On Wed, Oct 8, 2008 at 10:33 PM, Sam Clippinger [EMAIL PROTECTED] wrote:
Well, not necessarily. At the moment, spamdyke is only vulnerable to a
very small part of the DNS spoofing attack. Most of the danger Dan
Kaminsky discovered comes from caching -- a vulnerable host could cache
incorrect
On Fri, Oct 3, 2008 at 5:52 PM, Eric Shubert [EMAIL PROTECTED] wrote:
Felix Buenemann wrote:
Hi,
I agree with Arthur and Bgs in that SPF is a smarter thing to check,
because it can be done without checking headers and currently has a much
wider disribution base.
IMHO the only way to
Well, not necessarily. At the moment, spamdyke is only vulnerable to a
very small part of the DNS spoofing attack. Most of the danger Dan
Kaminsky discovered comes from caching -- a vulnerable host could cache
incorrect DNS data sent by the attacker. spamdyke doesn't cache DNS
information,
Felix Buenemann wrote:
Hi,
I agree with Arthur and Bgs in that SPF is a smarter thing to check,
because it can be done without checking headers and currently has a much
wider disribution base.
IMHO the only way to properly reject DKIM failed mail is at the end of
the DATA command,
Hello,
Sorry for butting in, but I'd like to give some of my thoughs too.
I don't think Sam should invest time in an implementation of DKIM now,
its just not the right time. As Eric said, its not yet a standard, so
many mail administrators won't implement it for lack of support. Also,
Hi.
I disagree about waiting for a certain (or uncertain) percentage of servers
in a survey before implementing it though. This isn't a feature about
convenience or annoyance, it's a feature that will probably have a big
positive impact on some peoples lives. I think the fact that PayPal and
I did some Googling today and found this:
http://www.phishtank.com/stats/2008/07/
Apparently, in July of this year, phishtank.com verified more phishing
scams targeting PayPal than the rest of the top 10 targets combined.
That pretty impressive, although I must take it with a grain of salt
Eric Shubert wrote:
Sam,
I see in the TODO file for 4.0 that adding SPF/CSV/Sender ID/DomainKeys/DKIM
checking is ranked as a todo-later item. I don't care so much about
CSV/SenderID/DomainKeys, but I'd like to see the others implemented sooner
than later.
In particular, DKIM signatures