This document discusses email authentication techniques including TLS, SPF, DKIM and DMARC. It provides information on how these protocols work and how to implement them. Key points covered include how SPF validates the envelope sender address by checking the authorized mail servers for a domain in DNS, and how DKIM cryptographically signs specific parts of emails to validate that the content has not been modified in transit. Configuration examples are given for setting up SPF records and generating DKIM keys.
How to Implement DMARC/DKIM/SPF to Stop Email Spoofing/Phishing: The Definiti...Gangcai Lin
This article aims to provide a complete guide to implementing the SPF, DKIM, and DMARC trio for your organization, and suggest the best practices for doing so. It is written in hopes that this will clear up confusion about what steps to take to achieve an effective DMARC deployment to secure business email.
Target audience: brand owners, domain owners, domain administrators, IT administrators, etc. and anyone who wants to prevent attackers from sending malicious emails using their domains.
If you are eager to find out if your domain is SPF/DKIM/DMARC-compliant, send an email from that domain with any subject/content to check@dmarcly.com. You will get a report on SPF/DKIM/DMARC shortly in your inbox.
For more information, go to: https://dmarcly.com
Introduction to DMARC to help domain owners protect their brand and mailbox providers cooperate to protect their users from fraudulent or spoofed email. Presented at SANOG24 2014-08-03. For references to additional resources mentioned during the talk, see https://github.com/kurta/dmarc-info
In this presentation, I am trying to explain why and how email security should be implemented.
> Intro to Email
> Basic steps in emailing
> Intro to Email Security
> Common email threats
> How emailsecurity works
> Security requirements (CIA)
> Secure transmission of email: PGP
> PGP: Operation description (All 5 services)
> Secure transmission of email: S/MIME (With its functions)
This presentation was presented by me in the final year of my M.Sc. in Computer science.
Hope you like this presentation. Thank you!
Electronic mail, most commonly called email or e-mail since around 1993
E-mail is one of the most widely used forms of communication today.
E-mail is faster and cheaper than traditional postal mail, but at least when you seal that envelope and stick a stamp on it, you can have some confidence that only the intended recipient will open it.
With e-mail, however, your message could be intercepted midstream, and you might never realize it. You have to take steps to secure and protect your e-mail messages.
http://phpexecutor.com
How to Implement DMARC/DKIM/SPF to Stop Email Spoofing/Phishing: The Definiti...Gangcai Lin
This article aims to provide a complete guide to implementing the SPF, DKIM, and DMARC trio for your organization, and suggest the best practices for doing so. It is written in hopes that this will clear up confusion about what steps to take to achieve an effective DMARC deployment to secure business email.
Target audience: brand owners, domain owners, domain administrators, IT administrators, etc. and anyone who wants to prevent attackers from sending malicious emails using their domains.
If you are eager to find out if your domain is SPF/DKIM/DMARC-compliant, send an email from that domain with any subject/content to check@dmarcly.com. You will get a report on SPF/DKIM/DMARC shortly in your inbox.
For more information, go to: https://dmarcly.com
Introduction to DMARC to help domain owners protect their brand and mailbox providers cooperate to protect their users from fraudulent or spoofed email. Presented at SANOG24 2014-08-03. For references to additional resources mentioned during the talk, see https://github.com/kurta/dmarc-info
In this presentation, I am trying to explain why and how email security should be implemented.
> Intro to Email
> Basic steps in emailing
> Intro to Email Security
> Common email threats
> How emailsecurity works
> Security requirements (CIA)
> Secure transmission of email: PGP
> PGP: Operation description (All 5 services)
> Secure transmission of email: S/MIME (With its functions)
This presentation was presented by me in the final year of my M.Sc. in Computer science.
Hope you like this presentation. Thank you!
Electronic mail, most commonly called email or e-mail since around 1993
E-mail is one of the most widely used forms of communication today.
E-mail is faster and cheaper than traditional postal mail, but at least when you seal that envelope and stick a stamp on it, you can have some confidence that only the intended recipient will open it.
With e-mail, however, your message could be intercepted midstream, and you might never realize it. You have to take steps to secure and protect your e-mail messages.
http://phpexecutor.com
Cyberoam offers next-generation firewall and UTM firewall that provide stateful and deep packet inspection for network, application and user identity-based security. Cyberoam firewall appliances provide ease of management and high security with flexibility.
DerbyCon 7 - Hacking VDI, Recon and Attack MethodsPatrick Coble
This was a session on September 23, 2017 at DerbyCon 7.
VDI Deployments are in over 90% of all the Fortune 1000 companies and are used in almost all industry verticals, but are they secure? The goal of most VDI deployments is to centrally deliver applications and/or desktops to users internally and externally, but in many cases their basic security recommendations haven’t fully deployed, allowing an attacker to gain access. This talk will review the basic design of the top two solution providers, Citrix and VMware. We will go over these solutions strengths and weaknesses and learn how to quickly identify server roles and pivot. We will also examine all the major attack points and their defensive counters. If you or if you have a client that has a VDI Deployment you don’t want to miss this talk.
Patrick Coble is an independent EUC and Security Consultant working around Nashville, TN. Patrick has worked in IT for 18 years and as a consultant for over 9 years. He is a recognized expert in Virtualization, EUC solutions and Security. He has deployed hundreds of VDI deployments using both Citrix and VMware solutions all over the southeast. Patrick is working to expose and close the gaps in VDI solutions when it comes to security. He helps with Red and Blue teams to gain access and secure VDI deployments.
An Introduction To The DMARC SMTP Validation RequirementsGabriella Davis
Presented at Social Connections 13 in Philadelphia April 2018.
DMARC is a SMTP security standard being increasingly requested by customers to protect against email spoofing. It uses a combination of SPF (Sender Policy Framework) records and DKIM (DomainKeys Identified Mail). Using DMARC you would publicly specify how your outbound mail is sent and the receiving server would verify that the mail it receives matches your requirements. In this session we’ll discuss DMARC deployments and what to do if your mail server (like IBM Domino or SmartCloud) does not yet support DKIM?
How to deliver industry standard browser security to the native Domino HTTP stack, using company-wide wildcard certificates deployed across all platforms.
Unified Threat Management (UTM) or Unified Security Management (USM), is a solution in the network security industry, and since 2004 it has gained currency as a primary network gateway defense solution for organizations.
In theory, UTM is the evolution of the traditional firewall into an all-inclusive security product able to perform multiple security functions within one single appliance: network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data leak prevention and on-appliance reporting.
PS: Pl note that the presentation involves animated slides. For complete understanding and assimilation, download the presentation first.
Thank you.
windows exchange server ppt
windows exchange server 2016
windows exchange server 2016 update
I run a knowledge sharing YouTube channel called (SILICON CHIPS TAMILAN). Please like, share, subscribe, and support me.
YouTube Link : https://www.youtube.com/channel/UCenZp9ho_PP0K5iYrdocvrw
Notes Link Below attached
https://siliconchipstamilan.blogspot.com/2022/12/what-is-outlook-mail.html
Collecting email from the target domain using the harvesterVishal Kumar
The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.
In this installment of the Men & Mice webinar series, Mr. Carsten Strotmann will talk about the role that DNS plays in fighting malware and spam.
The discussion will dig into DNS blacklists, domain reputation, Response Policy Zones and how the new TLDs have changed the game.
Cyberoam offers next-generation firewall and UTM firewall that provide stateful and deep packet inspection for network, application and user identity-based security. Cyberoam firewall appliances provide ease of management and high security with flexibility.
DerbyCon 7 - Hacking VDI, Recon and Attack MethodsPatrick Coble
This was a session on September 23, 2017 at DerbyCon 7.
VDI Deployments are in over 90% of all the Fortune 1000 companies and are used in almost all industry verticals, but are they secure? The goal of most VDI deployments is to centrally deliver applications and/or desktops to users internally and externally, but in many cases their basic security recommendations haven’t fully deployed, allowing an attacker to gain access. This talk will review the basic design of the top two solution providers, Citrix and VMware. We will go over these solutions strengths and weaknesses and learn how to quickly identify server roles and pivot. We will also examine all the major attack points and their defensive counters. If you or if you have a client that has a VDI Deployment you don’t want to miss this talk.
Patrick Coble is an independent EUC and Security Consultant working around Nashville, TN. Patrick has worked in IT for 18 years and as a consultant for over 9 years. He is a recognized expert in Virtualization, EUC solutions and Security. He has deployed hundreds of VDI deployments using both Citrix and VMware solutions all over the southeast. Patrick is working to expose and close the gaps in VDI solutions when it comes to security. He helps with Red and Blue teams to gain access and secure VDI deployments.
An Introduction To The DMARC SMTP Validation RequirementsGabriella Davis
Presented at Social Connections 13 in Philadelphia April 2018.
DMARC is a SMTP security standard being increasingly requested by customers to protect against email spoofing. It uses a combination of SPF (Sender Policy Framework) records and DKIM (DomainKeys Identified Mail). Using DMARC you would publicly specify how your outbound mail is sent and the receiving server would verify that the mail it receives matches your requirements. In this session we’ll discuss DMARC deployments and what to do if your mail server (like IBM Domino or SmartCloud) does not yet support DKIM?
How to deliver industry standard browser security to the native Domino HTTP stack, using company-wide wildcard certificates deployed across all platforms.
Unified Threat Management (UTM) or Unified Security Management (USM), is a solution in the network security industry, and since 2004 it has gained currency as a primary network gateway defense solution for organizations.
In theory, UTM is the evolution of the traditional firewall into an all-inclusive security product able to perform multiple security functions within one single appliance: network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data leak prevention and on-appliance reporting.
PS: Pl note that the presentation involves animated slides. For complete understanding and assimilation, download the presentation first.
Thank you.
windows exchange server ppt
windows exchange server 2016
windows exchange server 2016 update
I run a knowledge sharing YouTube channel called (SILICON CHIPS TAMILAN). Please like, share, subscribe, and support me.
YouTube Link : https://www.youtube.com/channel/UCenZp9ho_PP0K5iYrdocvrw
Notes Link Below attached
https://siliconchipstamilan.blogspot.com/2022/12/what-is-outlook-mail.html
Collecting email from the target domain using the harvesterVishal Kumar
The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.
In this installment of the Men & Mice webinar series, Mr. Carsten Strotmann will talk about the role that DNS plays in fighting malware and spam.
The discussion will dig into DNS blacklists, domain reputation, Response Policy Zones and how the new TLDs have changed the game.
Digital Marketing Course In Delhi | Digital Marketing Profskulveerdmp
Digital marketing profs provide advanced digital marketing training course in Delhi if you want a good career in Digital marketing come and join digital marketing profs for more detail visit our website : http://digitalmarketingprofs.in/
Understand the basic process, best practices and do's and don'ts of email marketing, the importance of mobile-first, top trends, subscriber segmentation, email and blog automation and top email marketing software.
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Serverpanagenda
Aufnahme: http://pan.news/20210420de
Abstract: Server sind das Rückgrat Ihrer IT-Umgebung. Deren Sicherheit ist für jeden IT-Profi von größter Bedeutung. Besonders bei Servern mit Fernzugriff wird dies zu einer heiklen Angelegenheit. Es ist ein schmaler Grat zwischen der komfortablen Nutzung auf der einen Seite und dem Schutz gegen Angreifer auf der anderen Seite.
Zu den Sicherheitsbedenken gehören die mangelnde physische Sicherheit von Geräten, die Verwendung ungesicherter Netzwerke, die ungewollte externe Verfügbarkeit interner Ressourcen und der unbefugte Zugriff aus dem eigenen Unternehmen.
HCL Domino ist eine leistungsfähige und ausgereifte Serverplattform mit einem großen Funktionsumfang. Das macht sie zwar zu einer guten Wahl für viele Anwendungen, bedeutet aber auch, dass es viele potenzielle Möglichkeiten gibt, sich angreifbar zu machen.
In diesem Webinar helfen Ihnen unsere Experten, jeden Aspekt der Absicherung Ihrer Domino-Umgebungen zu betrachten:
• Lernen Sie die Grundlagen der Domino-Server-Sicherheit kennen
• Beheben Sie Probleme mit der Standardkonfiguration und vermeiden Sie häufige Fallstricke
• Sorgen Sie für einen sicheren Zugriff über Notes-Client, HTTP oder SMTP
• Richten Sie eine Datenbank-Zugriffskontrolle für Ihre gesamte Infrastruktur ein
• Schützen Sie Ihre Server vor internen Angriffen
• Vermeiden Sie Schwachstellen, indem Sie Domino-Server und Betriebssystem auf dem neuesten Stand halten
The not so simple mail transport protocol @dpcon 2018Jos Elstgeest
Email is the de-facto standard for communication with your customers or website visitors.
Be it for transactional messaging, marketing, mailing lists, sending out an email from a contact form or just plain sending an email form your favorite client.
In the olden day’s it used to be just the good old SMTP(RFC5321) or Simple Mail Transport Protocol. But today we need to make sure that all the newer acronyms are being used correctly, in order to get our message across, but also to prevent others from hijacking our email system and sending out email on our behalf.
In this talk I will explain the inner workings of SPF (RFC7208), DKIM (RFC6376), and DMARC (RFC7489). Not only how they work together to prevent unwanted email abuse, but also how they can help make sure that your valid email reaches it’s intended audience.
From this talk you will take away a deeper understanding of how modern email systems determine if the message you are sending is indeed a valid email and if it should in fact be delivered to its recipient. You will learn how these services need to be configured and how to debug the email delivery process when an email does not reach it’s intended destination when any of them aren’t correctly configured.
SIP Express Media Server SBC application as powerful SBC and SIP toolboxstefansayer
The SIP Express Media Server, originally a media server to complement SIP based VoIP networks with services such as voicemail, conferencing and IVR services, with the introduction of a B2BUA and especially the SBC module can be useful as call stateful control element in the operator core, for specific applications, or as a full Session Border Controller. In upcoming SEMS 1.6, again a whole lot of useful functionality has been and will be added, among them registration handling, tcp stack and more NAT traversal options, transcoding, multiple interfaces, bandwidth limiting etc. Further, a new extended call control interface which even can be scripted with the super simple DSM state charts language not only supports more complex, PBX type call flows, but also makes SEMS a toolbox useful for most situation where a call stateful element is needed.
In Plain Sight: The Perfect ExfiltrationItzik Kotler
In this session, we will reveal and demonstrate perfect exfiltration via indirect covert channels (i.e. the communicating parties don’t directly exchange network packets).
This is a family of techniques to exfiltrate data (low throughput) from an enterprise in a manner indistinguishable from genuine traffic. Using HTTP and exploiting a byproduct of how some websites choose to cache their pages, we will demonstrate how data can be leaked without raising any suspicion. These techniques are designed to overcome even perfect knowledge and analysis of the enterprise network traffic.
This presentation was given at Python North West. It explains a complete Kamaelia application for greylisting which was written specifically to eliminate my personal spam problem. It walks through the code as well (though that's best looked at with the code side by side!)
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...CODE BLUE
We propose a new exploit technique that brings a whole-new attack surface to bypass SSRF (Server Side Request Forgery) protections. This is a very general attack approach, in which we used in combination with our own fuzzing tool to discover many 0days in built-in libraries of very widely-used programming languages, including Python, PHP, Perl, Ruby, Java, JavaScript, Wget and cURL. The root cause of the problem lies in the inconsistency of URL parsers and URL requesters.
Being a very fundamental problem that exists in built-in libraries, sophisticated web applications such as WordPress (27% of the Web), vBulletin, MyBB and GitHub can also suffer, and 0days have been discovered in them via this technique. This general technique can also adapt to various code contexts and lead to protocol smuggling and SSRF bypassing. Several scenarios will be demonstrated to illustrate how URL parsers can be exploited to bypass SSRF protection and achieve RCE (Remote Code Execution), which is the case in our GitHub Enterprise demo.
Understanding the basics of this technique, the audience won’t be surprised to know that more than 20 vulnerabilities have been found in famous programming languages and web applications aforementioned via this technique.
A presentation by Wes Hardaker from PARSONS given on 28 October 2014 at ION Santiago in Chile.
If you connect to a “secure” server using TLS/SSL (such as a web server, email server or xmpp server), how do you know you are using the correct certificate? With DNSSEC now being deployed, a new protocol has emerged called “DANE” (“DNS-Based Authentication of Named Entities“), which allows you to securely specify exactly which TLS/SSL certificate an application should use to connect to your site. DANE has great potential to make the Internet much more secure by marrying the strong integrity protection of DNSSEC with the confidentiality of SSL/TLS certificates. In this session, Wes will explain how DANE works and how you can use it to secure your websites, email, XMPP, VoIP, and other web services.
This talk shows how to extract (structured) value from the huge amount of (unstructured) information that logs contain using InfluxData technologies.
Particularly the task is achieved using two pieces of code I wrote: the influxdata/go-syslog library and the Telegraf Syslog Input Plugin.
The slides demonstrate how to parse logs and to store consequent time-series data into InfluxDB.
At this point it is possible to visualize them via the new Chronograf's Log Viewer, eliciting new meaningful metrics to plot (eg., number of process OOM killed) processing them via a Kapacitor UDF.
The stack used to achieve this is:
- Telegraf with the syslog input plugin, which uses this blazing fast go-syslog parser
- Chronograf with its new Log Viewer
- InfluxDB
- Kapacitor
Companion source code and repository is at http://bit.ly/logs-2-metrics-influx-code
This is an introductory presentation regarding the issues in designing a campus network infrastructure. Unlike theoretical approaches, this presentation actually was used to describe some of the real configurations performed by Server Administrators and Network Managers. This is for an introductory audience with very little background in computer networks assumed.
Similar to TLS, SPF, DKIM, DMARC, authenticated email (20)
Random Number Generators :
LCG, Fibonacci, LFSR, GFSR, TGFSR, MT, MT19937,WELL
Tutorials on FInite Fields and associated RNG on github at :
https://github.com/rinnocente/Random_Numbers
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Do you want Software for your Business? Visit Deuglo
Deuglo has top Software Developers in India. They are experts in software development and help design and create custom Software solutions.
Deuglo follows seven steps methods for delivering their services to their customers. They called it the Software development life cycle process (SDLC).
Requirement — Collecting the Requirements is the first Phase in the SSLC process.
Feasibility Study — after completing the requirement process they move to the design phase.
Design — in this phase, they start designing the software.
Coding — when designing is completed, the developers start coding for the software.
Testing — in this phase when the coding of the software is done the testing team will start testing.
Installation — after completion of testing, the application opens to the live server and launches!
Maintenance — after completing the software development, customers start using the software.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
In the ever-evolving landscape of technology, enterprise software development is undergoing a significant transformation. Traditional coding methods are being challenged by innovative no-code solutions, which promise to streamline and democratize the software development process.
This shift is particularly impactful for enterprises, which require robust, scalable, and efficient software to manage their operations. In this article, we will explore the various facets of enterprise software development with no-code solutions, examining their benefits, challenges, and the future potential they hold.
AI Genie Review: World’s First Open AI WordPress Website CreatorGoogle
AI Genie Review: World’s First Open AI WordPress Website Creator
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-genie-review
AI Genie Review: Key Features
✅Creates Limitless Real-Time Unique Content, auto-publishing Posts, Pages & Images directly from Chat GPT & Open AI on WordPress in any Niche
✅First & Only Google Bard Approved Software That Publishes 100% Original, SEO Friendly Content using Open AI
✅Publish Automated Posts and Pages using AI Genie directly on Your website
✅50 DFY Websites Included Without Adding Any Images, Content Or Doing Anything Yourself
✅Integrated Chat GPT Bot gives Instant Answers on Your Website to Visitors
✅Just Enter the title, and your Content for Pages and Posts will be ready on your website
✅Automatically insert visually appealing images into posts based on keywords and titles.
✅Choose the temperature of the content and control its randomness.
✅Control the length of the content to be generated.
✅Never Worry About Paying Huge Money Monthly To Top Content Creation Platforms
✅100% Easy-to-Use, Newbie-Friendly Technology
✅30-Days Money-Back Guarantee
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIGenieApp #AIGenieBonus #AIGenieBonuses #AIGenieDemo #AIGenieDownload #AIGenieLegit #AIGenieLiveDemo #AIGenieOTO #AIGeniePreview #AIGenieReview #AIGenieReviewandBonus #AIGenieScamorLegit #AIGenieSoftware #AIGenieUpgrades #AIGenieUpsells #HowDoesAlGenie #HowtoBuyAIGenie #HowtoMakeMoneywithAIGenie #MakeMoneyOnline #MakeMoneywithAIGenie
4. 2012/10/03 Roberto Innocente 4
TLS(Transport Layer Security)
An encryption layer over TCP that all MTAs
should support and when offered they should
start
(STARTTLS mechanism on the std port 25)
●
Disable SSL1 and SSL2 for security problems
that were discovered , and support only
TLSv1.2
5. 2012/10/03 Roberto Innocente 5
Mail Transfer Protocols
Protocol Over
tls
Authenticated Authenticated
Over tls
Name
smtp smtps smtpa smtpsa Simple MTP
esmtp esmtps esmtpa esmtpsa Extended SMTP
lmtp lmtps lmtpa lmtpsa Light MTP
RFC3848 July 2004
Shown in “Received: … with ... ” header lines e.g.
Received: from charon-02.sissa.it (charon-02.sissa.it [147.122.1.105])
by smtp.sissa.it (Postfix) with ESMTP id BEAF9D08065
6. 2012/10/03 Roberto Innocente 6
Check protocol used
in Received: lines
Received: from mail-ob0-f169.google.com (mail-ob0-f169.google.com [209.85.214.169])
by mail.example.org (Postfix) with ESMTPS id 13F636C003 for <inno@example.org>;
Wed, 11 Mar 2012 11:34:18 +0100 (CET)
Received: from mail.example.org (mail.example.org [10.0.1.2]) by mail2.example.org
with ESMTP id C9HImFdPfk4ogziO for <inno@example.org>; Mon, 12 Mar 2012
11:34:23 +0100 (CET)
Received: from webmail.example.org (localhost.localdomain [127.0.0.1])
mail2.example.org (Postfix) with ESMTPA id AD79E54E50 for
<roberto.e.innocente@gmail.com>; Mon, 12 Mar 2012 10:48:47 +0100 (CET)
7. 2012/10/03 Roberto Innocente 7
SPF version 1
Spf = Sender Policy Framework
RFC-4408 April 2006
RFC-2821 layer / protects envelope sender address
The one that appears in the initial smtp exchange
HELO itsme.org
MAIL FROM: <..>
RCPT TO: <..>
DATA
SMTP Envelope
8. 2012/10/03 Roberto Innocente 8
SMTP protocol – RFC-2821
April 2001
dig mx gmail.com
;; QUESTION SECTION:
;gmail.com. IN MX
;; ANSWER SECTION:
gmail.com. 3599 IN MX 5 gmail-smtp-in.l.google.com.
telnet gmail-smtp-in.l.google.com smtp
220 mx.google.com ESMTP de8si19058389wib.80
EHLO sissa.it
250-mx.google.com at your service, [10.0.1.2]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
MAIL FROM: <inno@sissa.it>
250 2.1.0 OK jo3si35141161wjc.166 - gsmtp
RCPT TO: <roberto.innocente@gmail.com>
250 2.1.5 OK jo3si35141161wjc.166 - gsmtp
DATA
354 Go ahead jo3si35141161wjc.166 - gsmtp
From: inno@example.org
To: roberto.innocente@gmail.com
Subject: check
Checking address
2 times
.
Envelope Header Body
10. 2012/10/03 Roberto Innocente 10
Identities in email
Envelope identities :
●
Helo/ehlo identity in envelope
●
Mail from: identity in envelope
●
Rcpt to: identity in envelope
Headers identities :
●
From: identity in header
●
To: identity in header
11. 2012/10/03 Roberto Innocente 11
Mail RFCs
●
RFC2821 April 2001
Simple Mail Transfer Protocol (SMTP) –
obsoletes RFC821 (Draft std RFC5321)
●
RFC2822 April 2001
Internet Message Format (IMF) –
obsoletes RFC822 (Draft std RFC5322)
12. 2012/10/03 Roberto Innocente 12
Sender addresses
●
Envelope sender – RFC2821
In HELO and MAIL FROM: smtp lines, usually
stored in Return-Path: header, used to send
back errors, usually not displayed by MUA (mail
user agents)
●
Header sender – RFC2822
In the From: or Sender: mail headers ,
displayed by MUA, usually not cared by MTA
13. 2012/10/03 Roberto Innocente 13
What does SPF ?
A kind of reverse MX ...
Allows the owner of a domain to specify which mail
servers are allowed to send mail on behalf of the domain.
The domain owner publish a record in DNS specifying
which mail servers are authorized to send mail for his
domain.
When a mail server receives a message claiming to be
from that domain, it looks up the spf record for that domain
and it checks if it came trough one of the allowed mail
servers.
14. 2012/10/03 Roberto Innocente 14
Proposed SPF for SISSA
sissa.it. 300 IN TXT “v=spf1 redirect=_spf.sissa.it”
_spf.sissa.it. 300 IN TXT “v=spf1 include=_netblock.sissa.it
include=_netblock1.sissa.it”
_netblock.sissa.it. 300 IN TXT “v=spf1 ...
_netblock1.sissa.it 300 IN TXT “v=spf1 ...
15. 2012/10/03 Roberto Innocente 15
SPF results
●
none = no record published for SPF
●
neutral = sender domain does’nt want to state (?)
●
pass = client is allowed to inject mail for the
domain(+)
●
fail = client is explicitly forbidden to inject mail for
the domain(-)
●
softfail = between pass and fail(~), often the
receiver quarantines
16. 2012/10/03 Roberto Innocente 16
SPF check headers
Received-SPF: pass (google.com: domain of inno@sissa.it designates 147.122.1.105 as permitted sender) client-
ip=147.122.1.105;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of inno@sissa.it designates 147.122.1.105 as permitted
sender) smtp.mail=inno@sissa.it
Received-SPF: pass (domain of gmail.com designates 209.85.214.176 as permitted sender)
Authentication-Results: mta1071.mail.ir2.yahoo.com from=gmail.com; domainkeys=neutral (no sig); from=gmail.com;
dkim=pass (ok)
Received-SPF: none (google.com: roberto.innocente@yahoo.it does not designate permitted sender hosts) client-
ip=98.138.121.67;
Authentication-Results: mx.google.com; spf=none (google.com: roberto.innocente@yahoo.it does not designate permitted
sender hosts) smtp.mail=roberto.innocente@yahoo.it;
Received-SPF: pass (domain of hotmail.com designates 157.55.1.161 as permitted sender)
17. 2012/10/03 Roberto Innocente 17
SPF algorithm
●
Lookup envelope domain spf record :
●
dig txt sissa.it
– sissa.it TXT “v=spf1 ip4:147.122.1/24 ip6:..... ~mx -all”
●
For each mechanism listed look if it matches:
●
Is the client in ip4:147.122.1/24 ? Then pass (the default
is pass) and exit.
●
Is the client in ip6:..... ? Then pass and exit.
●
Is the client in one mx record ? Then softfail and exit.
●
All is matched by everyhting : reject it and exit.
18. 2012/10/03 Roberto Innocente 18
SPF (example record)
$ dig txt unipd.it
unipd.it. 259200 IN TXT "v=spf1 ip4:147.162.10.68
ip4:147.162.10.81 ip4:147.162.10.82 ip4:147.162.10.83 a:mail.unipd.it
?all"
●
Is it ip4:147.162.10.68? pass
●
Is it ip4:147.162.10.81? pass
●
Is it ip4:147.162.10.82 ? Pass
●
Is it ip4:147.162.10.83 ? Pass
●
Is it in address of mail.unipd.it. IN A 147.162.10.68 ? pass
●
Then it is in all : Neutral Terribly wrong !
19. 2012/10/03 Roberto Innocente 19
SPF versus Sender/ID
●
Sender-ID (RFC-4406) Is Microsoft version
of spf
●
It validates the header sender address
●
Very few use it now
●
Problem is that Microsoft is using now spfv1
syntax and dont want to fix !!
●
And so it violates the spf specification !!!!
20. 2012/10/03 Roberto Innocente 20
DKIM
●
Domainkeys was first introduced by yahoo
in a private agreement with paypal and
ebay, then since 2007 a draft RFC
●
DKIM took the main concepts from the
yahoo proposal, incorporated some cisco
ideas and appeared as an RFC in the same
year, last version is RFC6376 Sep 2011
21. 2012/10/03 Roberto Innocente 21
DKIM key rotation
best practice/1
●
It's quite clear why keys should be rotated : to avoid
that they are :
- compromised by cracking them
- stolen
●
DKIM allows a receiver to verify that the signed
parts of a message has not been modified in transit
22. 2012/10/03 Roberto Innocente 22
DKIM key rotation
best practice/2
●
In 2012 a mathematician published on Wired
that it took him 72 hours and 70 $ of Amazon
WS to crack a 512 bits DKIM key
●
768 bit keys can be cracked by a nation effort
for instance
●
1024 bits is the current recommended length
●
2048 is now considered immune from possible
cracks from today computing environment
23. 2012/10/03 Roberto Innocente 23
DKIM key rotation
best practice/3
Generate 2 pairs
of DKIM keys
public keys
1 and 2
in DNS
Sign emails
with private key 1
Generate key pair
3
public key 3
in DNS
Sign emails with
private key 2
Generate key pair
n
public key n
in DNS
Sign emails with
private key (n-1)
Start here
After 3 months
3 months later
n=n+1
n=4
Retire
public key (n-3)
24. 2012/10/03 Roberto Innocente 24
DKIM keys generation
●
It's possible simply to use openssl to generate the keys
●
But opendkim makes it simpler :
$ opendkim-genkey --append-domain --selector=20120316 --domain=sissa.it --bits=1024 --verbose
opendkim-genkey: generating private key
opendkim-genkey: private key written to 20120316.private
opendkim-genkey: extracting public key
opendkim-genkey: DNS TXT record written to 20120316.txt
$ cat 20120316.txt
20120316._domainkey.sissa.it. IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHy9jQ+5ZIN0p3KEw9NQ6PQOnMTXLZGQxwtfVWjQlJO/BYjIktlrYx2ZbwnN3kl2Ely
5cPdMWr5mhlM7UwyP74NDHV4DjigE7KIJ0sF2F4rJIMgVPQQu/Vz078zsZFldaci6WgHeByJtdDEM0L7iSeQhGd5hHbmHM5Oyv2YcT9cwIDAQ
AB" ) ; ----- DKIM key 20120316 for sissa.it
$ cat 20120316.private
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDHy9jQ+5ZIN0p3KEw9NQ6PQOnMTXLZGQxwtfVWjQlJO/BYjIkt-----END RSA PRIVATE KEY-----
lrYx2ZbwnN3kl2Ely5cPdMWr5mhlM7UwyP74NDHV4DjigE7KIJ0sF2F4rJIMgVPQ
….
25. 2012/10/03 Roberto Innocente 25
DKIM testing keys
●
Add public key TXT record to DNS, then
opendkim-testkey -d example.org -s 20121001 -k
2012101.private
Will test that the 2 are a correct pair of keys.
26. 2012/10/03 Roberto Innocente 26
DKIM configuration
●
Set signature expiration ?
●
Which canonicalization ?
●
relaxed = tolerates minor changes like space
changes and so on
●
simple = strict
●
Select a rendez-vous socket
27. 2012/10/03 Roberto Innocente 27
DKIM
/etc/opendkim.conf
AlwaysSignHeaders Subject
AutoRestart True
Background True
Canonicalization relaxed/relaxed
Diagnostics Yes
Domain sissa.it
KeyFile /etc/mail/dkim/20130315.pem
InternalHosts /etc/mail/dkim/internal
LogWhy true
Mode sv
Selector 20121001
SignatureAlgorithm rsa-sha1024
Socket I inet:8891@localhost
Syslog Yes
Statistics /var/log/dkim-filter/dkim-statistics
ClockDrift 300
DiagnosticDirectory /var/log/dkim/dkim-diagnostics
DNSTimeout 10
●
This conf is for
signing a single
domain with one key
●
It is supported to sign
multiple domains with
multiple keys
●
Mode sv = signer and
verifier
28. 2012/10/03 Roberto Innocente 28
DKIM postfix conf
Add to /etc/postfix/main.cf :
# DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
If you are using already some milter :
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891,inet:localhost:8893
non_smtpd_milters = inet:localhost:8891,inet:localhost:8893
30. 2012/10/03 Roberto Innocente 30
DMARC
●
DMARC =
●
Domain-based
●
Message
●
Authentication,
●
Reporting and
●
Conformance
=Using DNS TXT records
=SPF + DKIM
=Reports are sent back to
sending mailer
First used between paypal and yahoo in pre-standard form in 2007,
From 2009 offered by ISPs, draft in 2012, rfc in beginning 2013
31. 2012/10/03 Roberto Innocente 31
DMARC
●
Aligned/unaligned mail : DMARC tests
and enforces identifiers alignment
1)Check spf and DKIM
2)DMARC identifiers alignment
3)Acts on unaligned identifiers
Aligned email Unaligned email
Mail
Storage
Internet
Aggregate log
Aggregate reports
Failure reports
32. 2012/10/03 Roberto Innocente 32
DMARC identifier alignment
One of the 2 authenticated originator(SPF/DKIM) identifiers has to match
the (MUA displayed) header ”From:” domain.
We have 2 kind of alignement : strict(=simple) and relaxed.
Simple means the 2 domains should match exactly (except for spaces).
Relaxed :
- relaxed SPF : the organizational domain of the smtp “MAIL FROM:”
should match the header “From:” organizational domain (see later)
- relaxed DKIM : the organizational domain of the “d=” DKIM domain
should matche the organizational domain of the header “From:”
NB. if the SPF check was not passed the SPF is considered of course
unaligned a priori
33. 2012/10/03 Roberto Innocente 33
DMARC organizational domain
A domain under which any can subscribe :
1 atom +TLD(top level domain)
E.g. :
news.google.com → google.com
www.amazon.co.uk → amazon.co.uk
www.regione.campania.it → regione.campania.it
It uses http://www.publicsuffix.org for TLDs
34. 2012/10/03 Roberto Innocente 34
Return-Path: <roberto.e.innocente@gmail.com>
Delivered-To: inno@sissa.it
Received: from charon-02.sissa.it (charon-02.sissa.it [147.122.1.105])
by smtp.sissa.it (Postfix) with ESMTP id BEAF9D08065
for <inno@sissa.it>; Mon, 12 Mar 2012 11:34:23 +0100 (CET)
Received: from hermes-02.sissa.it (hermes-02.sissa.it [147.122.1.102])
by charon-02.sissa.it with ESMTP id C9HImFdPfk4ogziO for <inno@sissa.it>;
Mon, 12 Mar 2012 11:34:23 +0100 (CET)
Received: from mail-ob0-f169.google.com (mail-ob0-f169.google.com
[209.85.214.169])
by hermes-02.sissa.it (Postfix) with ESMTPS id F3F636C003
for <inno@sissa.it>; Mon, 12 Mar 2012 11:34:18 +0100 (CET)
Received: by obcva8 with SMTP id va8so7836910obc.8
for <inno@sissa.it>; Mon, 12 Mar 2012 03:34:17 -0700 (PDT)
DMARC strict alignement
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:date:message-id:subject:from:to:content-type;
bh=1HsA0bCF354+0pj/N8P9EvjDk+8XAXJZBZOa7CLpBZc=;
b=feCQAtWRiaarWlH3KAUivMzje4bRw2RUOuuxaWXO8wj+wEC7nGkanNNq9XaeYxgMvM
3BpuPh8jYO/pS2AIqkIKtNjgV2DhQ6ku8hwp56GYajs4O8twyLgKNwnu1BydHGYjL3zx
EvMYbhZvTItSqndCEt9gFGO2V7vdsQK/7sEVIaTc+cytQCfhUbNQ2U9iuVO5iDHYpBLF
/EqMwfV1ECV0Jh/JdBhB0ZFZAL2q5ObxNiFLQOM47yVsQzIE5lyShDDMlgULsiv86UR5
uOZx6ZZ68iwQttYMoY85w2LwQImuRXiuV6daKaR7XQ110bCNCmHI1Al4OooCrVxUbz9i
6Lyg==
MIME-Version: 1.0DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mim
Received: by 10.202.226.136 with HTTP; Mon, 12 Mar 2012 03:34:17 -0700 (PDT)
Date: Mon, 12 Mar 2012 11:34:17 +0100
Message-ID: <CAPhLB8ZUFcYRshzme4T55Km8cQ3O36m8FxDYK7xKyOXEw3ZfUw@mail.gmail.com>
Subject: check tls
From: Roberto Innocente <roberto.e.innocente@gmail.com>
To: inno@sissa.it
Content-Type: multipart/alternative; boundary=001a11c2e558341654051100cf4a
SPF alignment : (=strict)
mail from: domain gmail.com with from: domain gmail.com
DKIM alignment : (=strict)
DKIM d= domain gmail.com with from: domain gmail.com
35. 2012/10/03 Roberto Innocente 35
Return-Path: <roberto.e.innocente@bounce.gmail.com>
Delivered-To: inno@sissa.it
Received: from charon-02.sissa.it (charon-02.sissa.it [147.122.1.105])
by smtp.sissa.it (Postfix) with ESMTP id BEAF9D08065
for <inno@sissa.it>; Mon, 12 Mar 2012 11:34:23 +0100 (CET)
Received: from hermes-02.sissa.it (hermes-02.sissa.it [147.122.1.102])
by charon-02.sissa.it with ESMTP id C9HImFdPfk4ogziO for <inno@sissa.it>;
Mon, 12 Mar 2012 11:34:23 +0100 (CET)
Received: from mail-ob0-f169.google.com (mail-ob0-f169.google.com
[209.85.214.169])
by hermes-02.sissa.it (Postfix) with ESMTPS id F3F636C003
for <inno@sissa.it>; Mon, 12 Mar 2012 11:34:18 +0100 (CET)
Received: by obcva8 with SMTP id va8so7836910obc.8
for <inno@sissa.it>; Mon, 12 Mar 2012 03:34:17 -0700 (PDT)
DMARC relaxed alignement
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=bounce.gmail.com; s=20120113;
h=mime-version:date:message-id:subject:from:to:content-type;
bh=1HsA0bCF354+0pj/N8P9EvjDk+8XAXJZBZOa7CLpBZc=;
b=feCQAtWRiaarWlH3KAUivMzje4bRw2RUOuuxaWXO8wj+wEC7nGkanNNq9XaeYxgMvM
3BpuPh8jYO/pS2AIqkIKtNjgV2DhQ6ku8hwp56GYajs4O8twyLgKNwnu1BydHGYjL3zx
EvMYbhZvTItSqndCEt9gFGO2V7vdsQK/7sEVIaTc+cytQCfhUbNQ2U9iuVO5iDHYpBLF
/EqMwfV1ECV0Jh/JdBhB0ZFZAL2q5ObxNiFLQOM47yVsQzIE5lyShDDMlgULsiv86UR5
uOZx6ZZ68iwQttYMoY85w2LwQImuRXiuV6daKaR7XQ110bCNCmHI1Al4OooCrVxUbz9i
6Lyg==
MIME-Version: 1.0DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mim
Received: by 10.202.226.136 with HTTP; Mon, 12 Mar 2012 03:34:17 -0700 (PDT)
Date: Mon, 12 Mar 2012 11:34:17 +0100
Message-ID:
<CAPhLB8ZUFcYRshzme4T55Km8cQ3O36m8FxDYK7xKyOXEw3ZfUw@mail.gmail.com>
Subject: check tls
From: Roberto Innocente <roberto.e.innocente@back.gmail.com>
To: inno@sissa.it
Content-Type: multipart/alternative; boundary=001a11c2e558341654051100cf4aSPF alignment : (=relaxed)
mail from: organizational domain gmail.com with from: organizational domain
gmail.com
DKIM alignment : (=relaxed)
DKIM d= organizational domain gmail.com with from: organizational domain gmail.com
36. 2012/10/03 Roberto Innocente 36
DMARC policies
●
Reject (not delivered at all) : p=reject
●
Quarantine (msg not deliverd to inbox) : p=quarantine
●
None (msg disposition is unchanged) : p=none
Percentage of mails not passing dmarc validation that
are let to fall on more permissive policy is specified by :
p=reject ; pct=40; 60% of the emails not passing
dmarc are just
quarantined and not rejected
37. 2012/10/03 Roberto Innocente 37
DMARC attr/val pairs
attribute description use
v= version v=DMARC1
p= policy p=none,p=quarantine,p=reject
adkim= alignment mode for DKIM adkim=s,adkim=r
aspf=
alignment mode for SPF
aspf=s,aspf=r
rua= Report aggregates rua=mailto:dmarc-agg@sissa.it
ruf= Report failures ruf=mailto:dmarc-fail@sissa.it
sp= Policies for subdomains
rf= Reporting format
pct= Percentage of msgs subject to
policy
pct=100,pct=10
38. 2012/10/03 Roberto Innocente 38
DMARC reports
●
There are two kinds :
●
Aggregate reports (usually transmitted daily by
correspondent mailers)
– rua=mailto:dmarc-rua@sissa.it
●
Failure reports transmitted for each failed message
validation
– ruf:mailto:dmarc-ruf@sissa.it
●
ruf can create a lot of traffic and should be enabled only
after having studied the aggregate reports and the
causes of failures
39. 2012/10/03 Roberto Innocente 39
DMARC first record and on
First toe in water :
v=DMARC1; p=none; rua=mailto:dmarc-agg@sissa.it
v=DMARC1; p=quarantine; pct=10;
rua=mailto:dmarc-agg@sissa.it;ruf=mailto:dmarc-fail@sissa.it;
v=DMARC1; p=reject; pct=100;
rua=mailto:dmarc-agg@sissa.it;ruf=mailto:dmarcfail@sissa.it;