Peter Shute writes:
Stephen J. Turnbull wrote:
The DMARC WG advocates putting list-post in From in place
of a DMARC p=reject address. I advocate accepting their
advice for stock Mailman, and avoiding other non-conforming
workarounds until the market demands them. If it
On 7 May 2014, at 4:07 pm, Stephen J. Turnbull step...@xemacs.org wrote:
Peter Shute writes:
Stephen J. Turnbull wrote:
The DMARC WG advocates putting list-post in From in place
of a DMARC p=reject address. I advocate accepting their
advice for stock Mailman, and avoiding other
Peter Shute writes:
Thanks, I understand now. If the result of this is that replies go
to everyone on the list, this is something we don't want for our
list. Private replies becoming public means trouble, and we have
enough of it already when people Reply All by accident.
In that case,
On May 7, 2014, at 8:59 AM, Stephen J. Turnbull step...@xemacs.org wrote:
which leaves the Reply-To header as it finds it. Finally, set
'personalize' to 'Full Personalization'
which puts the recipient in To. The first two are on the General
Options page, the last on the Nondigest
Rob Lingelbach writes:
Is it possible the ‘personalize’ option moved elsewhere in
2.1.18-1? I’ve just updated to that version and don’t see it on
the Nondigest Options page.
Sorry, I haven't updated to 2.1.18-1 yet, I'm reading source and
missed a crucial qualification at the top of the
On May 7, 2014, at 9:56 AM, Stephen J. Turnbull step...@xemacs.org wrote:
Because personalization can consume a lot of resources, the site admin
needs to enable personalization with OWNERS_CAN_ENABLE_PERSONALIZATION
in mm_cfg.py, then it will show up on the admin site.
Thanks. Impressive.
On 7 May 2014, at 11:59 pm, Stephen J. Turnbull step...@xemacs.org wrote:
Peter Shute writes:
Thanks, I understand now. If the result of this is that replies go
to everyone on the list, this is something we don't want for our
list. Private replies becoming public means trouble, and we
On 05/07/2014 01:34 PM, Peter Shute wrote:
Am I correct in believing that there is now an option to have these modified
behaviours only apply to messages from p=reject senders?
Yes. At least in the latest release (2.1.18-1), there is
dmarc_moderation_action which selects an action to apply
Mark Sapiro wrote:
Am I correct in believing that there is now an option to
have these modified behaviours only apply to messages from
p=reject senders?
Yes. At least in the latest release (2.1.18-1), there is
dmarc_moderation_action which selects an action to apply only
to
Peter Shute writes:
So does this mean that any solution is going to be a choice between
ease of replying to the list and ease of accidental replying to the
list?
Yes, and that's an unsolvable problem. Some replies should be public,
some should be private, and only the user can know which
Peter Shute writes:
If it means that Reply vs Reply All work differently for list
messages from different domains,
It does.
will it only lead to users becoming hopelessly confused? Is there
anyone who's already using this who could report on the reactions
from users?
Good question.
My experience is that for most lists, the members are chronically confused
about nearly everything having to do with addressing. Since very few list
members are going to be subscribed from different ISPs at the same time
(and those are apt to be the most expert) I don't expect this change (when
I
What Keith said. Either users are curious about this and will take the time to
understand, or they throw up their hands and “Computers!” and they will do the
minimum to get things working, which is how it was before.
My hosting provider, Dreamhost, just upgraded from 2.1.14 to 2.1.17 mere
On 05/07/2014 05:41 PM, Peter Shute wrote:
If it means that Reply vs Reply All work differently for list messages from
different domains, will it only lead to users becoming hopelessly confused?
Is there anyone who's already using this who could report on the reactions
from users?
It
I understand now, fake warnings for phishing. As for not being taken in, I
haven't yet, but I'm sure it would be possible to create one that I would
assume to be genuine.
Peter Shute
Sent from my iPad
On 6 May 2014, at 3:15 pm, Stephen J. Turnbull step...@xemacs.org wrote:
Peter Shute
On May 06, 2014, at 02:15 PM, Stephen J. Turnbull wrote:
No, the point is that a phishing mail with
From: Chase Bank Customer Service serv...@chase.com.invalid
will sail right past DMARC, as currently set up.
So too will serv...@chase.com.ru without Mailman ever getting involved, and I
bet
Stephen J. Turnbull step...@xemacs.org wrote:
No, the point is that a phishing mail with
From: Chase Bank Customer Service serv...@chase.com.invalid
will sail right past DMARC, as currently set up
It will sail past people using modern mail clients, too, by which I include
web mail
Barry Warsaw writes:
On May 06, 2014, at 02:15 PM, Stephen J. Turnbull wrote:
No, the point is that a phishing mail with
From: Chase Bank Customer Service serv...@chase.com.invalid
will sail right past DMARC, as currently set up.
So too will serv...@chase.com.ru without
Stephen J. Turnbull wrote:
The DMARC WG advocates putting list-post in From in place
of a DMARC p=reject address. I advocate accepting their
advice for stock Mailman, and avoiding other non-conforming
workarounds until the market demands them. If it gets noisy,
feel free to cave in
Lindsay Haisley writes:
$ dig +short -t txt _dmarc.paypal.com
v=DMARC1\; p=reject\; rua=mailto:d...@rua.agari.com\;
ruf=mailto:d...@bounce.paypal.com,mailto:d...@ruf.agari.com;
This probably is a problem of lesser magnitude than Yahoo! and AOL
FWIW, I don't consider it a problem at
Peter Shute writes:
How does Yahoo's DMARC policy reduce the benefit of Paypal's?
Because servers can't follow the reject recommendation without
No, it's because users get used to ignoring warnings about DMARC
issues. If it was *only* your bank, you'd learn to pay attention to
them. But
On 5 May 2014, at 4:59 pm, Stephen J. Turnbull step...@xemacs.org wrote:
Peter Shute writes:
How does Yahoo's DMARC policy reduce the benefit of Paypal's?
Because servers can't follow the reject recommendation without
No, it's because users get used to ignoring warnings about DMARC
On Mon, 05 May 2014 09:24:59 +0100, Peter Shute psh...@nuw.org.au wrote:
They get a warning? I thought it just bounced, and the intended
recipient never knew.
That was how I (thought I) understood it but I have heard of mailman
distributed messages from AOL Yahoo addresses being put into
$ dig +short -t txt _dmarc.paypal.com
v=DMARC1\; p=reject\; rua=mailto:d...@rua.agari.com\;
ruf=mailto:d...@bounce.paypal.com,mailto:d...@ruf.agari.com;
I'm on lots of lists with Paypal employees, who consistently use
paypal-inc.com addresses, specicially to avoid DMARC problems.
They realized
I'm on lots of lists with Paypal employees, who consistently use
paypal-inc.com addresses, specicially to avoid DMARC problems.
$ dig +short -t txt _dmarc.paypal-inc.com
v=DMARC1\; p=reject\; rua=mailto:d...@rua.agari.com\;
ruf=mailto:d...@bounce.paypal.com,mailto:d...@ruf.agari.com;
No joy
Peter Shute writes:
On 5 May 2014, at 4:59 pm, Stephen J. Turnbull step...@xemacs.org
wrote:
them. But when you (FVO you susceptible to phishing in the first
Sorry, what does FVO stand for?
Ah, excuse my abbreviations. FVO = for values of; the intended
implication is that the you
$ dig +short -t txt _dmarc.paypal.com
v=DMARC1\; p=reject\; rua=mailto:d...@rua.agari.com\;
ruf=mailto:d...@bounce.paypal.com,mailto:d...@ruf.agari.com;
This probably is a problem of lesser magnitude than Yahoo! and AOL since
few list posts will come from PayPal, or be delivered to such an
On May 4, 2014, at 4:07 PM, Lindsay Haisley fmo...@fmp.com wrote:
$ dig +short -t txt _dmarc.paypal.com
v=DMARC1\; p=reject\; rua=mailto:d...@rua.agari.com\;
ruf=mailto:d...@bounce.paypal.com,mailto:d...@ruf.agari.com;
This probably is a problem of lesser magnitude than Yahoo! and AOL
On Sun, 2014-05-04 at 16:14 -0400, Larry Finch wrote:
On May 4, 2014, at 4:07 PM, Lindsay Haisley fmo...@fmp.com wrote:
$ dig +short -t txt _dmarc.paypal.com
v=DMARC1\; p=reject\; rua=mailto:d...@rua.agari.com\;
ruf=mailto:d...@bounce.paypal.com,mailto:d...@ruf.agari.com;
This
On Sun, 2014-05-04 at 20:58 +, John Levine wrote:
$ dig +short -t txt _dmarc.paypal.com
v=DMARC1\; p=reject\; rua=mailto:d...@rua.agari.com\;
ruf=mailto:d...@bounce.paypal.com,mailto:d...@ruf.agari.com;
I'm on lots of lists with Paypal employees, who consistently use
paypal-inc.com
Larry Finch wrote:
This is probably the first actual practical application of
DMARC p=reject that I have seen. Unfortunately, Yahoo's and
AOL's abuse of DMARC will tend to neutralize the benefit of
DMARC to financial institutions who have a really serious
spoofing problem.
How does
31 matches
Mail list logo
