Re: [mailop] Excluding Message-ID from DKIM Signature

On 16-05-27 09:19 AM, Rich Kulawiec wrote: It's also a bad idea operationally, as it will break things like loop detection, it will complicate problem diagnosis, and it will break anti-spam/anti-abuse mechanisms that rely on Message-ID. ---rsk +1 -- "Catch the Magic of Linux..."

Re: [mailop] signup form abuse

Have been watching this thread for a bit, and do have an opinion. First of all, I see a lot of talk about 'COI' (Confirmed Opt-In), rather than the term 'CDOI' (Confirmed Double Opt-in) and the reason I point it out, is that there is a lot of loose definitions of both 'opt-in' and

Re: [mailop] signup form abuse

On Fri, May 27, 2016 at 11:49 AM, Michael Peddemors wrote: > Have been watching this thread for a bit, and do have an opinion. > > First of all, I see a lot of talk about 'COI' (Confirmed Opt-In), rather > than the term 'CDOI' (Confirmed Double Opt-in) and the reason I

Re: [mailop] signup form abuse

The problem with the, "Please Reply" method is that it can lead to mailbombing the target. We've seen it happen. Now if the intended subscriber could send a single message to the mailinglist, and it could be easily proved that it either came from them, or someone that their mail admin could

Re: [mailop] signup form abuse

> But I agree with you completely on the, "loose definition" issue, and have a > rather nasty story about that. > Always get the person who asserts their doing it to tell you exactly what > that term means to them. These are the definitions that we use, and that we use in working with our

Re: [mailop] signup form abuse

> I personally think that ESP's should make an effort to carefully separate > their confirmed double opt-in mailings, from single opt-in mailers.. We have a lot of ESPs as customers of our email reputation certification service, and we *always* urge them to segregate their IPs by opt-in level

Re: [mailop] signup form abuse

On 5/27/16 9:49 AM, Michael Peddemors wrote: Have been watching this thread for a bit, and do have an opinion. First of all, I see a lot of talk about 'COI' (Confirmed Opt-In), rather than the term 'CDOI' (Confirmed Double Opt-in) and the reason I point it out, is that there is a lot of loose

Re: [mailop] signup form abuse

On 5/27/16 9:49 AM, Michael Peddemors wrote: While it might be more 'attractive' to offer a simple 'click to confirm', why are you not using the more standard 'Please Reply To' this message if you want to receive these messages? This would solve the problem being discussed, and ensure that the

Re: [mailop] signup form abuse

On 16-05-27 10:08 AM, Michael Wise wrote: The problem with the, "Please Reply" method is that it can lead to mailbombing the target. We've seen it happen. Of course, someone could use a forged address when sending the 'confirmation' email, but how they would get mail bombed I am unsure of.

Re: [mailop] Excluding Message-ID from DKIM Signature

Thanks, Vick. I'm curious, what initially lead you to exclude the message-id from your signature? On Fri, May 27, 2016 at 5:55 AM, Vick Khera wrote: > Hi Joel, > > I don't sign my message-id. In fact, I let my MTA create the Message-ID > header and I sign before that in my