Sean Whalen π¨πΌβπ¦Όπ³οΈβππΊπ¦ποΈ · @seanthegeek
262 followers · 339 posts · Server infosec.exchangeIn the short time I've been the #Mastodon #Fediverse so far, I've talked a lot about how #DMARC can help prevent #spoofed #emails from being delivered to their targets, in light of a wave of Mastodon-themed phishing. That made me wonder, "How many Mastodon instances have a DMARC record on their domain? How many of those are set up to properly?" For their own security Users should join servers with an enforced DMARC policy, and instance admins should enforce DMARC on their domains to protect users and attract a security conscious userbase.
I wrote a script that queries instances.social for the 1000 top Mastodon instances based on the number of active users, feeds that list to #checkdmarc to query for, parse, and validate DMARC #DNS records. Here are the results.
https://github.com/seanthegeek/mastodon-dmarc-survey
As of earlier today, 148 instances with a combined 295, 975 active users had an enforced DMARC policy (p=quarantine or p=reject). 113 instances with a combined 168,965 active users have deployed a monitor only policy, 3 instances with a combined 577 active users have an invalid DMARC record, and 113 instances with a combined 486,972 active users don't have any DMARC record.
As I looked through the list of instances, I noticed that infosec.exchange is now the 7th largest Mastodon instance on the public internet, with 18,328 active users (and counting. Thanks @jerry!
#Infosec #InformationSecuriy #phish #phishing #spoofing #adminsofmastodon #OpenSource #OpenSourceSoftware #FLOSS #Python #CLI #API
#mastodon #fediverse #dmarc #Spoofed #emails #checkdmarc #dns #infosec #informationsecuriy #phish #phishing #spoofing #adminsofmastodon #opensource #opensourcesoftware #floss #python #cli #api
J. Lindley π³οΈβπ · @jlindley
17 followers · 249 posts · Server mastodon.worldI think a lot of the #FOSS community sees #GPG and #Checksums as infallible, but that is not the case and they can, with enough effort be #spoofed or tampered with.
#foss #gpg #checksums #Spoofed
Jess · @Jess9lives
10 followers · 18 posts · Server mastodon.worldIβm so tired of the countless #robocalls I get throughout the day. It seems almost pointless to try and block all of the #Spoofed numbers, as they just quickly move on to a different number. I guess my phone will just have to be permanently set to #dnd
Tech News Worldwide · @TechNews
11265 followers · 97981 posts · Server aspiechattr.me
A Matrix Update Will Patch Serious End-to-End Encryption Flaws
https://www.wired.com/story/matrix-patches-vulnerabilities-that-completely-subvert-e2ee-guarantees/
#Security/CyberattacksandHacks #vulnerabilities #cybersecurity #ArsTechnica #encryption #Security #security #hacking #Spoofed
#security #vulnerabilities #cybersecurity #ArsTechnica #encryption #hacking #Spoofed