#dmarc

bkoehn@diaspora.koehn.com

Today I produced the following script, that receives as input an email containing a DMARC XML report as an attachment, extracts the attachment, decompresses it, and queries the report to see if there are failures coming from any of the IPs that I use to send mail (ignoring those I don’t use/control), and sends an error message and the decompressed file to a room on my Matrix server for any failures it finds.

#!/bin/bash

TMP=$(mktemp -d)

SOURCE_IPS=$(host mail.koehn.com | grep address | awk '{print "\""$(NF)"\","}' | tr '\n' ' ' | sed 's/, $//')

cd "$TMP" || exit 1

function cleanup {
  rm -rf "$TMP"
}

trap cleanup EXIT

FILES=$(munpack -f 2>/dev/null | awk '{print $1}')

for file in $FILES ; do
    if 7z e -so "$file" | xidel --data - --xquery './/row[source_ip=('"$SOURCE_IPS"') and (policy_evaluated/dkim="fail" or policy_evaluated/spf="fail")]' 2> >(grep -v "Processing: stdin") | grep . ; then
    mc -m "🔴 Received DMARC report containing failures: $file"
    mc -f "$file"
  fi
done

#bash #mpack #xquery #email #dmarc #matrix #chatops

robohack@diasp.org

Damn. Looks like Google is going to enforce DMARC for email sent to Gmail now for even more sites than ever before.

DMARC is a combination of a dodgy message signing scheme (DKIM) combined with an entirely stupid and misguided way of trying to advertise the valid origins for a domain's email (SPF).

This may help cut down spam a wee bit, though I doubt it (most spam I still see is DKIM signed at least any may even be fully DMARC compliant)

However it's also going to bounce a lot of legitimate email in the near term.

Unfortunately they are not considering PGP-signed messages as "authenticated".

#smtp #email #spf #dkim #dmarc #gmail #bigbrother #pgp