User's banner
Avatar

Jerry Lerman

Jerry@hear-me.social
Joined
2 posts • 13 comments

Admin/owner of this Boston-area server. A liberal who also follows conservatives who use facts to form opinions & are good people. I hate when people agendize everything. I play around with Linux.

I also own:
Phanpy: https://phanpy.hear-me.social
Peertube: https://my-sunshine.video
Friendica: https://my-place.social
Piefed: https://feddit.online
XMPP: https://between-us.online
Bluesky PDS: https://blue-ocean.social

he/him/his

#StarTrek #ScienceFiction #Linux

Direct message
Filter:
OverviewPostsComments
Sort:
NewOldTopAll
Avatar
Jerry Lerman@hear-me.socialOP
1 point
in cybersecurity@fedia.ioImportant reminder, if you own a domain name and don't use it for sending email.

@Aganim@lemmy.world
I’m not an expert on this (it’s a career), but I know it’s not that simple.

If I get an unforwarded email, I definitely want both DKIM and SPF to pass. I want only email from an authorized server, and I want an email that is not modified and is properly signed. No exceptions. Both must pass.

If I get email from a mailing list that is sending email to me on behalf of a different domain, I want SPF to pass in that I want to know that the mailing list provider’s server is authorized to send email on behalf of the original domain. But, in this case, the original DKIM will fail because the mailing list provider will have changed the email. But, I expect the new DKIM to be correct, or I won’t accept it. So, here, a failure on the original DKIM can be acceptable.

If someone forwards an email to me, the original DKIM will fail. I will accept it. But, I want the SPF of the forwarding server to pass, and the new DKIM for the changed email to pass.

There’s also email redirection and forwards that happen at the server vs. the client and there can be separate rules for this.

The records can get complicated if you truly want to control different scenarios.

But, you don’t always want to accept an email if only 1 check passes.

At least, this is my understading of it all.

permalink
report
parent
reply
Avatar
Jerry Lerman@hear-me.socialOP
2 points
in cybersecurity@fedia.ioImportant reminder, if you own a domain name and don't use it for sending email.

@pteryx@dice.camp I set up my own email server on DigitalOcean and instantly got blacklisted by Spamhaus because it was a new domain, and then by another company because the IP address belonged to DigitalOcean.

Most mail servers also flagged it as spam because the domain was less than 60 days old and because it was a .online TLD. For a long time, some of my emails were immediately bounced back or went to spam folders because of all these reasons.

I also believe that every home IP address is automatically blacklisted, which makes it worse for your roommate.

You can eventually overcome it by letting the domain reputation slowly develop and then doing a direct appeal to the blacklist companies. But, it takes a long time.

It’s amazing any spam gets delivered.

permalink
report
parent
reply
Avatar
Jerry Lerman@hear-me.social
5 points
in fediverse@lemmy.worldfeddit.online will live on as a PieFed instance

@hitstun @rimu @Andromxda
Wow. You’re right. The display is beautiful! I never saw any communities that showed this feature so well!

I’m glad you joined the server! Welcome.

And a GB is but a drop. Don’t worry about resource usage.

permalink
report
parent
reply
Previous pageNext page