but an SPF fail (something that CAN happen) Virgin was inappropriately flagging the mail as failed altogether and also completely blocking access to images within the emails.

The change was rescinded fairly quickly, but while I personally would think that they are working on changing this, they've yet to reinstate this.

For one, like you I agree with doing this BUT the way it was done it was so flawed it could NOT be left in place as it was until fixed.

However the TV Licensing people themselves could actually do something to aid users.

Here's their DMARC record:

_dmarc.tvlicensing.co.uk. 599   IN      TXT     "v=DMARC1;p=none;pct=100;fo=0;ri=86400;rua=mailto:bbcuk_rua@dmeu.easysol.net,mailto:dmarc_rua_tvlicensing@tv-l.co.uk;ruf=mailto:bbcuk_ruf@dmeu.easysol.net,mailto:dmarc_ruf_tvlicensing@tv-l.co.uk"

Note the p=none

This is the policy as to what should be done should a mail fail DMARC checks.  This can take one of 3 forms:
none - do nothing
quarantine - hold mail for further processing (most mail providers take this to mean put the mail in the spam folder.  My view is that this is probably the best option)
reject - reject the mail and end the conversation with the server.

While the latter seems the best idea, the fact that spammers can spoof the sender address means that the bounces can end up going to some innocent party.

However one SHOULD ask the BBC why they don't at least use a quarantine policy.

Tim

________________________________________


Only use Helpful answer if your problems been solved.

0 Kudos
Reply
  • 9
  • 0
  • 1
WilliamB
Tuning in
229 Views
Message 3 of 3
Flag for a moderator

Re: Better handling of DMARC emails

Hi, I've already pointed out to the TV licensing people they need to do more.  I just have no faith they will.

0 Kudos
Reply