Jo Rhett wrote:
Matt, how can I possibly get you to move past this unfounded
assumption that my trust path is broken and focus on the real
problem? The trust path is not broken, it's just fine.
On May 20, 2008, at 5:47 PM, Matt Kettler wrote:
Ok, then the AWL code is *SEVERELY* bugged. The question then
becomes why isn't the source address part of the AWL working properly.
I'm not sure I know this or can agree. I'm fairly sure its
orthagonal, but I may be wrong.
That IP range is what would detect the forgeries, or at least give
the forgeries a different AWL entry than email you really sent
yourself.
I only send mail to myself from my wireless provider or open WiFi
networks. e.g. "note to self" while I am on the road.
The source IPs are different, so your real self-to-self should be
handled independently, with a completely separate AWL entry, from
the spammer forged self-to-self.
You're assuming I use the same source IP when I send myself mail, and
that just isn't true.
Or that you receive e-mail from the very same public wireless and/
or phone providers as everyone else does. My trust path doesn't
have to be broken if the networks used to send the e-mail are
public networks.
(if you can laugh == "welcome to the 21st century and the
Crackberry/Treo/iPhone") Not trying to be snide.
If you're using any kind of forwarder, including crackberry, their
servers should be trusted by you so that SA's checks get applied to
the mailserver that dropped mail off at them. That's the purpose of
the trust path, to allow you to trust the headers of those systems
receiving mail on your behalf and forwarding it to you.
I'm not -- my Treo delivers mail directly to my mail server. From
DHCP-assigned addresses all over the world. I enjoy travel ;-)
I'd also like to point out that no provider is willing to share their
server lists openly and consistently enough for this to occur. We
have to put crackberry users in their own domain because we use SPF on
the main domains and crackberry keeps changing their servers.
"no provider" == crackberry, verizon, sprint, etc... the wireless
providers who intercept outbound mail.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
