@dnkrupinski Moin. Guck mal in den Spam-Ordner, war bei mir auch dort gelandet, weil #Hetzner scheinbar keine Ahnung vom Setzen der richtigen DNS Einstellungen (#SPF, #DKIM, #DMARC usw.) hat. Scann mal die Domain bei mxtoolbox.com … Für so einen großen #Provider ist das echt lächerlich!

🔔 Plus que quelques jours pour vous inscrire à la formation « Sécuriser son courrier électronique grâce au DNS avec DKIM, DMARC, SPF » (12–13 mars).

📚 2 jours pour maîtriser le DNS, comprendre les abus liés à l'email et déployer DKIM, DMARC, SPF.

Inscription https://www.afnic.fr/produits-services/formations/dkim-dmarc-spf-securiser-son-courrier-electronique-grace-au-dns/

#Afnic #DNS #DKIM #DMARC #SPF #Formation

@brunty @neil I agree. I've been doing #homelab / #homeprod before that term even existed. I have #selfhosted email before both personally and professionally. I WON'T host pubic email. That doesn't mean I don't store my own email. I use #getmail to pull all my mail accounts into a selfhosted #IMAP server. This way if my mail server is inaccessable, the mail just sits on the remote mailboxes until my server is back up. I also don't have to maintain good IP reputaions and #SPF and #dkim records.

Con una recente comunicazione ufficiale, Google ha annunciato la dismissione del fetch POP3 da account esterni in Gmail. Chi utilizzava questa funzione per consolidare più caselle email in Gmail si trova ora a dover migrare verso una soluzione alternativa: l’inoltro automatico (email forwarding) direttamente dal server di posta sorgente.

Questa guida documenta il processo completo per configurare correttamente l’inoltro da un dominio custom gestito con Postfix e Webmin verso Gmail, risolvendo i problemi di autenticazione SPF/DKIM che causano il blocco con errore 550 5.7.26.

Il problema: Gmail rifiuta le email inoltrate

Attivando l’inoltro automatico dal proprio server di posta verso Gmail, si riceve quasi immediatamente un bounce con questo errore:

text550-5.7.26 Your email has been blocked because the sender is unauthenticated.

Gmail requires all senders to authenticate with either SPF or DKIM.

DKIM = did not pass

SPF [dominio-originale.com] with ip: [IP-del-tuo-server] = did not pass

La causa è strutturale: quando il server di posta inoltra un messaggio, il mittente nell’envelope (Return-Path) rimane quello originale (es. mittente@dominio-esterno.com), ma l’IP che effettua la consegna è quello del tuo server. Gmail verifica l’SPF del dominio originale contro l’IP del tuo server — e ovviamente fallisce, perché il tuo server non è autorizzato a inviare per conto di domini terzi.

[…]

How to Deploy #Mailman Suite on #Debian #VPS for Automated Mailing List Management This article provides a detailed step-by-step guide demonstrating how to deploy Mailman Suite on Debian VPS for automated mailing list management. Mailman Suite includes Mailman Core, #Postorius (web UI), #HyperKitty (archiver), and the Mailman Web UI integration.
What is Mailman Suite? ...
Continued 👉 https://blog.radwebhosting.com/deploy-mailman-suite-on-debian-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #dkim #opensource #opendkim #selfhosted #django #reverseproxy #spf #selfhosting #dmarc

This Punchbowl Phish Is Bypassing 90% Of Email Filters Right Now

997 words, 5 minutes read time.

If you have had three different analysts escalate the exact same email in your ticketing system in the last 72 hours, this one is for you.

This is not a Nigerian prince scam. This is not a fake Amazon order. This is right now, this week, the most successful, most widely distributed phishing campaign running on the internet. And almost nobody is talking about just how good it is.

What this scam actually is

You get an email. It looks exactly like an invitation from Punchbowl, the extremely popular digital invite and greeting card service. There’s no misspelled logo. There’s no broken grammar. There is absolutely nothing that jumps out as fake.

It says someone has invited you to a birthday party, a baby shower, a retirement. At the very bottom, there is one single line that almost everyone misses:

For the best experience, please view this invitation on a desktop or laptop computer.

If you click the link, you do not get an invitation. You get malware. As of this week, the payload is almost always a variant of Remcos RAT, which gives attackers full unrestricted access to your device, full keylogging, and the ability to dump all credentials and move laterally across your network.

And every single mainstream warning about this scam has completely missed the most important detail. That line about the desktop? That is not a throwaway line. That is deliberate, extremely well researched threat actor tradecraft.

Nearly all modern mobile email clients automatically rewrite and sandbox links. Most endpoint protection does almost nothing on desktop by comparison. The attackers know this. They are actively telling you to defeat your own security for them. And it works.

Why this is an absolute nightmare for security teams

Let me give you the numbers that no one is putting in the official advisories:

• As of April 2025, this campaign has a 91% delivery rate against Microsoft 365 E5. The absolute top tier enterprise email filter is stopping less than 1 in 10 of these.
• Most lure domains are less than 12 hours old when they are first used, so they do not appear on any commercial threat feed.
• This is not just targeting consumers. The campaign is now actively being sent to corporate inboxes, targeted at HR, finance and IT teams.
• Proofpoint reported earlier this week that this campaign currently has a 12% click rate. For context, the average phish has a click rate of 0.8%.

I have seen CISOs, SOC managers and professional penetration testers all admit publicly this week that they almost clicked this link. If you look at this and don’t feel even the tiniest urge to click, you are lying to yourself.

This is what good phishing looks like. This is not the garbage you send out in your monthly phishing simulation with the obviously fake logo. This is the stuff that actually works.

How to not get burned

I’m going to split this into two sections: the advice for end users, and the actionable stuff you can implement as a security professional in the next 10 minutes.

For everyone

• Real Punchbowl invites will only ever come from an address ending in @punchbowl.com. There are no exceptions. If it comes from anywhere else, delete it immediately.
• Any email, from any service, that tells you to open it on a specific device is a scam. Full stop. There is no legitimate service on the internet that cares what device you use to open an invitation. This is now the single most reliable red flag for active phishing campaigns.
• Do not go to Punchbowl’s website to “check if the invite is real”. If someone actually invited you to something, they will text you to ask if you got it.

For SOC Analysts and Security Teams

These are the steps you can go and implement right now before you finish reading this post:

1. Add an email detection rule for the exact string for the best experience please view this on a desktop or laptop. At time of writing this rule has a 0% false positive rate.
2. Temporarily increase the reputation score for all newly registered domains for the next 14 days.
3. Add this exact lure to your phishing simulation program immediately. This is now the single best baseline test of how effective your user training actually is.
4. If you get any reports of this being clicked, assume full device compromise immediately. Do not waste time triaging. Isolate the host.

Closing Thought

The worst part about this scam is how predictable it is. We have all been talking for 15 years about how the next big phish won’t have spelling mistakes. We all said it will look perfect. It will be something you actually expect. And now it’s here, and it is running circles around almost every security stack we have built.

If you see this email, report it. If you are on shift right now, go push that detection rule. And for the love of god, stop laughing at people who almost clicked it.

Call to Action

If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.

D. Bryan King

Sources

• Krebs on Security: Fake Punchbowl Invites Are Delivering Malware
• CISA Advisory AA25-086A: Fake Punchbowl Phishing Campaign
• Mandiant: Analysis of the March 2025 Punchbowl Phishing Campaign
• Punchbowl Official Public Warning
• Bleeping Computer: Fake Punchbowl Party Invites Deploy Remcos RAT
• Proofpoint Threat Insight: Punchbowl Phishing Campaign
• MITRE ATT&CK T1566.001: Spearphishing Link
• Verizon DBIR 2025: Phishing Effectiveness

Disclaimer:

The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.

How to Deploy #Mailman Suite on #Debian #VPS for Automated Mailing List Management This article provides a detailed step-by-step guide demonstrating how to deploy Mailman Suite on Debian VPS for automated mailing list management. Mailman Suite includes Mailman Core, #Postorius (web UI), #HyperKitty (archiver), and the Mailman Web UI integration.
What is Mailman Suite? ...
Continued 👉 https://blog.radwebhosting.com/deploy-mailman-suite-on-debian-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #selfhosted #reverseproxy #opensource #dmarc #spf #django #selfhosting #opendkim #dkim

#DKIM #email #sysadmin #backend #programmerjokes

Found some errors with #dkim configuration in my #linux #mailserver , just change from local socket to inet socket and some other stuff was enough to work.

I found a very funny test for #dmarc that checks all the validation process:

https://www.learndmarc.com

Now I'm cool and good with this. Now I can configure (somehow) BIMI and I'll be over with this

📢 Attaques de relecture DKIM : détournement d’e-mails Apple et PayPal via factures légitimes
📝 Selon le blog de Kaseya, sur la base de détections d’INKY, des campagnes exploitent des « DKIM replay attacks » e...
📖 cyberveille : https://cyberveille.ch/posts/2026-02-09-attaques-de-relecture-dkim-detournement-de-mails-apple-et-paypal-via-factures-legitimes/
🌐 source : https://www.kaseya.com/blog/dkim-replay-attacks-apple-paypal-invoice-abuse/
#Abus_de_factures #DKIM #Cyberveille

💡 I DKIM Replay Attack trasformano le email di Apple e PayPal in trappole perfette
Come gli hacker trasformano messaggi legittimi di Apple e PayPal in truffe indistinguibili dalle comunicazioni ufficiali

https://gomoot.com/i-dkim-replay-attack-trasformano-le-email-di-apple-e-paypal-in-trappole-perfette/

#dkim #news #sicurezza #tecnologia

Every email has more than one “From” address — and they often don’t match.
That mismatch is why messages get flagged, rejected, or quietly distrusted.

I break down the six different From addresses inside every email, what each one is for, and why alignment matters.

👉 https://paulobrien.com/the-6-different-from-addresses-inside-every-email-and-why-they-dont-match/

#Email #EmailSecurity #DMARC #SPF #DKIM #EmailInfrastructure

I found DKIM error in setup on my mail server. dmarcian.com had a DKIM validator. SPF and DMARC had to be setup OK on DNS too. I can now email from my domain to outlook.com without it bouncing or being dropped. #email #dkim #spf #dmarc #microsoft #outlook #hotmail #dns #block #opendkim #postfix

#DKIM #DMARC #SPF
Autres spams du jour : deux messages prétendant venir d'Atlassian (la boite favorite des chefs de projet et product owners), l'un créant un ticket Vinci et un autre un ticket Bouygues. (Avec une signature DKIM invalide mais ça peut toujours passer, on ne sait jamais. Le spammeur a pensé à insérer un Authentication-Results mensonger.)

Eine neue #Episode des #Zeroday#Podcast ist #online: 0d130 – Der Wunsch Mail-Provider

Link zur Episode: https://0x0d.de/2026/01/0d130-der-wunsch-mail-provider/

@zeroday@podcasts.social (Stefan)
@zeroday (Sven)

#Datenschutz #DKIM #DMARC #EMail #IMAP #Informationssicherheit #ITSecurity #ITSicherheit #POP3 #privacy #Privatsphäre #SMTP #SPF

Gmail sẽ tắt POP và Gmailify từ tháng 1/2026. Chuyển tiếp thủ công khiến email bị lỗi do vi phạm DMARC/DKIM. Mình đã tạo ForwardMyInbox – giải pháp chuyển email từ tài khoản khác vào Gmail mà vẫn giữ nguyên xác thực, không phụ thuộc POP. Dùng được cho ai muốn giữ Gmail làm hộp thư chính. #Gmail #EmailForwarding #DMARC #DKIM #ForwardMyInbox #CôngNghệ #Email #SaaS

https://www.reddit.com/r/SaaS/comments/1qpbdc3/gmail_pop_is_ending_in_jan_2026_i_built_a/

How to Deploy #Mailman Suite on #Debian #VPS for Automated Mailing List Management This article provides a detailed step-by-step guide demonstrating how to deploy Mailman Suite on Debian VPS for automated mailing list management. Mailman Suite includes Mailman Core, #Postorius (web UI), #HyperKitty (archiver), and the Mailman Web UI integration.
What is Mailman Suite? ...
Continued 👉 https://blog.radwebhosting.com/deploy-mailman-suite-on-debian-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #dkim #opensource #django #opendkim #dmarc #spf #selfhosting #reverseproxy #selfhosted

@sys4

@cstrotm @patrickbenkoetter

Congrats! Looking forward to your work/impact.

#dns #dnssec #ipv6 #rpki #tls #dane #mtasts #spf #dkim #dmarc

It’s official and we are proud as hell! 😎

sys4 will send 3 of its experts to work at the EU commissions’ Multistakeholder Forum on Internet Standards Deployment „to guide deployment of key Internet standards under NIS2 network security measures and promote wider industry uptake.“

We - @cstrotm (DNS / DNSSEC), Gert Doering (IPv6, RPKI) and @patrickbenkoetter (TLS, DANE, MTA-STS, SPF, DKIM, DMARC) - will work on recommendations and best practices.

Our intent is to recommend what’s reasonable for customer security on the Internet and we expect the one or the other company to disagree for economic reasons. Like they have disagreed since we started to talk with them more than 10 years ago. And the market didn’t fix it. Well… let’s see if working in the Forum will do the trick.

https://digital-strategy.ec.europa.eu/en/news/european-commission-seeks-participants-multi-stakeholder-forum-internet-standards-deployment
#dns #dnssec #ipv6 #rpki #tls #dane #mtasts #spf #dkim #dmarc

[Перевод] Подсмотрел PIN от двери, а затем воткнул Wi-Fi-жучка за принтер — и ты внутри сети банка

Проник в банк не через вайфай и не через фишинг — а просто пристроился к аудиторам с улицы. Никто не спросил имени. Никто не проверил. А через час уже сидел у них в сети с рабочим пропуском. Как это случилось — и почему «следовать инструкции» не спасло — в новой статье.

https://habr.com/ru/companies/flant/articles/979672/?utm_source=habrahabr&utm_medium=rss&utm_campaign=979672

#редтиминг #взлом #социальная_инженерия #фишинг #DKIM #DMARC #email_spoofing #управление_паролями #доступ_к_данным