On Thu, Apr 27, 2023, at 9:54 PM, Scott Kitterman wrote:
>
>
> On April 28, 2023 2:49:48 AM UTC, Jesse Thompson wrote:
> >On Thu, Apr 27, 2023, at 9:40 PM, Jesse Thompson wrote:
> >> On Thu, Apr 27, 2023, at 10:44 AM, Alessandro Vesely wrote:
> >>> Also, state that serious consideration
On Thu, Apr 27, 2023, at 9:52 PM, Scott Kitterman wrote:
>
>
> On April 28, 2023 2:25:57 AM UTC, Jesse Thompson wrote:
> >On Thu, Apr 27, 2023, at 9:30 AM, Brotman, Alex wrote:
> >> Attempt to make it a tad more concise (I think), altering some of the
> >> language:
> >>
> >>
On April 28, 2023 2:49:48 AM UTC, Jesse Thompson wrote:
>On Thu, Apr 27, 2023, at 9:40 PM, Jesse Thompson wrote:
>> On Thu, Apr 27, 2023, at 10:44 AM, Alessandro Vesely wrote:
>>> Also, state that serious consideration includes testing p=quarantine;
>>> pct=0^H t=y.
>>
>> I was going to say
On April 28, 2023 2:25:57 AM UTC, Jesse Thompson wrote:
>On Thu, Apr 27, 2023, at 9:30 AM, Brotman, Alex wrote:
>> Attempt to make it a tad more concise (I think), altering some of the
>> language:
>>
>> -
>> There can be inherent damage to the ability to use certain
On Thu, Apr 27, 2023, at 9:40 PM, Jesse Thompson wrote:
> On Thu, Apr 27, 2023, at 10:44 AM, Alessandro Vesely wrote:
>> Also, state that serious consideration includes testing p=quarantine;
>> pct=0^H t=y.
>
> I was going to say something similar but I think that it is implied by
> section A.7
On Thu, Apr 27, 2023, at 10:44 AM, Alessandro Vesely wrote:
> Also, state that serious consideration includes testing p=quarantine; pct=0^H
> t=y.
I was going to say something similar but I think that it is implied by section
A.7
Jesse
___
dmarc
On Thu, Apr 27, 2023, at 9:30 AM, Brotman, Alex wrote:
> Attempt to make it a tad more concise (I think), altering some of the
> language:
>
> -
> There can be inherent damage to the ability to use certain SMTP-based systems
> in conjunction with a policy of quarantine or
On April 27, 2023 4:02:32 PM UTC, Alessandro Vesely wrote:
>On Wed 26/Apr/2023 13:21:33 +0200 Scott Kitterman wrote:
>> On April 26, 2023 8:08:39 AM UTC, Alessandro Vesely wrote:
>>> On Tue 25/Apr/2023 20:27:18 +0200 Scott Kitterman wrote:
My recollection is that a general formulation
On April 27, 2023 3:36:29 PM UTC, Alessandro Vesely wrote:
>On Thu 27/Apr/2023 16:11:17 +0200 Brotman, Alex wrote:
>> In summary:
>>
>> “Report senders SHOULD attempt delivery via SMTP using STARTTLS to all
>> receivers. Transmitting these reports via a secured session is preferrable.”
>>
On Wed 26/Apr/2023 13:21:33 +0200 Scott Kitterman wrote:
On April 26, 2023 8:08:39 AM UTC, Alessandro Vesely wrote:
On Tue 25/Apr/2023 20:27:18 +0200 Scott Kitterman wrote:
My recollection is that a general formulation that I proposed had at least
some traction out of both groups:
[some
On Thu 27/Apr/2023 16:30:14 +0200 Brotman, Alex wrote:
Attempt to make it a tad more concise (I think), altering some of the language:
-
There can be inherent damage to the ability to use certain SMTP-based systems
in conjunction with a policy of quarantine or reject.
On Thu 27/Apr/2023 16:11:17 +0200 Brotman, Alex wrote:
In summary:
“Report senders SHOULD attempt delivery via SMTP using STARTTLS to all
receivers. Transmitting these reports via a secured session is preferrable.”
I don’t think we should add this in
+1, after we said there's (almost) no
It appears that Brotman, Alex said:
>You just want:
>
> Where the URI specified in a "rua" tag does not specify otherwise, a
> Mail Receiver generating a feedback report SHOULD employ a secure
> transport mechanism.
Sure. That is at worst harmless.
R's,
John
I think so.
Scott K
On April 27, 2023 2:49:07 PM UTC, "Brotman, Alex"
wrote:
>You just want:
>
> Where the URI specified in a "rua" tag does not specify otherwise, a
> Mail Receiver generating a feedback report SHOULD employ a secure
> transport mechanism.
>
>Restored in some useful
You just want:
Where the URI specified in a "rua" tag does not specify otherwise, a
Mail Receiver generating a feedback report SHOULD employ a secure
transport mechanism.
Restored in some useful place?
--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast
> -Original
Attempt to make it a tad more concise (I think), altering some of the language:
-
There can be inherent damage to the ability to use certain SMTP-based systems
in conjunction with a policy of quarantine or reject. These could include,
though are not limited to, mailing
I think that the original wording, which is technology agnostic, is better. As
you suggest, there are multiple ways to address the requirement and being
overly specific will not age well.
Scott K
On April 27, 2023 2:11:17 PM UTC, "Brotman, Alex"
wrote:
>In summary:
>
>“Report senders SHOULD
+1
On 4/27/2023 10:11 AM, Brotman, Alex wrote:
In summary:
“Report senders SHOULD attempt delivery via SMTP using STARTTLS to
all receivers. Transmitting these reports via a secured session is
preferrable.”
I don’t think we should add this in, but receivers could deploy
DANE/MTA-STS if
In summary:
“Report senders SHOULD attempt delivery via SMTP using STARTTLS to all
receivers. Transmitting these reports via a secured session is preferrable.”
I don’t think we should add this in, but receivers could deploy DANE/MTA-STS if
they wanted to ensure senders who honor those will
On 4/26/2023 11:51 AM, Scott Kitterman wrote:
I agree that more will be needed. Thanks for the feedback. The last run at
this question ended up being a mess, so I'm trying to see if we can get further
by going in small steps.
Scott,
I provided some suggested text below of what I think,
There are options on TLS failure.
Mandatory TLS is actually pretty common, since PCI DSS, HIPAA and GDBR have
all been interpreted as requiring TLS on email.For outbound mail, our
MTA is configured to drop the connection if encryption cannot be
established. I think this configuration option
These are the potential data harvesting strategies that I can envision.
Are there others?
Data harvesting by originating domain
(I don't see how data harvesting by the originating domain can be
considered a privacy violation, but these are the strategies:
- Report data can be matched to
22 matches
Mail list logo
