Closed Bug 1285023 Opened 9 years ago Closed 8 years ago

Implement DKIM/DMARC records on @mozilla.com and @mozilla.org

Categories

(Infrastructure & Operations :: Infrastructure: Mail, task)

Product:
Infrastructure & Operations
Component:
Infrastructure: Mail
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: April, Assigned: limed)

References

(Blocks 1 open bug)

Details

Let's implement DMARC records on mozilla.com and mozilla.org, so that people can't send spoofed email purporting to be from us. https://dmarc.org/ It appears that @mozilla.com has DKIM records; mozilla.org would need them to implement DMARC.
mozilla.com doesn't appear to have DKIM enabled: https://toolbox.googleapps.com/apps/checkmx/check?domain=mozilla.com
Configured for mozilla.com
Assignee: infra → limed
For mozilla.org I would have to start signing it on the server side of things which means I would need to start dealing and configuring opendkim which is not something I would want to deal with at this time :/
Nice work, :limed! Should we leave this open for mozilla.org, or shall I close it for now?
(In reply to April King [:April] from comment #4) > Nice work, :limed! Should we leave this open for mozilla.org, or shall I > close it for now? Let me do a little bit of research on this and I'll let you know :)
I think we should just close this for now, and have no action for mozilla.org
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Currently we're not doing anything with DMARC aside from monitoring reports at dmarc@mozilla.com. Are we going to change p=none to start quarantining things?
I'm sorry, the spoof still exist not resolved, please send again with this: https://emkei.cz The problem now maybe with SPF. Mozilla SPF record is v=spf1 include:_spf.mozilla.com include:_spf.google.com ~all It should be v=spf1 mx include:_spf.mozilla.com include:_spf.google.com -all Not ~all but -all. I strongly recommend you to read this article : https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability
:Ara - I believe we're already aware of this for mozilla.org. I'll let :limed chime on this one, as I think he's the one who explained why we have ~all to me at one point.
Flags: needinfo?(limed)
mozilla.org is a mailing list and its realistic for us to use "-all" for a mailing list since I can't control what IP or domain everyone comes from. In general hard failing everyone (-all) is not ideal for a mailing list, there for ~all will have to suffice
Flags: needinfo?(limed)
Blocks: dmarc-everything
Resolution: FIXED → INCOMPLETE
There's no point in hiding this bug if there are articles on the topic and people keep filing dupes on our configuration.
Group: mozilla-employee-confidential
See Also: → 1549111
See Also: → 1217545
You need to log in before you can comment on or make changes to this bug.