Anyone ever get an email in their inbox that looks similar to the one you get from PL when you have a new message on the forum but upon looking in the forum inbox it's not there? The member is an actual member but has no posts and the message doesn't look quite right.

Anyone ever get an email in their inbox that looks similar to the one you get from PL when you have a new message on the forum but upon looking in the forum inbox it's not there? The member is an actual member but has no posts and the message doesn't look quite right.

Nope. Can you post a screen shot?

This type of fraud (spoofing) is growing in both volume and sophistication.

Last year the Federal Government issued Binding Operational Directive 18-01, which mandated that all Fed email has to be protected from spoofing using a protocol called DMARC by October this year.

The Paceline could deploy the DMARC protocol, which would prevent thepaceline.net domain from being spoofed - should be fairly straight forward if there's a single MTA which sends email from that domain.

Nope. Can you post a screen shot?
Yes, please.

This type of fraud (spoofing) is growing in both volume and sophistication.

Last year the Federal Government issued Binding Operational Directive 18-01, which mandated that all Fed email has to be protected from spoofing using a protocol called DMARC by October this year.

The Paceline could deploy the DMARC protocol, which would prevent thepaceline.net domain from being spoofed - should be fairly straight forward if there's a single MTA which sends email from that domain.Thanks for the information. Could you provide any details of what this involves?

Sure.

The problem: identity, in email, is asserted rather than proved.

What does this mean: anyone, with a modest level of technical competence, can send email that says "webmaster@thepaceline.net" in the 5322.From field

https://c1.staticflickr.com/1/900/26359541527_e2ef892f69_b.jpg

In the image above the part in blue is the display name, which is a part of the 5322.From

Laid out continuously the whole address would be "The Paceline Forum <webmaster@thepaceline.net>"

Right now anyone who wants to can send an email that has this from address (the whole thing, display name and header from).

Solution: deploy the DMARC protocol, detailed at dmarc.org

Method: might be easier for us to discuss this on the phone, but in short:

1. Put a DMARC record in dns at the location _dmarc.thepaceline.net with the policy value of "none" (with the correct reporting addresses for 2)
2. Get a reporting tool that makes sense of the data you'll get back
3. Make sure that that the 5321.Mfrom (aka, Return Path) is the same as the 5322.From
4. That your SPF record is 100% accurate
5. Get the MTA's to sign every email with DKIM, using a key that is in the same domain (so thepaceline.net) as the 5322.From
6. Check your working
7. Change the DMARC record policy value to "reject"
8. Watch as all spoofed email is deleted
9. Profit

Here are some screenshots of the email I received:

https://uploads.tapatalk-cdn.com/20180404/c0a022a78449c17423fc3c880ba9385b.jpghttps://uploads.tapatalk-cdn.com/20180404/13fa0466ece92eb785c50d6a4f1bd96b.jpg




Sent from my iPhone using Tapatalk

The screenshot you have provided looks like a legit request from another member using the contact form via email instead of using the pm function. Hence why there are no new message in your pm inbox..

Thats what that option actually looks like. If you cant relate to the actual question "selling wheels" perhaps its just someone that confused you with someone selling wheels.

Dont think its spoof? But regardless follow neils detailed instructions and make paceline even better :banana::banana:

Thanks all!


Sent from my iPhone using Tapatalk