Page MenuHomePhabricator
Create Task
Maniphest T211403

Domains of most projects do not have DMARC policy
Open, MediumPublic
Actions

Description

For domains in this list there are no DNS records for SPF and DMARC:

  • mediawiki.org
  • wikibooks.org
  • wikinews.org
  • wikiquote.org
  • wikisource.org
  • wikiversity.org
  • wikivoyage.org
  • wiktionary.org

This creates a potential vulnerability, because anyone can send a letter on behalf of the Wikimedia project. Since, as far as I know, these domains are not used to send messages, the policy can be specified as restrictive as possible (p=reject; sp=reject).

Event Timeline

putnik created this task.Dec 7 2018, 5:15 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 7 2018, 5:15 AM
SerDIDG added a subscriber: SerDIDG.Dec 7 2018, 5:17 AM
MBH added a subscriber: MBH.Dec 7 2018, 5:19 AM
putnik updated the task description. (Show Details)Dec 7 2018, 5:39 AM
Reedy added a project: SRE.Dec 7 2018, 7:00 AM
Dzahn moved this task from Backlog to DMARC on the Mail board.Dec 11 2018, 7:53 PM
herron triaged this task as Medium priority.Jan 4 2019, 4:42 PM
Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 10:50 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL