On Sat, 21 Feb 2004, Iljitsch van Beijnum wrote:
This is all about cost-benefit and the realities of the messy, chaotic,
ignorant world of mail users the world around. In nearly all cases the
cost-benefit of signing or encrypting all messages and maintaining
strict, reliable lists of ALL
On 20-feb-04, at 15:32, Robert G. Brown wrote:
It is useful only if you only get mail from a small, closed group of
people, almost by definition, as I think Vernon and others have pointed
out.
Well, I don't know about you, but I _do_ get mail from a small, closed
group of people. I also get mail
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20-feb-04, at 2:15, Vernon Schryver wrote:
That sounds like the old authentication solves spam hope. It was
wrong before SMTP-AUTH and it is still wrong.
Guess what, it is impossible to solve spam the same way it is
impossible to solve burglary.
On Fri, 20 Feb 2004, Iljitsch van Beijnum wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20-feb-04, at 2:15, Vernon Schryver wrote:
That sounds like the old authentication solves spam hope. It was
wrong before SMTP-AUTH and it is still wrong.
Guess what, it is impossible
Sent: Friday, February 20, 2004 6:32 AM
To: Iljitsch van Beijnum
Cc: Vernon Schryver; [EMAIL PROTECTED]
Subject: Re: How Not To Filter Spam
On Fri, 20 Feb 2004, Iljitsch van Beijnum wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20-feb-04, at 2:15, Vernon Schryver wrote
On 19-feb-04, at 1:18, Robert G. Brown wrote:
If a message comes in incorrectly addressed, yes, it will bounce. It
should, shouldn't it?
Yes, but only by ejecting the message immediately during the SMTP
session. Accepting the message, then realize it can't be delivered and
sending a bounce
Vernon Schryver wrote:
If the envelope sender was forged as is common in spam, universal in
worms, and practically nonexistent in legitimate mail, then your bounce
will afflict third party's mailbox. My mailbox receives enough worm
bounces to make me say it is an awfully bad thing.
Yes.
From: Ed Gerck [EMAIL PROTECTED]
Yes. However, if your mailbox could automatically handle confirmation
requests based on messages that were actually sent by you (in much
the same way that NAT boxes work -- you only get a reply to a request
you send), then you would not be bothered by the
Vernon Schryver wrote:
If a complete stranger is the sender of an incoming message, then
crypto keys are irrelevant to determining the message is unsolicited
bulk.
No. In PGP, for example, I accept a key based on who signed it and
when. If I can trust the signer(s), I may use a key from
From: Ed Gerck [EMAIL PROTECTED]
If a complete stranger is the sender of an incoming message, then
crypto keys are irrelevant to determining the message is unsolicited
bulk.
No. In PGP, for example, I accept a key based on who signed it and
when. If I can trust the signer(s), I may
Vernon Schryver wrote:
From: Ed Gerck [EMAIL PROTECTED]
If a complete stranger is the sender of an incoming message, then
crypto keys are irrelevant to determining the message is unsolicited
bulk.
No. In PGP, for example, I accept a key based on who signed it and
when. If I
: Tuesday, February 17, 2004 8:03 PM
To: [EMAIL PROTECTED]
Subject: Re: How Not To Filter Spam
From: william(at)elan.net
It is also a classic example of what is wrong with the MUA filtering
You certain dont assume that there is nothing wrong with the filtering
system you use
Tony,
TH a legitimate message from someone I have corresponded with in the past. The
TH only way to detect a fraud at the MUA would be to have a verifiable
TH signature from Alain (this was trapped at my MTA due to the exe file).
yes, but no.
first, there is an increasingly heated debate
On Tue, 17 Feb 2004, Vernon Schryver wrote:
Thn enclosed example of how not to filter spam is offered for those
who might want to preemptively add accuspam.com or downloadfast.com
to their blacklists.
It is also a classic example of what is wrong with the MUA filtering
tactics Robert Brown
From: Tony Hain
To: 'Vernon Schryver' [EMAIL PROTECTED], [EMAIL PROTECTED]
So if you had received the mail sent here yesterday claiming to be from
Alain Durand would you block Sun or IBM? ...
I should not have responded specifically (if at all) to the other
gentleman's complaint about my
On Wed, 18 Feb 2004, Dave Crocker wrote:
Tony,
TH a legitimate message from someone I have corresponded with in the past. The
TH only way to detect a fraud at the MUA would be to have a verifiable
TH signature from Alain (this was trapped at my MTA due to the exe file).
yes, but no.
Dave Crocker wrote:
Tony,
TH a legitimate message from someone I have corresponded with in the
past.
The
TH only way to detect a fraud at the MUA would be to have a verifiable
TH signature from Alain (this was trapped at my MTA due to the exe file).
yes, but no.
first, there is an
Tony,
first, there is an increasingly heated debate between folks who want
to sign the message (TEOS, DomainKeys), versus others who want to
secure the channel between sender and receiver (RMX, LMAP, SPF,
etc.).
TH Is there an obvious reason not to do both?
Cost of effort. Distraction of
On Wed, 18 Feb 2004, Vernon Schryver wrote:
] From: Robert G. Brown [EMAIL PROTECTED]
] ...
] In the department, where we do USE spam assassin, no bounce messages are
] generated except when mail fails for one of the standard reasons
] unrelated to filtering of any sort. ...
On today's
-BEGIN PGP SIGNED MESSAGE-
Dave == Dave Crocker [EMAIL PROTECTED] writes:
Dave first, there is an increasingly heated debate between folks who
Dave want to sign the message (TEOS, DomainKeys), versus others who want
Dave to secure the channel between sender and receiver
From: Robert G. Brown [EMAIL PROTECTED]
...
If a message comes in incorrectly addressed, yes, it will bounce. It
should, shouldn't it? This has nothing to do with whether or not it is
spam or a virus or any other kind of message. If it is a bad thing, it
is a very fundamental bad
On Wed, 18 Feb 2004, Vernon Schryver wrote:
From: Tony Hain
To: 'Vernon Schryver' [EMAIL PROTECTED], [EMAIL PROTECTED]
So if you had received the mail sent here yesterday claiming to be from
Alain Durand would you block Sun or IBM? ...
I should not have responded specifically (if
Thn enclosed example of how not to filter spam is offered for those
who might want to preemptively add accuspam.com or downloadfast.com
to their blacklists.
It is also a classic example of what is wrong with the MUA filtering
tactics Robert Brown advocates.
I certainly did not try to contact
On Tue, 17 Feb 2004, Vernon Schryver wrote:
It is also a classic example of what is wrong with the MUA filtering
You certain dont assume that there is nothing wrong with the filtering
system you use and others may try duplicate as well. Otherwise how would
you explain that you have Elan and
From: william(at)elan.net
It is also a classic example of what is wrong with the MUA filtering
You certain dont assume that there is nothing wrong with the filtering
system you use and others may try duplicate as well. Otherwise how would
you explain that you have Elan and
On Tue, 17 Feb 2004, Vernon Schryver wrote:
From: william(at)elan.net
It is also a classic example of what is wrong with the MUA filtering
You certain dont assume that there is nothing wrong with the filtering
system you use and others may try duplicate as well. Otherwise how would
26 matches
Mail list logo