top | item 12282595

(no title)

hstrauss | 9 years ago

And setup reporting and forensic reporting. I have a domain that seems to be the default for a botnet, so my daily reports from GMail and Yahoo! always include at least a few IP addresses attempting to submit as admin@[domain].

The reporting sets my mind at ease that those big guys are blocking it and that the (low) legitimate volume of mail to those guys is reasonable.

It's also interesting to note that with DNSSEC, DKIM, SPF and DMARC, the pattern seems to be that some large Chinese mail providers drop DNS responses to try to overcome the "-all" token in the SPF record and "p=reject" token in DMARC. At least the reports show that the authentication (by SPF/DKIM) failed, so that makes me sleep a little better.

Par for the course, I guess. :P

*edit: grammar

discuss

No comments yet.