Sean Whalen π¨πΌβπ¦Όπ³οΈβππΊπ¦ποΈ · @seanthegeek
262 followers · 339 posts · Server infosec.exchangeIn the short time I've been the #Mastodon #Fediverse so far, I've talked a lot about how #DMARC can help prevent #spoofed #emails from being delivered to their targets, in light of a wave of Mastodon-themed phishing. That made me wonder, "How many Mastodon instances have a DMARC record on their domain? How many of those are set up to properly?" For their own security Users should join servers with an enforced DMARC policy, and instance admins should enforce DMARC on their domains to protect users and attract a security conscious userbase.
I wrote a script that queries instances.social for the 1000 top Mastodon instances based on the number of active users, feeds that list to #checkdmarc to query for, parse, and validate DMARC #DNS records. Here are the results.
https://github.com/seanthegeek/mastodon-dmarc-survey
As of earlier today, 148 instances with a combined 295, 975 active users had an enforced DMARC policy (p=quarantine or p=reject). 113 instances with a combined 168,965 active users have deployed a monitor only policy, 3 instances with a combined 577 active users have an invalid DMARC record, and 113 instances with a combined 486,972 active users don't have any DMARC record.
As I looked through the list of instances, I noticed that infosec.exchange is now the 7th largest Mastodon instance on the public internet, with 18,328 active users (and counting. Thanks @jerry!
#Infosec #InformationSecuriy #phish #phishing #spoofing #adminsofmastodon #OpenSource #OpenSourceSoftware #FLOSS #Python #CLI #API
#mastodon #fediverse #dmarc #Spoofed #emails #checkdmarc #dns #infosec #informationsecuriy #phish #phishing #spoofing #adminsofmastodon #opensource #opensourcesoftware #floss #python #cli #api
Sean Whalen π¨πΌβπ¦Όπ³οΈβππΊπ¦ποΈ · @seanthegeek
256 followers · 326 posts · Server infosec.exchange
Version 4.5.1 of my #SPF and #DMARC record parser/validation tool, #checkdmarc has been released with some small bug fixes:
- Ignore case and whitespace when parsing DMARC and BIMI key=value pairs (Closes #75)
- Handle missing
PTRrecords more gracefully (Closes #64) - reindent DMARC
fotag values now result in a warning instead of a syntax error (Closes #71)
#python #opensource #git #github #cli #api #email #spoofing #phishing #cybersecurity #informationsecurity #infosec
#spf #dmarc #checkdmarc #python #opensource #git #github #cli #api #email #spoofing #phishing #cybersecurity #informationsecurity #infosec
chksome · @chksome
24 followers · 96 posts · Server hachyderm.io
Sean Whalen π¨πΌβπ¦Όπ³οΈβππΊπ¦ποΈ · @seanthegeek
128 followers · 185 posts · Server infosec.exchangeNew versions of my #DMARC tools have just been released.
#checkdmarc 4.5.0 is a CLI and #Python module for validating SPF, DMARC, and BIMI records. It can also test SMTP TLS.
https://github.com/domainaware/checkdmarc/blob/master/CHANGELOG.md
#parsedmarc parses DMARC forensic and aggregate reports and ships the results to Elasticsearch or Splunk, with premade dashboards for Kibana, Graphana, and Splunk.
https://github.com/domainaware/parsedmarc/blob/master/CHANGELOG.md
#dmarc #checkdmarc #python #parsedmarc