ZW3B :-:
infos
usr



Prevent spoofing and phishing with DMARC (Domain-based Message Authentication, Report...




Site user blocks : Account info / user rights / summary

Prevent spoofing and phishing with DMARC

DMARC is a technical specification created by a group of organizations that want to help reduce the misuse of emails, such as spam, phishing, by providing a solution for deploying and monitoring problems related to their authentication.

This technology has been standardized by the Internet Engineering Task Force (IETF) in the RFC 7489.

DMARC standardizes how recipients (in the sense of recipient MTAs) perform email authentication using the Sender Policy Framework and DomainKeys Identified Mail mechanisms. This means that the sender (in the sense of a sending MTA) will receive the results of the authentication of its messages by any recipient that implements DMARC.

Domain-based Message Authentication, Reporting, and Conformance

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a standard email authentication method. DMARC allows email administrators to prevent hackers from impersonating their organization and domain. Spoofing is a type of attack in which the address in the From field of an email is spoofed. A spoofing message appears to come from the spoofed organization or domain.

DMARC also lets you request reports from mail servers that receive mail from your organization or domain. These reports contain information to help you identify possible authentication issues and malicious activity related to messages sent from your domain.

DMARC prevents spoofing and phishing

Spammers can spoof your domain or organization to send fraudulent messages that impersonate your organization. DMARC tells mail servers what action to take when they receive a message that appears to come from your organization, but does not pass authentication checks or does not meet the authentication criteria of your DMARC rule record. Messages that aren't authenticated can impersonate your organization or be sent from unauthorized servers.

DMARC is always used with the following two authentication methods or controls:

  • The Sender Policy Framework (SPF) protocol allows the domain owner to authorize IP addresses to send email for the domain. Receiving servers can verify that messages from a specific domain are sent from servers authorized by the domain owner.
  • DKIM (Domain Keys Identified Mail) adds a digital signature to every message sent. Receiving servers use this signature to verify that messages are authentic and have not been tampered with or altered during sending.
Information DMARC:

Compliance DMARC : SPF + DKIM which allows us to know who (which domain, which IP address) is usurping our identity (our domain name) and validate our messages/domains/IP address.
DMARC Reports files Analyser

HTML (PHP) table for viewing compliance reports DMARC. Analyze the DMARC reports sent by the mail servers receiving your couriers.

SH script to unzip/store ZIP/GZ DMARC files
Retrieve the analyzes of our DMARC reports from your servers.

API JSON RESTful to analyze mail servers spoofing our mail domain names.

Use the API "ZW3B Api Client" :
Information for using our API "ZW3B Api Client".

DMARC Reports +

Emails Reports - Conformance DMARC DKIM SPF
  • Mail server : mail.zw3b.net
    • SPF authorized : 158.69.126.137 2607:5300:60:9389:17:4:0:1

Destination ReportsSender DomainDMARConformanceSPFDKIM

aol.com

w1a.zw3b.net

 Auth.Align.Poli.Auth.Align.Poli.
Report IDDateIp AddressEmail VolumePassFailRatePassFailPassFailPassPassFailPassFailPass
1670(...)79242022-12-04 00:59:59158.69.126.1371310100%1010110101
1669(...)17012022-12-02 00:59:59158.69.126.1372710100%1010110101
1669(...)82712022-12-01 00:59:59158.69.126.1373510100%1010110101
1670(...)26782022-12-03 00:59:59158.69.126.1371710100%1010110101
Recipient mail server statistics aol.com for the domain w1a.zw3b.net
  • Past emails : 92
  • Error emails : 0
  • Total emails sent : 92
Destination ReportsSender DomainDMARConformanceSPFDKIM

google.com

w1a.zw3b.net

 Auth.Align.Poli.Auth.Align.Poli.
Report IDDateIp AddressEmail VolumePassFailRatePassFailPassFailPassPassFailPassFailPass
1215(...)40202022-12-05 00:59:59158.69.126.1378610100%1010110101
1215(...)40202022-12-05 00:59:5981.88.62.16910150%0101010101
1215(...)40202022-12-05 00:59:5980.12.242.1510150%1001010101
1215(...)40202022-12-05 00:59:59188.130.25.15010150%0101010101
1215(...)40202022-12-05 00:59:592607:5300:60:9389:17:4:0:112410100%1010110101
1731(...)61112022-12-03 00:59:5982.165.159.1410150%1001010101
1731(...)61112022-12-03 00:59:59212.227.126.13010150%1001010101
1731(...)61112022-12-03 00:59:592607:5300:60:9389:17:4:0:15310100%1010110101
1731(...)61112022-12-03 00:59:59158.69.126.1378310100%1010110101
1731(...)61112022-12-03 00:59:5981.88.62.16310150%0101010101
1731(...)61112022-12-03 00:59:59212.227.126.18710150%1001010101
1265(...)72572022-12-04 00:59:59158.69.126.13721610100%1010110101
1265(...)72572022-12-04 00:59:595.39.4.21010%10010nullnullnullnull0
1265(...)72572022-12-04 00:59:5991.216.107.3710150%1001010101
1265(...)72572022-12-04 00:59:59217.70.178.23010150%0101010101
1265(...)72572022-12-04 00:59:59109.234.163.1820150%0101010101
1265(...)72572022-12-04 00:59:592001:4b98:dc4:8::22810150%0101010101
1265(...)72572022-12-04 00:59:5991.194.100.421010%0101001010
1265(...)72572022-12-04 00:59:5991.109.120.2910150%1001010101
1265(...)72572022-12-04 00:59:592607:5300:60:9389:17:4:0:118210100%1010110101
1265(...)72572022-12-04 00:59:5946.105.61.7810150%0101010101
Recipient mail server statistics google.com for the domain w1a.zw3b.net
  • Past emails : 744
  • Error emails : 16
  • Total emails sent : 760
Destination ReportsSender DomainDMARConformanceSPFDKIM

infomaniak.com

w1a.zw3b.net

 Auth.Align.Poli.Auth.Align.Poli.
Report IDDateIp AddressEmail VolumePassFailRatePassFailPassFailPassPassFailPassFailPass
w1a.(...)56012022-12-05 00:00:00158.69.126.137110100%10101nullnullnullnull1
w1a.(...)56012022-12-05 00:00:00158.69.126.137110100%10101nullnullnullnull1
w1a.(...)56012022-12-05 00:00:002607:5300:60:9389:17:4:0:1110100%10101nullnullnullnull1
w1a.(...)56012022-12-05 00:00:002607:5300:60:9389:17:4:0:1110100%10101nullnullnullnull1
Recipient mail server statistics infomaniak.com for the domain w1a.zw3b.net
  • Past emails : 4
  • Error emails : 0
  • Total emails sent : 4
Destination ReportsSender DomainDMARConformanceSPFDKIM

yahoo.co.uk

w1a.zw3b.net

 Auth.Align.Poli.Auth.Align.Poli.
Report IDDateIp AddressEmail VolumePassFailRatePassFailPassFailPassPassFailPassFailPass
1670(...)98392022-12-04 00:59:5951.15.151.2210150%1001010101
1669(...)57212022-12-02 00:59:59158.69.126.137410100%1010110101
1669(...)64752022-12-01 00:59:59158.69.126.137110100%1010110101
1670(...)42962022-12-03 00:59:59158.69.126.137110100%1010110101
Recipient mail server statistics yahoo.co.uk for the domain w1a.zw3b.net
  • Past emails : 6
  • Error emails : 1
  • Total emails sent : 7
Destination ReportsSender DomainDMARConformanceSPFDKIM

yahoo.com

w1a.zw3b.net

 Auth.Align.Poli.Auth.Align.Poli.
Report IDDateIp AddressEmail VolumePassFailRatePassFailPassFailPassPassFailPassFailPass
1670(...)00372022-12-04 00:59:59158.69.126.137410100%1010110101
1669(...)63452022-12-02 00:59:59158.69.126.137310100%1010110101
1669(...)67592022-12-01 00:59:59158.69.126.137510100%1010110101
1670(...)44102022-12-03 00:59:59158.69.126.137410100%1010110101
Recipient mail server statistics yahoo.com for the domain w1a.zw3b.net
  • Past emails : 16
  • Error emails : 0
  • Total emails sent : 16
Destination ReportsSender DomainDMARConformanceSPFDKIM

yahoo.es

w1a.zw3b.net

 Auth.Align.Poli.Auth.Align.Poli.
Report IDDateIp AddressEmail VolumePassFailRatePassFailPassFailPassPassFailPassFailPass
1670(...)47902022-12-03 00:59:59158.69.126.137110100%1010110101
1669(...)67422022-12-02 00:59:59158.69.126.13710150%10101nullnullnullnull0
Recipient mail server statistics yahoo.es for the domain w1a.zw3b.net
  • Past emails : 1
  • Error emails : 1
  • Total emails sent : 2
Destination ReportsSender DomainDMARConformanceSPFDKIM

yahoo.fr

w1a.zw3b.net

 Auth.Align.Poli.Auth.Align.Poli.
Report IDDateIp AddressEmail VolumePassFailRatePassFailPassFailPassPassFailPassFailPass
1670(...)05622022-12-04 00:59:59158.69.126.13720150%10101nullnullnullnull0
1670(...)05622022-12-04 00:59:59158.69.126.13711910100%1010110101
1669(...)69162022-12-02 00:59:59158.69.126.13717010100%1010110101
1669(...)80882022-12-01 00:59:59158.69.126.13713810100%1010110101
1670(...)49022022-12-03 00:59:59158.69.126.13710710100%1010110101
Recipient mail server statistics yahoo.fr for the domain w1a.zw3b.net
  • Past emails : 534
  • Error emails : 2
  • Total emails sent : 536
Destination ReportsSender DomainDMARConformanceSPFDKIM

yahoo.ie

w1a.zw3b.net

 Auth.Align.Poli.Auth.Align.Poli.
Report IDDateIp AddressEmail VolumePassFailRatePassFailPassFailPassPassFailPassFailPass
1670(...)44552022-12-03 00:59:59158.69.126.137110100%1010110101
1669(...)89572022-12-01 00:59:59158.69.126.137210100%1010110101
1669(...)19462022-12-02 00:59:59158.69.126.137110100%1010110101
Recipient mail server statistics yahoo.ie for the domain w1a.zw3b.net
  • Past emails : 4
  • Error emails : 0
  • Total emails sent : 4
Destination ReportsSender DomainDMARConformanceSPFDKIM

yahoo.it

w1a.zw3b.net

 Auth.Align.Poli.Auth.Align.Poli.
Report IDDateIp AddressEmail VolumePassFailRatePassFailPassFailPassPassFailPassFailPass
1670(...)81222022-12-04 00:59:59158.69.126.137110100%1010110101
Recipient mail server statistics yahoo.it for the domain w1a.zw3b.net
  • Past emails : 1
  • Error emails : 0
  • Total emails sent : 1
Global statistics of the month (JSON file)

  • E-mails sent : 1,422
  • E-mails past : 1,402
  • E-mails errors : 3

DMARC statistics on spoofing servers :

  1. Address IP sender : 109.234.163.18 corbeau.smtp.jabatus.fr. (2 emails sent unauthorized)
  2. Address IP sender : 80.12.242.15 smtp-15.smtpout.orange.fr. (1 emails sent unauthorized)
  3. Address IP sender : 188.130.25.150 smtpout10.phpnet.org. (1 emails sent unauthorized)
  4. Address IP sender : 82.165.159.14 mout-xforward.gmx.net. (1 emails sent unauthorized)
  5. Address IP sender : 212.227.126.130 mout.kundenserver.de. (1 emails sent unauthorized)
  6. Address IP sender : 81.88.62.163 forwardlnxsmtp38.register.it. (1 emails sent unauthorized)
  7. Address IP sender : 212.227.126.187 mout.kundenserver.de. (1 emails sent unauthorized)
  8. Address IP sender : 81.88.62.169 forwardlnxsmtp44.register.it. (1 emails sent unauthorized)
  9. Address IP sender : 5.39.4.2 mail.espci.org. (1 emails sent unauthorized)
  10. Address IP sender : 217.70.178.230 relay10.mail.gandi.net. (1 emails sent unauthorized)
  11. Address IP sender : 2001:4b98:dc4:8::228 relay8-d.mail.gandi.net. (1 emails sent unauthorized)
  12. Address IP sender : 91.194.100.42 mail3.novius.net. (1 emails sent unauthorized)
  13. Address IP sender : 91.109.120.29 smtp2.netanswer.fr. (1 emails sent unauthorized)
  14. Address IP sender : 46.105.61.78 7.mo553.mail-out.ovh.net. (1 emails sent unauthorized)
  15. Address IP sender : 91.216.107.37 mail20.lwspanel.com. (1 emails sent unauthorized)
  16. Address IP sender : 51.15.151.22 19.znix-out.gorgu.net. (1 emails sent unauthorized)

  • Mail sender servers unauthorized : 16
  • E-mails unauthorized : 17

And above all, could a competent authority verify the IP addresses of usurpers ? Should I add "and sanction them" or am I to do it ? Thank you !

Supports DMARC:





Welcome !

Author of the section

ZW3B

ZW3B

  • Firstname : The Web
  • Lastname : : Master
  • Arrived on tuesday 09 august 2011 (2011/08/09 00:00)
    11 years activity !