<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<tt>A bi</tt><tt>t</tt><tt> of history to start off.</tt><tt><br>
</tt><tt><br>
</tt><tt>Years ago we started putting spf records in our domains and
email clients domains and that is mostly where things stuck</tt><tt>.</tt><tt><br>
</tt><tt>For the most part is was of little help but generally
putting a </tt><tt>correctly</tt><tt> configured SPF statement
did not hurt.</tt><tt><br>
</tt><tt><br>
</tt><tt>I </tt><tt>recently</tt><tt> discovered DMARC and decided
to implement it on my own domain as an experiment.</tt><tt><br>
</tt><tt>After running for a while and looking at the information
that came back from the other dmarcians I no</tt><tt>ticed some
interesting trends.</tt><tt><br>
</tt><tt><br>
</tt><tt>1) </tt><tt>S</tt><tt>ome days there are lots of spam
messages sent to google as someone on my domain (likely me).</tt><tt><br>
</tt><tt>2</tt><tt>) There are not a whole lot of people who are
honouring dmarc and sending status messages.</tt><tt><br>
</tt><tt>3) Something in my network is sendin</tt><tt>g mail to
CheatCodes.com</tt><tt><br>
</tt><tt>Here is a snippe</tt><tt>t from my dmarc log.</tt><tt><br>
</tt><tt><br>
</tt>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<tt> </tt>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<tt> </tt>
<table border="0" cellspacing="0">
<colgroup width="258"></colgroup><tt> </tt><colgroup width="118"></colgroup><tt>
</tt><colgroup width="85"></colgroup> <tbody>
<tr>
<td height="17" align="left"><tt>Wed, 06 Jul 2016 14:47:25
-0400</tt></td>
<td align="left"><tt>CheatCodes.com</tt></td>
<td sdval="12" sdnum="1033;" align="right"><tt>12</tt></td>
</tr>
<tr>
<td height="17" align="left"><tt>Thu, 07 Jul 2016 19:59:59
-0400</tt></td>
<td align="left"><tt>google.com</tt></td>
<td sdval="2" sdnum="1033;" align="right"><tt>2</tt></td>
</tr>
<tr>
<td height="17" align="left"><tt>Thu, 07 Jul 2016 19:59:59
-0400</tt></td>
<td align="left"><tt>Yahoo! Inc.</tt></td>
<td sdval="2" sdnum="1033;" align="right"><tt>2</tt></td>
</tr>
<tr>
<td height="17" align="left"><tt>Fri, 08 Jul 2016 11:29:47
-0400</tt></td>
<td align="left"><tt>CheatCodes.com</tt></td>
<td sdval="10" sdnum="1033;" align="right"><tt>10</tt></td>
</tr>
<tr>
<td height="17" align="left"><tt>Sun, 10 Jul 2016 17:19:04
-0400</tt></td>
<td align="left"><tt>CheatCodes.com</tt></td>
<td sdval="3" sdnum="1033;" align="right"><tt>3</tt></td>
</tr>
<tr>
<td height="17" align="left"><tt>Mon, 11 Jul 2016 19:59:59
-0400</tt></td>
<td align="left"><tt>google.com</tt></td>
<td sdval="2" sdnum="1033;" align="right"><tt>2</tt></td>
</tr>
<tr>
<td height="17" align="left"><tt>Mon, 11 Jul 2016 14:45:57
-0400</tt></td>
<td align="left"><tt>CheatCodes.com</tt></td>
<td sdval="12" sdnum="1033;" align="right"><tt>12</tt></td>
</tr>
<tr>
<td height="17" align="left"><tt>Tue, 12 Jul 2016 12:00:00
-0400</tt></td>
<td align="left"><tt>Microsoft Corp.</tt></td>
<td sdval="1" sdnum="1033;" align="right"><tt>1</tt></td>
</tr>
<tr>
<td height="17" align="left"><tt>Tue, 12 Jul 2016 19:59:59
-0400</tt></td>
<td align="left"><tt>google.com</tt></td>
<td sdval="591" sdnum="1033;" align="right"><tt>591</tt></td>
</tr>
<tr>
<td height="17" align="left"><tt>Tue, 12 Jul 2016 19:59:59
-0400</tt></td>
<td align="left"><tt>Yahoo! Inc.</tt></td>
<td sdval="8" sdnum="1033;" align="right"><tt>8</tt></td>
</tr>
<tr>
<td height="17" align="left"><tt>Tue, 12 Jul 2016 15:22:56
-0400</tt></td>
<td align="left"><tt>CheatCodes.com</tt></td>
<td sdval="13" sdnum="1033;" align="right"><tt>13</tt></td>
</tr>
<tr>
<td height="17" align="left"><tt>Wed, 13 Jul 2016 19:59:59
-0400</tt></td>
<td align="left"><tt>google.com</tt></td>
<td sdval="785" sdnum="1033;" align="right"><tt>785</tt></td>
</tr>
<tr>
<td height="17" align="left"><tt>Wed, 13 Jul 2016 14:49:03
-0400</tt></td>
<td align="left"><tt>CheatCodes.com</tt></td>
<td sdval="3" sdnum="1033;" align="right"><tt>3</tt></td>
</tr>
</tbody>
</table>
<tt>
</tt>
<title></title>
<meta name="generator" content="LibreOffice 4.4.7.2 (Linux)">
<style type="text/css">
body,div,table,thead,tbody,tfoot,tr,th,td,p { font-family:"Liberation Sans"; font-size:x-small }
</style><tt><br>
</tt><tt><br>
</tt><tt>So about cheatcodes.com.</tt><tt><br>
All the traffic to cheatcodes is comming from the outside address
of my firewall either home or cottage.<br>
</tt><tt>Since I only email via submission to my external
mail-server there is nothing inside my domain that should be
sending email.</tt><tt><br>
</tt><tt>So I blocked ports 25,2525 and a few other well known ports
for email but still the mail is flowing.</tt><tt><br>
</tt><tt>Then I blocked the cheatcodes MX address class C... Still
flowing.</tt><tt><br>
</tt><tt>I noticed that the IP source of the messages moved with my
changing location.</tt><tt><br>
</tt><tt>There are only 3 connected things that will move between
these locations. My laptop and 2 Android phones.<br>
I guess its time to start more serious tracking of traffic from my
portable devices.<br>
</tt><tt></tt><tt><br>
</tt><tt>So someone is connected and sending messages through
non-regular channels to CheatCodes.com.</tt><tt><br>
</tt><tt>This disturbs me.</tt><tt><br>
</tt><tt>I intend to keep working on this.</tt><tt><br>
</tt><tt>But it makes me ask the question: Who would go so far as to
setup a surreptitious email link and then run it through DMARC?</tt><tt><br>
</tt><tt><br>
</tt><tt>I have to admit that I kind of like DMARC.</tt><tt><br>
</tt><tt>It is letting me get a feel forĀ how much abuse of my
domain is going on and it is way more than I thought.</tt><tt><br>
</tt><tt>Its by no means a spam solution but it can cut down spam
generated in my name.</tt><br>
<br>
<br>
<pre class="moz-signature" cols="72">--
Alvin Starr || voice: (905)513-7688
Netvel Inc. || Cell: (416)806-0133
<a class="moz-txt-link-abbreviated" href="mailto:alvin@netvel.net">alvin@netvel.net</a> ||
</pre>
</body>
</html>