Something I run into when at coffee shops, hotels, and so on - they often block most TCP ports and restrict your traffic to HTTP and HTTPS. We can get around that by exposing multiple services over the same port. By the end of this blog post we’ll have HTTPS, SSH, and an IRC bouncer all running on port 443. Software Stack We’ll be using HAProxy to act as our multiplexer....
Email Authentication Crash Course: Wrap-Up
Throughout my previous posts on SPF, DKIM, and DMARC, I gave pieces of advice on what to do and not do. I figured I should write up one final post that lists all of these in a single place. Background bullet points. Email has two “from” addresses. One address is practically invisible; this is the envelope address. The “From” address in the message headers is what people actually see. The envelope and “From” addresses do not need to match....
Email Authentication Crash Course: DMARC
So in my article on SPF, I briefly touched on how SPF only looks at a message’s envelope address, and not at the “From” address you see in the message headers, and that it’s not required for these addresses to match. In my article on DKIM, I mentioned that DKIM alone only handles determining if a signature is valid, but isn’t concerned with the “From” address of the message. How to handle signatures, and whether or not they should match the “From” address is left up to local policy....
Email Authentication Crash Course: DKIM
This will likely be a shorter part of the series, most platforms can get DKIM implemented, unlike SPF, which they get wrong all the time. Still, there’s a few misconceptions I see around DKIM that I’d like to try to clear up, and give a few tips to have a nicer client experience. Background - what is DKIM? DomainKeys Identified Mail, or DKIM, is a method of cryptographically signing email messages using public-key cryptography....
Email Authentication Crash Course: SPF
In my experience: SPF is the most misunderstood part of all email authentication. To put it simply: if you tell customers to include your own SPF record in theirs, you’ve immediately signaled you (probably) don’t understand SPF. The “too long; didn’t read” summary: Man I sure did write a lot more than I intended to! So if you want to send emails using a client’s domain, here’s what to do:...
Email Authentication Crash Course: Introduction
I’m an email administrator. Something that’s been frustrating for me is how often third-party platforms get email authentication wrong. By “platform” I generally mean something that’s probably going to send email, but isn’t an email provider outright. Things like: mailing list software marketing platforms sales platforms ticket and issue tracking systems customer relationship management systems At some point, all of these platforms will want to send an email using the customer’s domain name....