Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

On Tuesday, February 16, 2016 06:17:27 AM Roland Turner via dmarc-discuss wrote: > Scott Kitterman wrote: > > To > > the extent ARC is useful to mitigate the DMARC mailing list issue, it's > > only useful with additional data inputs that are not public and are not > > feasible for small providers

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

Franck Martin wrote: > As I said earlier spamhaus and surbl has the data. The question is not > which domains to trust, but which domains not to trust. They may or may not. (Analysing Received: headers to learn about forwarding behaviour is not an obviously important input for those

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

On Tuesday, February 16, 2016 06:02:31 AM Roland Turner via dmarc-discuss wrote: > Scott Kitterman wrote: > >> Roland Turner wrote: > >> > >> This is just a diffusion process, not an exclusion of smaller players. > >> Indeed, it would almost appear that you'd be happier if the big guys had > >>

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

Scott Kitterman wrote: > To > the extent ARC is useful to mitigate the DMARC mailing list issue, it's only > useful with additional data inputs that are not public and are not feasible > for small providers to generate on their own. I meant to ask earlier: would you level the same criticism at

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

The problem with the e-mail community, is few people drives all of us away from mailing lists. On Mon, Feb 15, 2016 at 3:47 PM, John R Levine wrote: >> As I said earlier spamhaus and surbl has the data. The question is not >> which domains to trust, but which domains not to

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

As I said earlier spamhaus and surbl has the data. The question is not which domains to trust, but which domains not to trust. On Mon, Feb 15, 2016 at 3:35 PM, John Levine wrote: >>ARC purpose is to say when DMARC fail and the email should be rejected that >>it is ok to let it

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

>ARC purpose is to say when DMARC fail and the email should be rejected that >it is ok to let it through. As such there is no scale problem and anyone >can do it. ARC provides no protection against replay attacks, in particular, against taking a set of ARC headers from a benign message and

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

Spamhaus and SURBL both publish a domain blocking list, this is enough to use to block emails that went through bad domains (as per ARC custody chain) Of course, this has to be built into the MTA, but it is all opensource, it is not out of reach, just volunteers and work... On Mon, Feb 15, 2016

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

The difference in this case is one, maintaining a Wordpress site, requires a lot of vigilance, but no information/data that's not publicly available. To the extent ARC is useful to mitigate the DMARC mailing list issue, it's only useful with additional data inputs that are not public and are

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

Scott, I don't really see any difference in the class of problem. You could choose to outsource email it to Google Apps or Microsoft Office 365 if you don't want to figure this stuff out yourself. Many do, from SMB to enterprise level, even though email is core to just about every company's

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

ARC purpose is to say when DMARC fail and the email should be rejected that it is ok to let it through. As such there is no scale problem and anyone can do it. If email is your core business, then complaining you have to do some work, will not give any sympathy. On Mon, Feb 15, 2016 at 11:17 AM,

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

That's a totally different class of problem. Any competent sysadmin with some time can maintain a CMS based web site (e.g. Wordpress). The fact that so many are not competently managed is a function of capability and willingness to do a little work, not a function of inadequate scale. Also,

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

Yes it is a "you have to be this tall to ride with us". For instance, many Wordpress sites are on URL blocking lists, because the managers cannot keep with basic security updates. So if you want to host a website, you have to be that tall to ride with us (or find a hosting company, that will give

Re: [dmarc-discuss] introduction to the list-virtual server & mailman questions

On Monday, February 15, 2016 07:27:21 AM Roland Turner via dmarc-discuss wrote: > Scott Kitterman wrote: > > It would be nice if we didn't design standards that only worked at a > > certain scale. "You must be this tall to ride" worries me. > > There's nothing about ARC that is scale-specific,

[dmarc-discuss] reject DMARC policy for my.com domain starting March, 1 2016

Hello, list. Starting March, 1 2016 Mail.Ru begins to implement restrictive DMARC policy for public mailbox domains with my.com being the first domain to publish p=reject policy. Please make sure to update configuration if you need special handling for DMARC-restrictive domains. In future,

Re: [dmarc-discuss] what MUAs show, was introduction to the list-virtual

John Levine wrote: > DMARC does an OK job when crooks use the exact domain name, which they > stilll do a lot, but we still don't have a clue about what to do when > they don't, other than trying to filter it because it looks evil, not > because it sorta kinda looks like a domain name in someone