> On 25.03.2023 at 22:26 Heiko Schlittermann via mailop wrote: > > hg user via mailop <mailop@mailop.org> (Sa 25 Mär 2023 18:39:06 CET): >> A. extortion messages like "I recorded you doing bad things, pay me". Tons >> deleted, but some in the inboxes. >> >> B. phishing, some generic, some specific for our web mail interface. The >> latter, sometimes, carry our logo in the fake page... > > A good share of such messages use the reciepint's domain as sender. > Proper protection here can help. > > Another share uses generally trusted domains. If you're lucky, these > trusted domains publish DMARC records.
Hmm, I don’t see many of those anymore. They are easy to block anyway. > Ok, and the last share uses non-DMARC domains OR From: heaaders like > > From: "your-b...@example.com" <hac...@example.net> > > with stupid mailclients only showing the display part of the address. In the last couple of years, most phishing emails I came across don’t even try anymore to forge the From-header address, likely due to the increased adoption of DMARC. They are sent from compromised servers or mailboxes and use whatever sender address those systems have, eg „Your boss“ <randomdomain@younever.heardof> or „My Bank <serv...@mybank.tld>“ <some....@hotmail.com>. Unfortunately as you mentioned some popular email clients don’t show the email addresses or try to make smart guesses to „map“ the sender address of the phishing email to the real account. > Yes. We have the bsi.de (governmental agency for security and data > protection). > > $ dig _dmarc.bsi.de txt > ; <<>> DiG 9.16.37-Debian <<>> txt _dmarc.bsi.de > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16687 > ******** > > They have SPF, but no DKIM (NXDOMAIN for the _domainkey.bsi.de) > > Or did I miss something? The DKIM keys would be at <selector>._domainkey.bsi.de — BR Oliver ________________________________ dmTECH GmbH Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe Telefon 0721 5592-2500 Telefax 0721 5592-2777 dmt...@dm.de<mailto:dmt...@dm.de> * www.dmTECH.de<http://www.dmtech.de> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927 Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher ________________________________ Datenschutzrechtliche Informationen Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer Datenschutzbeauftragten finden Sie hier<https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832>. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
