- Original Message -
From: Matt Simerson m...@tnpi.net
To: dmarc@ietf.org
Sent: Tuesday, June 3, 2014 10:01:37 PM
Subject: Re: [dmarc-ietf] DKIM through mailing lists (rebutting MLs won't
change)
On Jun 3, 2014, at 8:44 PM, John Levine jo...@taugh.com wrote:
Yes
Franck Martin writes:
Yes the email is legitimate, but how does the MTA knows it?
Aha! Precisely where this conversation should go.
The MTA *doesn't* know. A mailing list knows more, though. And an
MUA knows a lot more than that. Or they could.
For bandwidth reasons, it's important
But that is not equivalent to putting non-resolvable gibberish on the right
side of the @ sign. That's
a reliable way of assuring that such messages do not get queued on my server.
As a matter of
practicality, I highly doubt that I'm unique in requiring that the sender
domain (envelope and
John, I doubt these aol and yahoo users give a hoot of what u snuck into your
small local site. The odds are high these kind of addresses were first used for
junk, aliases, throw away addresses like most people did with these public
email service bureaus. Sure, for many, these public addresses
Hector Santos writes:
[Mail From: a domain under .INVALID] is not legitimate mail per the
proposed security protocol.
Sorry, in this subthread, legitimate, as used by Franck and myself,
means delivery desired by the addressee. If you want to insist on a
different definition, go ahead, but
On Wed, Jun 4, 2014 at 10:43 AM, Stephen J. Turnbull step...@xemacs.org
wrote:
Nor does DMARC say it's nonconforming; in fact, it automatically
passes identity alignment, because there's nobody who is allowed to
create domains under .invalid, so there can be no _dmarc.x.y.invalid.
Actually,
Kurt Andersen writes:
On Wed, Jun 4, 2014 at 10:43 AM, Stephen J. Turnbull step...@xemacs.org
wrote:
Nor does DMARC say it's nonconforming; in fact, it automatically
passes identity alignment, because there's nobody who is allowed to
create domains under .invalid, so there can be
On Jun 4, 2014, at 12:16 PM, J. Gomez jgo...@seryrich.com wrote:
On Wednesday, June 04, 2014 12:14 AM [GMT+1=CET], Hector Santos wrote:
I prefer to update my software with the above script for our MTA
receiver rather to add logic to rewrite the 5322.From to bypass a
security protocol
On Wednesday, June 04, 2014 10:56 PM [GMT+1=CET], Douglas Otis wrote:
On Jun 4, 2014, at 12:16 PM, J. Gomez jgo...@seryrich.com wrote:
On Wednesday, June 04, 2014 12:14 AM [GMT+1=CET], Hector Santos
wrote:
I prefer to update my software with the above script for our MTA
receiver
Elizabeth Zwicky writes:
At this point, I do not see going to p=quarantine in the hope
that attackers won't exploit data they already have exactly the same
way
Has Yahoo! has already tried 'p=quarantine', or is that merely your
expert opinion? (Nothing against expertise, but experiment
Franck Martin writes:
But why would you accept emails from invalid domains in the first
instance?
Because the email is legitimate, of course. I've seen people use
example.com in their addresses on list posts to ensure they won't
get personal replies. I've seen people use
On 6/3/14, 4:26 AM, Stephen J. Turnbull step...@xemacs.org wrote:
Elizabeth Zwicky writes:
At this point, I do not see going to p=quarantine in the hope
that attackers won't exploit data they already have exactly the same
way
Has Yahoo! has already tried 'p=quarantine', or is that
Yes the email is legitimate, but how does the MTA knows it?
Well a bayesian filter has learned that this type of content is legitimate,
and then one day a spammer
uses the same content, but change one link...
That could happen to any mail feature you care to name.
Big companies send buckets of
On Jun 3, 2014, at 8:44 PM, John Levine jo...@taugh.com wrote:
Yes the email is legitimate, but how does the MTA knows it?
Well a bayesian filter has learned that this type of content is legitimate,
and then one day a spammer
uses the same content, but change one link...
That could
- Original Message -
From: Stephen J. Turnbull turnb...@sk.tsukuba.ac.jp
To: Tony Hansen t...@att.com
Cc: dmarc@ietf.org
Sent: Monday, June 2, 2014 12:28:21 AM
Subject: Re: [dmarc-ietf] DKIM through mailing lists (rebutting MLs won't
change)
Tony Hansen writes:
I would love
- Original Message -
From: Kurt Andersen kander...@linkedin.com
To: Stephen J. Turnbull turnb...@sk.tsukuba.ac.jp, Tony Hansen
t...@att.com
Cc: dmarc@ietf.org
Sent: Monday, June 2, 2014 12:55:39 PM
Subject: Re: [dmarc-ietf] DKIM through mailing lists (rebutting MLs won't
change
Elizabeth Zwicky writes:
So changes that maintain effective protection for users who are
being targeted by attackers with addressbook information, with less
disruption to email that people want, are of great interest to us.
How about trying p=quarantine with a real short TTL just in case?
That's okay -- it was just a thought. However, note that not all MLMs
are in as good a shape as GNU Mailman is, volunteer-wise. For *them*, it
might be useful.
I wouldn't count on it. I did .invalid patches for majordomo2, which
is largely abandonware but still used a fair number of places.
Dear Tony,
See comments inline:
On May 29, 2014, at 8:11 PM, Tony Hansen t...@att.com wrote:
On 5/28/14, 6:46 PM, Barry Leiba wrote:
Anything that requires mailing list software to change won't work.
I'm going to push back on this statement. I think we keep getting stuck on
the mantra
On Thu, May 29, 2014 at 8:44 PM, Scott Kitterman skl...@kitterman.com
wrote:
The reason there is no IETF working group is that the people behind DMARC
were
unwilling to entertain participation in a working group that had a charter
that allowed for any chance of a change to the DMARC protocol.
On May 30, 2014 3:37:28 AM EDT, Murray S. Kucherawy superu...@gmail.com
wrote:
On Thu, May 29, 2014 at 8:44 PM, Scott Kitterman skl...@kitterman.com
wrote:
The reason there is no IETF working group is that the people behind
DMARC
were
unwilling to entertain participation in a working group
On 5/29/14, 8:44 PM, Scott Kitterman skl...@kitterman.com wrote:
DMARC change is even more off the table than MLM software change (which
does,
as you suggest, evolve over time).
DMARC changes are not off the table for Yahoo. Right now, the option that
best serves the majority of our customers
On Friday, May 30, 2014 17:07:30 Elizabeth Zwicky wrote:
On 5/29/14, 8:44 PM, Scott Kitterman skl...@kitterman.com wrote:
DMARC change is even more off the table than MLM software change (which
does,
as you suggest, evolve over time).
DMARC changes are not off the table for Yahoo. Right
On 05/30/2014 11:28 AM, Stephen J. Turnbull wrote:
I am of the opinion that the technical DMARC protocols (including
p=reject) are fine. I have not heard of any complaint about use by
banks (Bank of America joined the ranks of p=reject banks some time
in the last 10 days AFAICT). Have there
Douglas Otis writes:
There are many cases that are never originally signed by the DMARC
domain. Such as an accounting package that sends out invoices on
behalf of some company that wants their email address in the From
header since this is what their customers will recognize.
I don't
On May 29, 2014, at 7:07 AM, Stephen J. Turnbull step...@xemacs.org wrote:
Douglas Otis writes:
There are many cases that are never originally signed by the DMARC
domain. Such as an accounting package that sends out invoices on
behalf of some company that wants their email address in the
On 5/28/14, 6:46 PM, Barry Leiba wrote:
Anything that requires mailing list software to change won't work.
I'm going to push back on this statement. I think we keep getting stuck
on the mantra that the mailing list software won't change. However,
the majority of the mailing list software
On Thursday, May 29, 2014 23:11:28 Tony Hansen wrote:
On 5/28/14, 6:46 PM, Barry Leiba wrote:
Anything that requires mailing list software to change won't work.
I'm going to push back on this statement. I think we keep getting stuck
on the mantra that the mailing list software won't change.
We could attempt to define a dkim canonicalization that would pass through a
mailing list.
This was beaten pretty severely during the DKIM work, and we couldn't
come up with anything that was workable.
It should include the subject, but have rules for stripping standard
subject prefixes. It
On May 28, 2014, at 4:05 PM, Brandon Long bl...@google.com wrote:
On Wed, May 28, 2014 at 3:46 PM, Barry Leiba barryle...@computer.org wrote:
We could attempt to define a dkim canonicalization that would pass through a
mailing list.
This was beaten pretty severely during the DKIM
Anything that requires mailing list software to change won't work. If
mailing list software is changed, the right answer is for the mailing
list to re-sign the message. That doesn't help the DMARC situation
now, but DMARC could be given other options once that happens.
That's right. But
On 5/28/2014 6:47 PM, Arvel Hathcock wrote:
That's right. But maybe there could be a multipart/dkim type that lets
several signatures exist in a message - all of which could potentially
verify with different d=.
Hi Arvel. Great to see you re-entering the fray...
Picking a nit: It's not a
On 5/28/2014 9:47 PM, Arvel Hathcock wrote:
Anything that requires mailing list software to change won't work. If
mailing list software is changed, the right answer is for the mailing
list to re-sign the message. That doesn't help the DMARC situation
now, but DMARC could be given other
33 matches
Mail list logo