#Tag
Observation: Google is currently the biggest spreader of phishing mails, Cloudflare hides/hosts the phishing sites these mails link to. That's the simple truth on my mailserver since a few weeks. And yes, I manually report every single one of them to no visible avail.
Observation: Google is currently the biggest spreader of phishing mails, Cloudflare hides/hosts the phishing sites these mails link to. That's the simple truth on my mailserver since a few weeks. And yes, I manually report every single one of them to no visible avail.
My mailserver is very German. When your mailserver tries to send a message, it does a reverse lookup on the IP address. If that doesn't deliver a valid hostname, you're out. But we are not done yet. If it gets a valid hostname, it does an A (IPv4) or AAAA (IPv6&) lookup on that hostname. And if it doesn't deliver back the same IP address, you are still out. It is fascinating to observe how often that uncovers that even big names get their DNS wrong. Hello, Spamcop ;)
My mailserver is very German. When your mailserver tries to send a message, it does a reverse lookup on the IP address. If that doesn't deliver a valid hostname, you're out. But we are not done yet. If it gets a valid hostname, it does an A (IPv4) or AAAA (IPv6&) lookup on that hostname. And if it doesn't deliver back the same IP address, you are still out. It is fascinating to observe how often that uncovers that even big names get their DNS wrong. Hello, Spamcop ;)
"And most importantly, the key trick is that you can put anything you want in the App Name field in Google"
Le sigh. That's where they put the email text. In the App Name field. Google can fix this by sanitising input better.
https://easydmarc.com/blog/google-spoofed-via-dkim-replay-attack-a-technical-breakdown/
"And most importantly, the key trick is that you can put anything you want in the App Name field in Google"
Le sigh. That's where they put the email text. In the App Name field. Google can fix this by sanitising input better.
https://easydmarc.com/blog/google-spoofed-via-dkim-replay-attack-a-technical-breakdown/
because running a mail server wasn’t fun enough: the Dovecot 2.3 → 2.4 update has tons of breaking config changes
(h/t to https://willem.com/blog/2025-06-04_breaking-changes/ for the exhaustive breakdown of the changes)
because running a mail server wasn’t fun enough: the Dovecot 2.3 → 2.4 update has tons of breaking config changes
(h/t to https://willem.com/blog/2025-06-04_breaking-changes/ for the exhaustive breakdown of the changes)
