Quoting Michael Stone ([EMAIL PROTECTED]):
> You're talking about SPF. That's a concept, not an implementation.
Implementation details have already been posted.
> Effective use of SPF requires widespread adoption. Until/unless
> widespread adoption happens the promises of SPF are vaporware.
Re
Quoting Michael Stone ([EMAIL PROTECTED]):
> You're talking about SPF. That's a concept, not an implementation.
Implementation details have already been posted.
> Effective use of SPF requires widespread adoption. Until/unless
> widespread adoption happens the promises of SPF are vaporware.
Re
On Sat, 5 Jun 2004 08:52, Michael Stone <[EMAIL PROTECTED]> wrote:
> >So, adding handling for SPF RRs in one's MTA yields significant
> >advantages today, despite the technology being new, because _all_ of the
> >forgemail claiming to be from aol.com, msn.com, hotmail.com, pobox.com,
> >etc. can be
On Sat, 5 Jun 2004 08:52, Michael Stone <[EMAIL PROTECTED]> wrote:
> >So, adding handling for SPF RRs in one's MTA yields significant
> >advantages today, despite the technology being new, because _all_ of the
> >forgemail claiming to be from aol.com, msn.com, hotmail.com, pobox.com,
> >etc. can be
hi ya
On Fri, 4 Jun 2004, Michael Stone wrote:
> On Fri, Jun 04, 2004 at 05:26:07PM -0700, Rick Moen wrote:
> >You mean like having extra meanings of the term "vaporware", ones that
> >you alone are aware of? OK.
vaporware is good and bad ...
good, because if its features gets implemented "ri
hi ya
On Fri, 4 Jun 2004, Michael Stone wrote:
> On Fri, Jun 04, 2004 at 05:26:07PM -0700, Rick Moen wrote:
> >You mean like having extra meanings of the term "vaporware", ones that
> >you alone are aware of? OK.
vaporware is good and bad ...
good, because if its features gets implemented "ri
On Fri, Jun 04, 2004 at 05:26:07PM -0700, Rick Moen wrote:
You mean like having extra meanings of the term "vaporware", ones that
you alone are aware of? OK.
You're talking about SPF. That's a concept, not an implementation.
Effective use of SPF requires widespread adoption. Until/unless
wides
Quoting Michael Stone ([EMAIL PROTECTED]):
> No, I'm not.
You _weren't_ ignoring the point I just made and changing the subject?
Then, some villain apparently snuck into your MTA and substituted
different text that did, for the original message you tried to send.
You should sue! ;->
> I'm poin
On Fri, Jun 04, 2004 at 05:26:07PM -0700, Rick Moen wrote:
You mean like having extra meanings of the term "vaporware", ones that
you alone are aware of? OK.
You're talking about SPF. That's a concept, not an implementation.
Effective use of SPF requires widespread adoption. Until/unless
widesprea
Quoting Michael Stone ([EMAIL PROTECTED]):
> What name calling? There's a difference.
Cute.
Ah, well.
> You're assuming unrestricted outbound connections. Might even be true in
> your environment.
It's true that there will be interim problems with corporate firewalls
(etc.) closing off outb
On Sat, Jun 05, 2004 at 12:23:14AM +0200, Bernd Eckenfels wrote:
> In article <[EMAIL PROTECTED]> you wrote:
> > It's possible you're taking that fact into account: I'd be curious to
> > hear how you (or others) are ensuring that such bounces go somewhere
> > appropriate.
>
> Well, fisrt of all,
On Fri, Jun 04, 2004 at 04:09:32PM -0700, Rick Moen wrote:
Quoting Michael Stone ([EMAIL PROTECTED]):
There's a line between advocacy and zealotry.
Still stuck in name-calling mode? Pity.
What name calling? There's a difference.
It's fine for a home user to implement it quickly but it's
On Fri, Jun 04, 2004 at 04:00:32PM -0700, Rick Moen wrote:
Not that I'm objecting, but I can't help noticing that you're ignoring
the point I just made, and changing the subject.
No, I'm not. I'm pointing out that the world is more complicated than
you seem to think.
Mike Stone
> On Fri, Jun 04, 2004 at 11:38:02PM +0100, Azazel wrote:
> >Fair enough, but it's up to people like us to push it, surely?
>
> There's a line between advocacy and zealotry. At this point I'm not
> convinced that it's worth the effort. It's fine for a home user to
> implement it quickly but it's n
Quoting Michael Stone ([EMAIL PROTECTED]):
> There's a line between advocacy and zealotry.
Still stuck in name-calling mode? Pity.
> It's fine for a home user to implement it quickly but it's not so easy
> for a lot of large organizations that currently allow people to send
> mail from offsite
Quoting Michael Stone ([EMAIL PROTECTED]):
> yeah, aol's pleased as punch about it. they also don't have much
> interest in customers sending email with @aol from off their own system
> unless they use an obnoxious webmail client. same goes for hotmail.
> anyone with users who isn't aol and whose
On Fri, Jun 04, 2004 at 03:47:55PM -0700, Rick Moen wrote:
The utility of SPF lies in its ability to eliminate joe-jobbing,
providing a means to validate MXes -- and, as I'm reasonably sure you'll
have observed, forged mail's envelopes strongly tend to forge the
domains of major (very large) mail
On Fri, Jun 04, 2004 at 11:38:02PM +0100, Azazel wrote:
Fair enough, but it's up to people like us to push it, surely?
There's a line between advocacy and zealotry. At this point I'm not
convinced that it's worth the effort. It's fine for a home user to
implement it quickly but it's not so easy
Quoting Michael Stone ([EMAIL PROTECTED]):
> Well, it is vaporware. Until it's used by a noticable percentage of
> hosts, it's irrelevant.
(1) Where I come from, the term "vapourware" means software touted far
in advance of its availability. As noted, such is most emphatically not
the case, here
In article <[EMAIL PROTECTED]> you wrote:
> Why is SPF important? Because it eliminates joe-jobs. That is, it
> allows mail admins to absolutely validate the envelope return path --
> significant because spammers have recently gotten around to forging
> sender envelope information, allowing forge
In article <[EMAIL PROTECTED]> you wrote:
> It's possible you're taking that fact into account: I'd be curious to
> hear how you (or others) are ensuring that such bounces go somewhere
> appropriate.
Well, fisrt of all, I accept mail for outgoing relay only from verified
sources, this includes SM
> That doesn't matter, unless a large enough fraction of people at both
> ends of smtp conversations actually use the stuff. An implementation
> that is not deployed is no more useful than a standard which isn't
> implemented.
Fair enough, but it's up to people like us to push it, surely?
J.
--
Quoting Michael Stone ([EMAIL PROTECTED]):
> No, I'm not.
You _weren't_ ignoring the point I just made and changing the subject?
Then, some villain apparently snuck into your MTA and substituted
different text that did, for the original message you tried to send.
You should sue! ;->
> I'm poin
On Fri, Jun 04, 2004 at 11:50:09AM -0700, Rick Moen wrote:
I'm surprised that an allegation that SPF -- highly relevant to SMTP
security -- is "vapourware", not to mention refutations of that
assertion, are off-topic. Nonetheless, I apologise for reacting with
irritation to Michael's claim to th
Quoting Michael Stone ([EMAIL PROTECTED]):
> What name calling? There's a difference.
Cute.
Ah, well.
> You're assuming unrestricted outbound connections. Might even be true in
> your environment.
It's true that there will be interim problems with corporate firewalls
(etc.) closing off outb
On Sat, Jun 05, 2004 at 12:23:14AM +0200, Bernd Eckenfels wrote:
> In article <[EMAIL PROTECTED]> you wrote:
> > It's possible you're taking that fact into account: I'd be curious to
> > hear how you (or others) are ensuring that such bounces go somewhere
> > appropriate.
>
> Well, fisrt of all,
On Fri, Jun 04, 2004 at 04:09:32PM -0700, Rick Moen wrote:
Quoting Michael Stone ([EMAIL PROTECTED]):
There's a line between advocacy and zealotry.
Still stuck in name-calling mode? Pity.
What name calling? There's a difference.
It's fine for a home user to implement it quickly but it's not so
On Fri, Jun 04, 2004 at 04:00:32PM -0700, Rick Moen wrote:
Not that I'm objecting, but I can't help noticing that you're ignoring
the point I just made, and changing the subject.
No, I'm not. I'm pointing out that the world is more complicated than
you seem to think.
Mike Stone
--
To UNSUBSCRIBE,
> On Fri, Jun 04, 2004 at 11:38:02PM +0100, Azazel wrote:
> >Fair enough, but it's up to people like us to push it, surely?
>
> There's a line between advocacy and zealotry. At this point I'm not
> convinced that it's worth the effort. It's fine for a home user to
> implement it quickly but it's n
Quoting Michael Stone ([EMAIL PROTECTED]):
> There's a line between advocacy and zealotry.
Still stuck in name-calling mode? Pity.
> It's fine for a home user to implement it quickly but it's not so easy
> for a lot of large organizations that currently allow people to send
> mail from offsite
Quoting Michael Stone ([EMAIL PROTECTED]):
> yeah, aol's pleased as punch about it. they also don't have much
> interest in customers sending email with @aol from off their own system
> unless they use an obnoxious webmail client. same goes for hotmail.
> anyone with users who isn't aol and whose
On Fri, Jun 04, 2004 at 03:47:55PM -0700, Rick Moen wrote:
The utility of SPF lies in its ability to eliminate joe-jobbing,
providing a means to validate MXes -- and, as I'm reasonably sure you'll
have observed, forged mail's envelopes strongly tend to forge the
domains of major (very large) mail-h
On Fri, Jun 04, 2004 at 11:38:02PM +0100, Azazel wrote:
Fair enough, but it's up to people like us to push it, surely?
There's a line between advocacy and zealotry. At this point I'm not
convinced that it's worth the effort. It's fine for a home user to
implement it quickly but it's not so easy for
Quoting Michael Stone ([EMAIL PROTECTED]):
> Well, it is vaporware. Until it's used by a noticable percentage of
> hosts, it's irrelevant.
(1) Where I come from, the term "vapourware" means software touted far
in advance of its availability. As noted, such is most emphatically not
the case, here
In article <[EMAIL PROTECTED]> you wrote:
> Why is SPF important? Because it eliminates joe-jobs. That is, it
> allows mail admins to absolutely validate the envelope return path --
> significant because spammers have recently gotten around to forging
> sender envelope information, allowing forge
In article <[EMAIL PROTECTED]> you wrote:
> It's possible you're taking that fact into account: I'd be curious to
> hear how you (or others) are ensuring that such bounces go somewhere
> appropriate.
Well, fisrt of all, I accept mail for outgoing relay only from verified
sources, this includes SM
> That doesn't matter, unless a large enough fraction of people at both
> ends of smtp conversations actually use the stuff. An implementation
> that is not deployed is no more useful than a standard which isn't
> implemented.
Fair enough, but it's up to people like us to push it, surely?
J.
--
On Fri, Jun 04, 2004 at 11:50:09AM -0700, Rick Moen wrote:
I'm surprised that an allegation that SPF -- highly relevant to SMTP
security -- is "vapourware", not to mention refutations of that
assertion, are off-topic. Nonetheless, I apologise for reacting with
irritation to Michael's claim to that
Quoting Phillip Hofmeister ([EMAIL PROTECTED]):
> While I am sure finding out whose is bigger is exciting to you. I
> feel comfortable in speaking for the rest of the list when I say this
> thread has become WAY OT.
I'm surprised that an allegation that SPF -- highly relevant to SMTP
security
Quoting Bernd Eckenfels ([EMAIL PROTECTED]):
> If you relay mail from your customers, you have to deliver them their
> bounces if they spam.
Well, that's the trick, isn't it? If they're sending spam (either
deliberately or -- much more likely of late -- because customer hosts have
been zombifi
Quoting Phillip Hofmeister ([EMAIL PROTECTED]):
> While I am sure finding out whose is bigger is exciting to you. I
> feel comfortable in speaking for the rest of the list when I say this
> thread has become WAY OT.
I'm surprised that an allegation that SPF -- highly relevant to SMTP
security
Quoting Bernd Eckenfels ([EMAIL PROTECTED]):
> If you relay mail from your customers, you have to deliver them their
> bounces if they spam.
Well, that's the trick, isn't it? If they're sending spam (either
deliberately or -- much more likely of late -- because customer hosts have
been zombifi
While I am sure finding out whose is bigger is exciting to you. I
feel comfortable in speaking for the rest of the list when I say this
thread has become WAY OT. Please mark it as such (in the subject)
or take your discussion elsewhere.
Thanks
On Thu, 03 Jun 2004 at 09:11:57PM -0400, Rick Moen
Incoming from Bernd Eckenfels:
> In article <[EMAIL PROTECTED]> you wrote:
> > Are you suggesting then, that we should not relay mail at all?, not even
> > to/from our customers?
>
> If you relay mail from your customers, you have to deliver them their
> bounces if they spam. If you relay to your
Incoming from Michael Stone:
>
> It's not misbehaving to generate a bounce message. Glad I could clear
> that up.
s/bounce/valid bounce/
You're welcome.
--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://www.spots.ab.ca/~keeling
- -
hi ya blu
On Thu, 3 Jun 2004, Blu wrote:
> I agree, but it was suggested that any mail server should reject spam at
> SMTP time, and not bounce it at all.
yupp ... best to do at smtp time
> If my relay server (not open, but
> relay for customers) has no means to verify recipients, what to do w
In article <[EMAIL PROTECTED]> you wrote:
> Are you suggesting then, that we should not relay mail at all?, not even
> to/from our customers?
If you relay mail from your customers, you have to deliver them their
bounces if they spam. If you relay to your customers you better make sure
the backup
Quoting Michael Stone ([EMAIL PROTECTED]):
> On Thu, Jun 03, 2004 at 05:32:17PM -0700, Rick Moen wrote:
> >Was there a particular part of the immediately preceding reference to
> >SPF that you didn't get, or was it the concept as a whole?
>
> I get the concept of vaporware. Seen a lot of it over
Quoting Michael Stone ([EMAIL PROTECTED]):
> The end result is the same in a lot of cases.
I'm sorry, what part of "fixing local problems first, and understanding
the scope of one's responsibility" are you not quite getting?
> The point is that you shouldn't take a holier-than-thou attitude abou
On Thu, Jun 03, 2004 at 05:32:17PM -0700, Rick Moen wrote:
Was there a particular part of the immediately preceding reference to
SPF that you didn't get, or was it the concept as a whole?
I get the concept of vaporware. Seen a lot of it over the years.
Mike Stone
On Thu, Jun 03, 2004 at 05:29:25PM -0700, Rick Moen wrote:
Earlier, I mentioned (to summarise and review) that I take care to have
my MTA reject mail it considers inherently objectionable on various
grounds, as a superior alternative to performing such processing after
acceptance. (Among other t
While I am sure finding out whose is bigger is exciting to you. I
feel comfortable in speaking for the rest of the list when I say this
thread has become WAY OT. Please mark it as such (in the subject)
or take your discussion elsewhere.
Thanks
On Thu, 03 Jun 2004 at 09:11:57PM -0400, Rick Moen
Quoting Blu ([EMAIL PROTECTED]):
> If my relay server (not open, but relay for customers) has no means to
> verify recipients, what to do when the destination server rejects that
> mail already accepted by my server?. Bounce.
(Implicit assumption that you have no option but to accept forged-send
On Thu, 3 Jun 2004, Blu wrote:
> On Thu, Jun 03, 2004 at 04:34:44PM -0700, Rick Moen wrote:
> > Do I win a prize,
yup :-)
> or was that just a qualifying round, and the real
> > questions, that actually require thinking, will come later?
>
> Are you suggesting then, that we should not relay
Quoting Michael Stone ([EMAIL PROTECTED]):
> I'm sure the guy who got joe jobbed is happy that you can point out the
> source of his misforture. Must be real comforting and all.
Was there a particular part of the immediately preceding reference to
SPF that you didn't get, or was it the concept as
On Thu, Jun 03, 2004 at 05:16:10PM -0700, Alvin Oga wrote:
>
> On Thu, 3 Jun 2004, Blu wrote:
>
> > On Thu, Jun 03, 2004 at 04:34:44PM -0700, Rick Moen wrote:
>
> > > Do I win a prize,
>
> yup :-)
>
> > or was that just a qualifying round, and the real
> > > questions, that actually require t
Quoting Blu ([EMAIL PROTECTED]):
> Are you suggesting then, that we should not relay mail at all?, not even
> to/from our customers?
I'm quite non-plussed at this question, since it seems to suggest that you
weren't following the thread.
Earlier, I mentioned (to summarise and review) that I take
On Thu, Jun 03, 2004 at 04:34:44PM -0700, Rick Moen wrote:
Gee, I guess that relay should have rejected the spam instead of relaying
it, right? Then, it wouldn't feel a compulsion to issue a completely
inappropriate "bounce" [sic] message to a forged sender.
I'm sure the guy who got joe jobbed
Incoming from Bernd Eckenfels:
> In article <[EMAIL PROTECTED]> you wrote:
> > Are you suggesting then, that we should not relay mail at all?, not even
> > to/from our customers?
>
> If you relay mail from your customers, you have to deliver them their
> bounces if they spam. If you relay to your
Incoming from Michael Stone:
>
> It's not misbehaving to generate a bounce message. Glad I could clear
> that up.
s/bounce/valid bounce/
You're welcome.
--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://www.spots.ab.ca/~keeling
- -
--
To UNS
On Thu, Jun 03, 2004 at 04:34:44PM -0700, Rick Moen wrote:
> Quoting Michael Stone ([EMAIL PROTECTED]):
>
> > Yeah, big difference. If the spam is going through a relay, the relay
> > will send the same bounce and the same person will get the bounce
> > message.
>
> Oh, oh!
>
> Gee, I guess t
Quoting Michael Stone ([EMAIL PROTECTED]):
> Yeah, big difference. If the spam is going through a relay, the relay
> will send the same bounce and the same person will get the bounce
> message.
Oh, oh!
Gee, I guess that relay should have rejected the spam instead of relaying
it, right? Then,
On Thu, Jun 03, 2004 at 03:23:51PM -0700, Rick Moen wrote:
However, if your system is able to determine _during the SMTP session_
that the mail is unwanted (as spam or for some other reason), it can
issue a 55X Reject error and refuse delivery, instead of accepting the
mail and then having to mak
hi ya blu
On Thu, 3 Jun 2004, Blu wrote:
> I agree, but it was suggested that any mail server should reject spam at
> SMTP time, and not bounce it at all.
yupp ... best to do at smtp time
> If my relay server (not open, but
> relay for customers) has no means to verify recipients, what to do w
In article <[EMAIL PROTECTED]> you wrote:
> Are you suggesting then, that we should not relay mail at all?, not even
> to/from our customers?
If you relay mail from your customers, you have to deliver them their
bounces if they spam. If you relay to your customers you better make sure
the backup
Quoting Michael Stone ([EMAIL PROTECTED]):
> On Thu, Jun 03, 2004 at 05:32:17PM -0700, Rick Moen wrote:
> >Was there a particular part of the immediately preceding reference to
> >SPF that you didn't get, or was it the concept as a whole?
>
> I get the concept of vaporware. Seen a lot of it over
Quoting Michael Stone ([EMAIL PROTECTED]):
> The end result is the same in a lot of cases.
I'm sorry, what part of "fixing local problems first, and understanding
the scope of one's responsibility" are you not quite getting?
> The point is that you shouldn't take a holier-than-thou attitude abou
On Thu, Jun 03, 2004 at 05:32:17PM -0700, Rick Moen wrote:
Was there a particular part of the immediately preceding reference to
SPF that you didn't get, or was it the concept as a whole?
I get the concept of vaporware. Seen a lot of it over the years.
Mike Stone
--
To UNSUBSCRIBE, email to [EMAIL
On Thu, Jun 03, 2004 at 05:29:25PM -0700, Rick Moen wrote:
Earlier, I mentioned (to summarise and review) that I take care to have
my MTA reject mail it considers inherently objectionable on various
grounds, as a superior alternative to performing such processing after
acceptance. (Among other thi
Quoting Blu ([EMAIL PROTECTED]):
> If my relay server (not open, but relay for customers) has no means to
> verify recipients, what to do when the destination server rejects that
> mail already accepted by my server?. Bounce.
(Implicit assumption that you have no option but to accept forged-send
On Thu, 3 Jun 2004, Blu wrote:
> On Thu, Jun 03, 2004 at 04:34:44PM -0700, Rick Moen wrote:
> > Do I win a prize,
yup :-)
> or was that just a qualifying round, and the real
> > questions, that actually require thinking, will come later?
>
> Are you suggesting then, that we should not relay
Quoting Michael Stone ([EMAIL PROTECTED]):
> I'm sure the guy who got joe jobbed is happy that you can point out the
> source of his misforture. Must be real comforting and all.
Was there a particular part of the immediately preceding reference to
SPF that you didn't get, or was it the concept as
On Thu, Jun 03, 2004 at 05:16:10PM -0700, Alvin Oga wrote:
>
> On Thu, 3 Jun 2004, Blu wrote:
>
> > On Thu, Jun 03, 2004 at 04:34:44PM -0700, Rick Moen wrote:
>
> > > Do I win a prize,
>
> yup :-)
>
> > or was that just a qualifying round, and the real
> > > questions, that actually require t
Quoting Blu ([EMAIL PROTECTED]):
> Are you suggesting then, that we should not relay mail at all?, not even
> to/from our customers?
I'm quite non-plussed at this question, since it seems to suggest that you
weren't following the thread.
Earlier, I mentioned (to summarise and review) that I take
Quoting David Stanaway ([EMAIL PROTECTED]):
> My mail system has a number of users, and I prefer to let the recipient
> decide what is spam.
There's a minor problem with this, about which more below.
> Some list servers such as yahoogroups (May it rot in pieces) have the
> annoying behavior of
On Thu, Jun 03, 2004 at 04:34:44PM -0700, Rick Moen wrote:
Gee, I guess that relay should have rejected the spam instead of relaying
it, right? Then, it wouldn't feel a compulsion to issue a completely
inappropriate "bounce" [sic] message to a forged sender.
I'm sure the guy who got joe jobbed is
On Jun 3, 2004, at 3:07 PM, Alvin Oga wrote:
post processing is for the birds in my limited world of 10,000+
mails per day ... most of which are spam
- the original posts spam assassin didnt reject
the incoming spam to "undisclosed recepient"
- once they validate the email add
On Thu, Jun 03, 2004 at 04:34:44PM -0700, Rick Moen wrote:
> Quoting Michael Stone ([EMAIL PROTECTED]):
>
> > Yeah, big difference. If the spam is going through a relay, the relay
> > will send the same bounce and the same person will get the bounce
> > message.
>
> Oh, oh!
>
> Gee, I guess t
Quoting Michael Stone ([EMAIL PROTECTED]):
> Yeah, big difference. If the spam is going through a relay, the relay
> will send the same bounce and the same person will get the bounce
> message.
Oh, oh!
Gee, I guess that relay should have rejected the spam instead of relaying
it, right? Then,
On Thu, Jun 03, 2004 at 03:23:51PM -0700, Rick Moen wrote:
However, if your system is able to determine _during the SMTP session_
that the mail is unwanted (as spam or for some other reason), it can
issue a 55X Reject error and refuse delivery, instead of accepting the
mail and then having to make
On Thu, 3 Jun 2004, Kjetil Kjernsmo wrote:
> On torsdag 3. juni 2004, 20:53, Alvin Oga wrote:
> > you have to post process your emails
> > after you already received it.
>
> ...and then it is a bit late to bounce, isn't it...?
i typically dont need to post process... i never got the spam
pos
Quoting David Stanaway ([EMAIL PROTECTED]):
> My mail system has a number of users, and I prefer to let the recipient
> decide what is spam.
There's a minor problem with this, about which more below.
> Some list servers such as yahoogroups (May it rot in pieces) have the
> annoying behavior of
On Jun 3, 2004, at 3:07 PM, Alvin Oga wrote:
post processing is for the birds in my limited world of 10,000+
mails per day ... most of which are spam
- the original posts spam assassin didnt reject
the incoming spam to "undisclosed recepient"
- once they validate the email addy is g
On Thu, 3 Jun 2004, Kjetil Kjernsmo wrote:
> On torsdag 3. juni 2004, 20:53, Alvin Oga wrote:
> > you have to post process your emails
> > after you already received it.
>
> ...and then it is a bit late to bounce, isn't it...?
i typically dont need to post process... i never got the spam
pos
84 matches
Mail list logo
