+1 to Doug's comments. I think an expected and desired state achievable in
the foreseeable future (based on the flows I see) is to require at least
some form of authentication (whether it's SPF, DKIM or ARC).
On Mon, Apr 10, 2023, 8:18 AM Douglas Foster <
dougfoster.emailstanda...@gmail.com> wrote
On Sun, Apr 9, 2023 at 3:27 PM Douglas Foster <
dougfoster.emailstanda...@gmail.com> wrote:
> All of which is why I sketched out a very different mailing list design.
> It's not my job or my agenda to sell it to people, not my job to build
> the product, and not my job to deal with hurt feelings.
The AOL breach obviously just magnified a problem that was already in place
- impersonation is a useful attack vector. Email addresses do not have
restricted distribution, and they fall into the hands of unwanted senders
all the time.
We currently have a regime of semi-mandatory sender authentic
On Sun, Apr 9, 2023 at 2:28 PM Murray S. Kucherawy
wrote:
> On Sun, Apr 9, 2023 at 2:07 PM Douglas Foster <
> dougfoster.emailstanda...@gmail.com> wrote:
>
>> As an evaluator, what I can accept is that "Some intermediaries could be
>> allowed to make some changes y do want unrestricto messages, i
What is the operational experience with domains that stop at o=quarantine?
On Sun, Apr 9, 2023, 5:28 PM Murray S. Kucherawy
wrote:
> On Sun, Apr 9, 2023 at 2:07 PM Douglas Foster <
> dougfoster.emailstanda...@gmail.com> wrote:
>
>> As an evaluator, what I can accept is that "Some intermediaries
Those are all valid points, and I don't have a solution for them which
preserves the status quo.
I see the world moving to more Sender Authentication, not less. Mandatory
Sender Authentication is my expected end-state.
ARC is an acknowledgement of this trend. ARC may not add much value to
list
On Sun, Apr 9, 2023 at 2:07 PM Douglas Foster <
dougfoster.emailstanda...@gmail.com> wrote:
> As an evaluator, what I can accept is that "Some intermediaries could be
> allowed to make some changes y do want unrestricto messages, if I have a
> list of intermediaries that should be allowed, suffici
This discussion is based on a mixture of theory and pragmatism.
The pragmatism side is that AOL has created a problem, is unlikely to
change, and we have to deal with life as it is rather than the way I would
like it to be.
The theoretical side is more difficult. I would like to be more
sympath
On Sat, Apr 8, 2023 at 2:13 AM Douglas Foster <
dougfoster.emailstanda...@gmail.com> wrote:
> It becomes a simple choice: Lists can adapt to operate the way AOL and
> others want them to work, or they can keep to the old ways and live with
> the consequences.When the old ways cause damage, I
On Sat, Apr 8, 2023, at 4:12 AM, Douglas Foster wrote:
> It is pretty clear how an AOL-compatible mailing list can be configured:
>
> • All messages come from the list domain
> • Plus addressing is used to give each subscriber a unique From address..
> • To be standards-compliant the plus addre
It is pretty clear how an AOL-compatible mailing list can be configured:
- All messages come from the list domain
- Plus addressing is used to give each subscriber a unique From address..
- To be standards-compliant the plus address still needs to fit within
the 64-character limit, so
11 matches
Mail list logo