Kris Deugau wrote:
OK, I think I've thought of a sort of a counter-example: [...]
I'm sending from myfriendsdomain.com's server, but I don't have an
account there. I do, however, have an account [EMAIL PROTECTED]
on my own server- to which I want all replies/bounces/etc to go to.
Kris Deugau wrote:
Julian Mehnle wrote:
Andreas Metzler wrote:
If I send an e-mail over mail.nusrf.at with envelope-from
[EMAIL PROTECTED] I am _not_ forging anything or making
unauthorized use of domains
Yes, you are. The envelope-from address is not a reply-to address,
it's a
Julian Mehnle wrote:
Kris Deugau wrote:
OK, I think I've thought of a sort of a counter-example:
[...]
I'm sending from myfriendsdomain.com's server,
but I don't have an account there.
^
I do, however, have an account
[EMAIL PROTECTED] on
my own
On Mon, Oct 13, 2003 at 05:54:41PM -0500, John Hasler wrote:
No, you understood it correctly. That's exactly the point.
If I can configure my domain with a list of IPs from which mail claiming to
originate from it must come without having a static IP and without the
cooperation of the
Julian Mehnle wrote:
Andreas Metzler wrote:
Julian Mehnle [EMAIL PROTECTED] wrote:
It's about forging an e-mail sender's identity. By preventing
the unauthorized use of domains as the sender domain of e-mails,
most of the practiced cases of identity forgery are prevented.
[...]
On Mon, Oct 13, 2003 at 06:51:01PM -0500, John Hasler wrote:
Joel Baker writes:
I'm going to gloss over the utter mistake of your first statement
I am on a dialup with a dynamic IP number: I am allowed to borrow a
number from my ISP at need. There is no IP number over which I have any
Joel Baker writes:
Many places do hosting of DNS domains (only; no web or mail, etc) for
absurdly cheap rates ($5/mo in some cases), and allow either DDNS or an
automateable webpage to do updates with.
I'm aware of these. While interesting should they start supporting SPF
they are not really
On Tue, 14 Oct 2003 10:21:23 -0500, John Hasler [EMAIL PROTECTED] said:
I understand all that, which is why I found statements such as those
in
[EMAIL PROTECTED] confusing. The fact is I can add SPF
records for any IP numbers I want to domains I control. Thus if I
want to be able to send
On Tue, 14 Oct 2003, Manoj Srivastava wrote:
I do not know, a priori, what the IP address is likely to be,
and getting DNS changed for datasync.com would take days, not hours,
by which time I would no longer be at the IP.
You'd just need something akin to the ddns services... but in
Manoj Srivastava said on Tue, Oct 14, 2003 at 04:40:15PM -0500:
Consider this use case: I travel a lot, and stay in hotels
with network connections. Unfortunately, these nigtly billed domains
have very poor mail gateways; I've been burned before. I now connect
directly and deliver
Manoj writes:
Consider this use case: I travel a lot, and stay in hotels with network
connections. Unfortunately, these nigtly billed domains have very poor
mail gateways; I've been burned before. I now connect directly and
deliver mail from the MTA on my laptop.
I do not know, a priori,
On Tue, Oct 14, 2003 at 04:40:15PM -0500, Manoj Srivastava wrote:
On Tue, 14 Oct 2003 10:21:23 -0500, John Hasler [EMAIL PROTECTED] said:
I understand all that, which is why I found statements such as those
in
[EMAIL PROTECTED] confusing. The fact is I can add SPF
records for any IP
Julian Mehnle [EMAIL PROTECTED] wrote:
Andreas Metzler wrote:
Julian Mehnle [EMAIL PROTECTED] wrote:
It's about forging an e-mail sender's identity. By preventing the
unauthorized use of domains as the sender domain of e-mails, most of
the practiced cases of identity forgery are
On Mon, Oct 13, 2003 at 12:34:46AM +0200, Tollef Fog Heen wrote:
* Riku Voipio
I have mail-followup-set for a reason. In addition, it is normal
policy on Debian lists not to Cc people unless explicitly requested.
Hmm. my mutt setup appears to be b0rken then. sorry about that.
need to look
Andreas Metzler wrote:
Julian Mehnle [EMAIL PROTECTED] wrote:
Andreas Metzler wrote:
If I send an e-mail over mail.nusrf.at with envelope-from
[EMAIL PROTECTED] I am _not_ forging anything or making
unauthorized use of domains
Yes, you are. The envelope-from address is not a
On Mon, Oct 13, 2003 at 02:47:44PM +0200, Julian Mehnle wrote:
Andreas Metzler wrote:
Julian Mehnle [EMAIL PROTECTED] wrote:
Andreas Metzler wrote:
If I send an e-mail over mail.nusrf.at with envelope-from
[EMAIL PROTECTED] I am _not_ forging anything or making
unauthorized use of domains
Andreas Metzler wrote:
On Mon, Oct 13, 2003 at 02:47:44PM +0200, Julian Mehnle wrote:
There you have it. It's the source mailbox, and while it can be
used to report errors, it can *not only* be used to report errors.
I'm relieved that the RFC doesn't contradict my common sense
Julian Mehnle writes:
Don't you agree on my understanding of a sender address (or source
mailbox) being the address (or source mailbox) the sender sends
from? If so, please state it explicitly, so I have something I can
argue against. :-)
Mail is not sent from any particular address at all;
Michael Poole wrote:
Julian Mehnle writes:
Don't you agree on my understanding of a sender address (or source
mailbox) being the address (or source mailbox) the sender sends
from? If so, please state it explicitly, so I have something I can
argue against. :-)
Mail is not sent from any
Julian Mehnle writes:
It does very well make sense to specify a sender address for an e-mail,
and that's exactly what the SMTP MAIL FROM command AKA envelope-from
(and the Sender: header) is meant to be. Even RFCs (2)821 and (2)822
articulate it that way. Nowhere do these RFCs state that the
Julian Mehnle writes:
Michael Poole wrote:
Mail is not sent from any particular address at all; it is sent by a
person or program. It is delivered to one or more addresses. The
From: address and SMTP and envelope sender addresses are for human
understanding and status reporting.
It does
John Hasler wrote:
Julian Mehnle writes:
It does very well make sense to specify a sender address for an
e-mail, and that's exactly what the SMTP MAIL FROM command AKA
envelope-from (and the Sender: header) is meant to be. Even RFCs
(2)821 and (2)822 articulate it that way. Nowhere do
Julian Mehnle writes:
No, but this again is one of these broken e-mail vs. real world
analogies. You can't receive mail through such a letter box, but a
sender address is inherently meant to be a valid address through which
you can be contacted (among other criteria).
I can no more be
John Hasler wrote:
Julian Mehnle writes:
No, but this again is one of these broken e-mail vs. real world
analogies. You can't receive mail through such a letter box, but a
sender address is inherently meant to be a valid address through which
you can be contacted (among other criteria).
On Mon, Oct 13, 2003 at 08:06:33PM +0200, Julian Mehnle wrote:
John Hasler wrote:
Julian Mehnle writes:
No, but this again is one of these broken e-mail vs. real world
analogies. You can't receive mail through such a letter box, but a
sender address is inherently meant to be a valid
Joel Baker writes:
I'm sorry, but your individual desire to be able to send mail from
anywhere on the planet, claiming to be anyone on the planet...
What makes you think I want to claim to be anyone on the planet?
I have a valid domain and I want replies and bounces to go to it.
If adding .1
John Hasler wrote:
Joel Baker writes:
If adding .1 to your SA score for lacking a repudiation protocol, and
3 (or 5, or whatever) for claiming to be from a domain that denies
that it origionates mail to the rest of the world from your IP...
I have no IP. Outgoing mail from home goes via
On Mon, Oct 13, 2003 at 04:26:35PM -0500, John Hasler wrote:
Joel Baker writes:
I'm sorry, but your individual desire to be able to send mail from
anywhere on the planet, claiming to be anyone on the planet...
What makes you think I want to claim to be anyone on the planet?
I have a valid
Julian Mehnle writes:
Consider your ISP's smarthost's IP address your IP. It makes no
difference.
It would if the proposed system was unusable by those of us without static
IPs, which was the impression I was getting. Evidently that impression was
incorrect: good.
No, you understood it
Joel Baker writes:
I'm going to gloss over the utter mistake of your first statement
I am on a dialup with a dynamic IP number: I am allowed to borrow a
number from my ISP at need. There is no IP number over which I have any
administrative control. Thus I have no IP in that I would be unable
* Gerfried Fuchs
(Discussion moved from -private, all text and references which refer
to stuff not ok to quote outside -private removed.)
| * Tollef Fog Heen [EMAIL PROTECTED] [2003-10-09 22:03]:
|
| I think it's a silly proposal, since it will hinder people like me who
| are sending all
Tollef Fog Heen wrote:
* Gerfried Fuchs
The concept of SMTP AUTH is completely new to you, is it? Sorry,
these kind of objections are just as silly as you call the proposal
silly.
Uhm, no, why should it be? Having gnus set up to use SMTP auth and
using a different server based on what
In article [EMAIL PROTECTED],
Andreas Metzler [EMAIL PROTECTED] wrote:
SMTP AUTH is no magic solution, you'd have to start routing mail by
sender instead of recipient.
Take myself, sharing a computer at home with somebody else who uses a
completely different domain for her e-mail. Currently I
Julian Mehnle [EMAIL PROTECTED] wrote:
Tollef Fog Heen wrote:
[...]
How would you set up so that my laptop (or yours or whoever's) can
send mail from about ten different domains if the server you are
sending to is using SPF and the domain you are sending from have it
implemented in DNS?
Miquel van Smoorenburg [EMAIL PROTECTED] wrote:
In article [EMAIL PROTECTED],
Andreas Metzler [EMAIL PROTECTED] wrote:
SMTP AUTH is no magic solution, you'd have to start routing mail by
sender instead of recipient.
Take myself, sharing a computer at home with somebody else who uses a
In article [EMAIL PROTECTED],
Andreas Metzler [EMAIL PROTECTED] wrote:
Miquel van Smoorenburg [EMAIL PROTECTED] wrote:
You know, there is a difference between Envelope-From (SMTP MAIL FROM:)
and whatever you put in the From: header. They don't have to be the same.
[...]
I do know that, but
Miquel van Smoorenburg [EMAIL PROTECTED] wrote:
[...]
And it does not help in the first szenario at all
(unless you think it to be ok that user a receives the bounces for
user b).
Just for a reminder: Two people using different domains with a changing
smarthost on one computer.
If you read
On Thu, Oct 09, 2003 at 10:03:45PM +0200, Tollef Fog Heen wrote:
* Joel Baker
| Last I checked, this was (unfortunately) not yet an RFC, but only a draft
| proposal. It happens to be one I really like the idea of, but I am aware
| of more or less 'nobody' implementing it, nor any significant
* Riku Voipio [EMAIL PROTECTED] [031012 20:25]:
Second hint: If you insist on your right to forge your email address,
anyone else can forge your address as well. Is that a right you really
need?
It's about to *use* an e-mail address, not about forging one...
Third hint: You can still choose
(Bernhard, please excuse the accidental CC!)
Bernhard R. Link wrote:
* Riku Voipio [EMAIL PROTECTED] [031012 20:25]:
Second hint: If you insist on your right to forge your email address,
anyone else can forge your address as well. Is that a right you really
need?
It's about to *use* an
(Andreas, please excuse the accidental CC!)
Andreas Metzler wrote:
Julian Mehnle [EMAIL PROTECTED] wrote:
Convince the owner of these domains that you are (that is, your
outgoing mail server is) allowed to send mail from these domains.
Think these domains = debian.org and outgoing mail
Julian Mehnle [EMAIL PROTECTED] wrote:
(Bernhard, please excuse the accidental CC!)
Bernhard R. Link wrote:
* Riku Voipio [EMAIL PROTECTED] [031012 20:25]:
Second hint: If you insist on your right to forge your email address,
anyone else can forge your address as well. Is that a right you
* Riku Voipio
I have mail-followup-set for a reason. In addition, it is normal
policy on Debian lists not to Cc people unless explicitly requested.
| I think it's a silly proposal, since it will hinder people like me who
| are sending all their mail from a laptop to send their mail properly.
Andreas Metzler wrote:
Julian Mehnle [EMAIL PROTECTED] wrote:
It's about forging an e-mail sender's identity. By preventing the
unauthorized use of domains as the sender domain of e-mails, most of
the practiced cases of identity forgery are prevented. [...]
If I send an e-mail over
Tollef Fog Heen wrote:
* Riku Voipio
Second hint: If you insist on your right to forge your email address,
anyone else can forge your address as well. Is that a right you really
need?
Uhm, how would you forge your own mail address? It's like forging
your own signature, something which
On Sun, Oct 12, 2003 at 11:41:45PM +0200, Andreas Metzler wrote:
Julian Mehnle [EMAIL PROTECTED] wrote:
Bernhard R. Link wrote:
* Riku Voipio [EMAIL PROTECTED] [031012 20:25]:
Second hint: If you insist on your right to forge your email address,
anyone else can forge your address as
On Fri, Oct 10, 2003 at 12:21:33PM +0200, Gerfried Fuchs wrote:
* Tollef Fog Heen [EMAIL PROTECTED] [2003-10-09 22:03]:
(please take this off -private, don't sure where, though. Please
quote me anywhere.)
Same for me -- so this whole message is quoteable outside of -private.
Moved to
47 matches
Mail list logo