Hacker News: awulf

New comment by awulf in "Spammers are better at SPF, DKIM, and DMARC than everyone else"

awulf — Tue, 25 Mar 2025 17:37:31 +0000

I built a free DMARC/DKIM/SPF checker: https://dmarcchecker.app/. No usage limits, no ads—just a small footer link to one of my other projects. Made it for the exact reason you mentioned.

DNSSEC and Why It Matters for Email Security

awulf — Tue, 04 Feb 2025 16:47:12 +0000

Article URL: https://dmarcchecker.app/articles/dnssec-email-security

Comments URL: https://news.ycombinator.com/item?id=42934884

Points: 2

# Comments: 0

New comment by awulf in "Cracking a 512-bit DKIM key for less than $8 in the cloud"

awulf — Wed, 08 Jan 2025 16:41:16 +0000

An easy way is to check the length of the p= value in the DKIM record. If it's around 216 characters, it's likely a 1024-bit key. A 2048-bit key usually has about 388 characters.

New comment by awulf in "Cracking a 512-bit DKIM key for less than $8 in the cloud"

awulf — Wed, 08 Jan 2025 16:28:30 +0000

The DKIM verification failed with the result "dkim=policy (weak key)," as it should according to RFC 8301: "Verifiers MUST NOT consider signatures using RSA keys of less than 1024 bits as valid signatures."

New comment by awulf in "Cracking a 512-bit DKIM key for less than $8 in the cloud"

awulf — Wed, 08 Jan 2025 16:18:12 +0000

I guess most of these keys are decades old and no longer in use. They're likely just sitting in the DNS because someone forgot to delete them. Now, no one's sure if they're still needed and is afraid to remove them in case it breaks something. Or maybe they're still used by a legacy system, and no one realizes the impact an old DKIM record could have.

New comment by awulf in "Cracking a 512-bit DKIM key for less than $8 in the cloud"

awulf — Wed, 08 Jan 2025 14:06:04 +0000

I published the article today, though it was written a few months ago (when the DKIM record was still online).

New comment by awulf in "Cracking a 512-bit DKIM key for less than $8 in the cloud"

awulf — Wed, 08 Jan 2025 14:02:32 +0000

I agree, but to be precise, it was 1,726 out of 476,617 DKIM keys found across those 1M domains, or about 0.36%. Since it's impossible to determine all DKIM records a domain might have from the outside, I used a list of commonly used selectors (e.g., "default' or 'key1") for the search. It's likely there are additional short keys under selectors I didn't check.

Cracking a 512-bit DKIM key for less than $8 in the cloud

awulf — Wed, 08 Jan 2025 12:32:34 +0000

Article URL: https://dmarcchecker.app/articles/crack-512-bit-dkim-rsa-key

Comments URL: https://news.ycombinator.com/item?id=42633501

Points: 799

# Comments: 408

Most Common Errors in SPF Records

awulf — Tue, 02 Jul 2024 16:15:43 +0000

Article URL: https://dmarcchecker.app/articles/most-common-spf-errors

Comments URL: https://news.ycombinator.com/item?id=40858062

Points: 1

# Comments: 0

New comment by awulf in "BIMI and DMARC Can't Save You: The Overlooked DKIM Exploit"

awulf — Fri, 17 May 2024 17:26:57 +0000

Shameless plug: My DMARC Checker at https://dmarcchecker.app/ displays a warning message if it encounters a DKIM signature header with an 'l=' tag:

"The 'l=' tag limits how many bytes of the email body are included in the body hash. This may allow an attacker to alter/expand the message in a way that it still passes DKIM validation."

Additionally, the tool alerts you to the use of weak RSA keys or SHA1.

By the way, less than 0.4% of all emails checked make use of the 'l=' tag.

SPF, DKIM, and DMARC in 2024: Analyzing the Top 1M Domains

awulf — Tue, 02 Apr 2024 15:18:48 +0000

Article URL: https://dmarcchecker.app/articles/spf-dkim-dmarc-adoption-2024

Comments URL: https://news.ycombinator.com/item?id=39906734

Points: 3

# Comments: 0

New comment by awulf in "Show HN: DMARC Checker"

awulf — Wed, 21 Feb 2024 16:20:44 +0000

You are correct, the mail server is currently configured to only receive emails via IPv4. This setup is not uncommon as most major email providers have IPv4-only MX records (with Gmail and Yandex Mail being rare exceptions that support IPv6).

It might be a good idea to provide a different email address whose mail server explicitly requires IPv6. I'll think about it. Thanks for bringing it up.

New comment by awulf in "Show HN: DMARC Checker"

awulf — Wed, 21 Feb 2024 00:55:24 +0000

We've just launched the app this week. While white labeling is a possibility down the road, we're currently focused on refining it and gathering user feedback.

New comment by awulf in "Show HN: DMARC Checker"

awulf — Tue, 20 Feb 2024 23:48:00 +0000

Thanks for the feedback, much appreciated! It looks like you've flattened your SPF record, causing a large number of log messages. I'll see what I can do to better highlight the line that produces the 'pass' result.

New comment by awulf in "Show HN: DMARC Checker"

awulf — Tue, 20 Feb 2024 21:33:27 +0000

There was a small bug in our DMARC record parser (it didn't like the semicolon at the end of the record). Sorry for that. Your DMARC record is definitely correct. The issue should be fixed now.

Also, thanks for the idea about circumventing DNS caching. I'll look into adding that feature.

New comment by awulf in "Show HN: DMARC Checker"

awulf — Tue, 20 Feb 2024 21:12:16 +0000

I'm really happy to read that the app was able to help! Thanks for sharing.

Show HN: DMARC Checker

awulf — Tue, 20 Feb 2024 16:52:26 +0000

Article URL: https://dmarcchecker.app/

Comments URL: https://news.ycombinator.com/item?id=39443574

Points: 70

# Comments: 21

New comment by awulf in "Show HN: TxtFiddle – JavaScript playground for text manipulation tasks"

awulf — Thu, 25 Mar 2021 17:21:53 +0000

Thank you for the input. I have now added a separate "Templates" menu item.

New comment by awulf in "Show HN: TxtFiddle – JavaScript playground for text manipulation tasks"

awulf — Wed, 24 Mar 2021 21:33:25 +0000

Basically, yes. In practice, there's a bit more to it. The user code is wrapped into an "async function(input)" (so you can use async/await) and run inside a worker inside a sandboxed iframe (for security reasons and for being able to stop the execution). There's also some additional code for catching errors and parsing the error stack.

New comment by awulf in "Show HN: TxtFiddle – JavaScript playground for text manipulation tasks"

awulf — Tue, 23 Mar 2021 22:47:22 +0000

The main reason is ease of use. Of course, you can use JSFiddle to create an HTML page with a textarea field and a button that triggers your code and outputs the result to the console or somewhere else. But that's a lot of overhead for a simple text editing task.

TxtFiddle is specifically built for text manipulation tasks and reduces the amount of code you have to write to a minimum. There's also a (growing) list of templates that you can choose from (see the "New" menu). Another differentiating feature is the ability to abort a running script (i.e., in the case of an accidental infinite loop).