On Tue, 08 Apr 2014 22:50:26 -0700, Doug Barton said:
On 04/08/2014 10:28 PM, Matt Palmer wrote:
On Wed, Apr 09, 2014 at 12:18:00AM -0500, jamie rishaw wrote:
Here's the only way to keep a system safe from Internet hackers:
http://goo.gl/ZvGrXw [google images]
/me is disappointed
Am I interpreting this correctly -- that Yahoo's implementation of
DMARC is broken, such that anyone using a Yahoo address to participate
in a mailing list is dead in the water?
http://www.ietf.org/mail-archive/web/ietf/current/msg87153.html
On 04/08/2014 09:46 PM, Rob Seastrom wrote:
If that's true, you might want to consider immediately disconnecting
your systems from the Internet and never re-connecting them. After
all, theres a lot of online unseen code testing your site already
whether you like it or not.
-r
Sending someone
On Apr 09, 2014, at 11:26 , Me jsch...@flowtools.net wrote:
On 04/08/2014 09:46 PM, Rob Seastrom wrote:
If that's true, you might want to consider immediately disconnecting
your systems from the Internet and never re-connecting them. After
all, theres a lot of online unseen code testing your
* jsch...@flowtools.net (Me) [Wed 09 Apr 2014, 17:26 CEST]:
Sending someone to a site with obscure TLDs of .io or .lv doesn't
help in these situations. This is a perfect opportunity for someone
to set up a drive by site to drop malware on someone's computer.
Yes, because obviously .com
On 04/09/2014 09:39 AM, Niels Bakker wrote:
* jsch...@flowtools.net (Me) [Wed 09 Apr 2014, 17:26 CEST]:
Sending someone to a site with obscure TLDs of .io or .lv doesn't
help in these situations. This is a perfect opportunity for someone
to set up a drive by site to drop malware on someone's
* jsch...@flowtools.net (Me) [Wed 09 Apr 2014, 17:51 CEST]:
On 04/09/2014 09:39 AM, Niels Bakker wrote:
* jsch...@flowtools.net (Me) [Wed 09 Apr 2014, 17:26 CEST]:
Sending someone to a site with obscure TLDs of .io or .lv
doesn't help in these situations. This is a perfect opportunity
for
On Wed, Apr 09, 2014 at 07:13:47AM -0800, Royce Williams wrote:
Am I interpreting this correctly -- that Yahoo's implementation of
DMARC is broken, such that anyone using a Yahoo address to participate
in a mailing list is dead in the water?
Yes. It seems that Yahoo wasn't content with just
On 04/09/14 07:13, Royce Williams wrote:
Am I interpreting this correctly -- that Yahoo's implementation of
DMARC is broken, such that anyone using a Yahoo address to participate
in a mailing list is dead in the water?
http://www.ietf.org/mail-archive/web/ietf/current/msg87153.html
On 4/9/2014 10:13 AM, Royce Williams wrote:
Am I interpreting this correctly -- that Yahoo's implementation of
DMARC is broken, such that anyone using a Yahoo address to participate
in a mailing list is dead in the water?
Their implementation is not 'broken'.
Rather, Yahoo has made a very
Confirmed across a variety of Mailman lists I administer.
Mailman can be patched to reject/discard posts from members with p=reject.
https://code.launchpad.net/~jimpop/mailman/dmarc-reject
I'm sort of glad that Yahoo did what they did, people are now seeing
the dark side of DMARC. WooHoo!!
On 04/09/2014 09:59 AM, Niels Bakker wrote:
Then why single out the .io and .lv's? Maybe you missed the trend (by
now a few years old) to get domains in those and similar ccTLD's for
startups? Why even try to portray them as less trusted, as you
plainly did in the quoted paragraph?
On Apr 2, 2014, at 11:14 AM, Joe Abley jab...@hopcount.ca wrote:
Hi all,
It's common wisdom that a datagram that needs to be fragmented between
endpoints (because it is bigger than the path MTU) will demonstrate less
reliable delivery and reassembly than a datagram that doesn't need to be
In article 5345831b.4030...@dcrocker.net you write:
On 4/9/2014 10:13 AM, Royce Williams wrote:
Am I interpreting this correctly -- that Yahoo's implementation of
DMARC is broken, such that anyone using a Yahoo address to participate
in a mailing list is dead in the water?
Their
On Wed, Apr 9, 2014 at 4:05 PM, John Levine jo...@iecc.com wrote:
I'd say it's pretty badly broken if Yahoo intends for their web mail
to continue to be a general purpose mail system for consumers. If
they want to make it something else, that's certainly their right, but
it would have been
On Wed, 09 Apr 2014 17:15:59 -0400, William Herrin said:
Meh. This just means list software will have to rewrite the From
header to From: John Levine nanog@nanog.org and rely on the
Reply-To header for anybody who wants to send a message back to the
originator.
Maybe this is a good thing -
On Wed, Apr 9, 2014 at 5:15 PM, William Herrin b...@herrin.us wrote:
On Wed, Apr 9, 2014 at 4:05 PM, John Levine jo...@iecc.com wrote:
I'd say it's pretty badly broken if Yahoo intends for their web mail
to continue to be a general purpose mail system for consumers. If
they want to make it
On Wed, 9 Apr 2014, valdis.kletni...@vt.edu wrote:
On Wed, 09 Apr 2014 17:15:59 -0400, William Herrin said:
Meh. This just means list software will have to rewrite the From
header to From: John Levine nanog@nanog.org and rely on the
Reply-To header for anybody who wants to send a message back
On 4/9/2014 5:24 PM, valdis.kletni...@vt.edu wrote:
On Wed, 09 Apr 2014 17:15:59 -0400, William Herrin said:
Meh. This just means list software will have to rewrite the From
header to From: John Levine nanog@nanog.org and rely on the
Reply-To header for anybody who wants to send a message
The most sane out-of-mind response should only be sent *if* the
out-of-mind person is named explicitly as a recipient in the RFC822
header. Anything To: somelist@somehost does not qualify :)
Funny story: When I was at IBM I filed that as a bug with Lotus
Notes. The Notes team rejected the
On 4/9/2014 3:05 PM, John Levine wrote:
In article 5345831b.4030...@dcrocker.net you write:
Their implementation is not 'broken'.
I'd say it's pretty badly broken if Yahoo intends for their web mail
to continue to be a general purpose mail system for consumers. If
they want to make it
On Wed, Apr 09, 2014 at 05:49:27PM -0400, Jeff Kell wrote:
The most sane out-of-mind response should only be sent *if* the
out-of-mind person is named explicitly as a recipient in the RFC822
header. Anything To: somelist@somehost does not qualify :)
Jeff
and just how is an
On 4/9/2014 6:11 PM, bmann...@vacation.karoshi.com wrote:
On Wed, Apr 09, 2014 at 05:49:27PM -0400, Jeff Kell wrote:
The most sane out-of-mind response should only be sent *if* the
out-of-mind person is named explicitly as a recipient in the RFC822
header. Anything To: somelist@somehost does
The most sane out-of-mind response should only be sent *if* the
out-of-mind person is named explicitly as a recipient in the RFC822
To: header. Anything To: somelist@somehost does not qualify :)
This highly effective trick was in the procmail example vacation script in
1991, and doubtless
2: introduce an Original Authentication Results header to indicate
you have performed the authentication and you are validating it
This was someone's hack that doesn't work. The idea is that you make an
RFC5451 Authentication-Results header for the incoming message, change the
name to
On Wed, Apr 9, 2014 at 6:27 PM, John R. Levine jo...@iecc.com wrote:
The most sane out-of-mind response should only be sent *if* the
out-of-mind person is named explicitly as a recipient in the RFC822
To: header. Anything To: somelist@somehost does not qualify :)
This highly effective trick
procmail is a rewrite of MMDF mailfilter. badly.
On Thu, Apr 10, 2014 at 8:42 AM, Christopher Morrow morrowc.li...@gmail.com
wrote:
On Wed, Apr 9, 2014 at 6:27 PM, John R. Levine jo...@iecc.com wrote:
The most sane out-of-mind response should only be sent *if* the
out-of-mind person is
This highly effective trick was in the procmail example vacation script in
1991, and doubtless goes back much farther than that. It's a little
dismaying to hear that there are still people writing autoresponders who
don't know about it.
what is procmail?
The scriptable mail delivery agent
On 4/9/2014 5:11 PM, bmann...@vacation.karoshi.com wrote:
On Wed, Apr 09, 2014 at 05:49:27PM -0400, Jeff Kell wrote:
The most sane out-of-mind response should only be sent *if* the
out-of-mind person is named explicitly as a recipient in the RFC822
header. Anything To: somelist@somehost does
On 4/9/2014 5:45 PM, George Michaelson wrote:
procmail is a rewrite of MMDF mailfilter. badly.
Thanks, but I believe it slightly preceded MMDF's equivalent facility.
On the average, Allman put comparable features into sendmail sooner than
I did.
Of course, my design's were sooo much
On 4/9/2014 7:22 PM, Larry Sheldon wrote:
On 4/9/2014 5:11 PM, bmann...@vacation.karoshi.com wrote:
On Wed, Apr 09, 2014 at 05:49:27PM -0400, Jeff Kell wrote:
The most sane out-of-mind response should only be sent *if* the
out-of-mind person is named explicitly as a recipient in the RFC822
On 4/9/2014 7:02 PM, Jeff Kell wrote:
On 4/9/2014 7:22 PM, Larry Sheldon wrote:
On 4/9/2014 5:11 PM, bmann...@vacation.karoshi.com wrote:
On Wed, Apr 09, 2014 at 05:49:27PM -0400, Jeff Kell wrote:
The most sane out-of-mind response should only be sent *if* the
out-of-mind person is named
On Wed, Apr 9, 2014 at 6:11 PM, bmann...@vacation.karoshi.com wrote:
and just how is an algorithm supposed to detect that
jeff-k...@utc.edu is a single human and not a list?
If the autoresponder is sane, it looks for:
List-Id: North American Network Operators Group
On Wed, Apr 9, 2014 at 8:02 PM, Jeff Kell jeff-k...@utc.edu wrote:
Date: Wed, 9 Apr 2014 18:22:51 -0500
From: Larry Sheldon larryshel...@cox.net
Organization: Maybe tomorrow
User-Agent: Mozilla/5.0 (Windows NT 5.1;
rv:24.0) Gecko/20100101 Thunderbird/24.4.0
To: nanog@nanog.org
Subject: Re:
On 2014-04-08 21:57, bmanning wrote:
On Tue, Apr 08, 2014 at 11:46:31PM -0400, Rob Seastrom wrote:
If that's true, you might want to consider immediately disconnecting
your systems from the Internet and never re-connecting them. After
all, theres a lot of online unseen code testing your site
On Wed, Apr 9, 2014 at 8:12 PM, William Herrin b...@herrin.us wrote:
On Wed, Apr 9, 2014 at 6:11 PM, bmann...@vacation.karoshi.com wrote:
and just how is an algorithm supposed to detect that
jeff-k...@utc.edu is a single human and not a list?
If the autoresponder is sane, it
Dave Crocker wrote:
On 4/9/2014 3:05 PM, John Levine wrote:
In article 5345831b.4030...@dcrocker.net you write:
Their implementation is not 'broken'.
I'd say it's pretty badly broken if Yahoo intends for their web mail
to continue to be a general purpose mail system for consumers. If
they
On 4/9/2014 7:25 PM, Miles Fidelman wrote:
Dave Crocker wrote:
Everything they are doing is legal.
Your (possibly entirely valid) assessment that their action is
ill-advised or unpleasant does not equal broken.
Well, sort of - given that DMARC is still an Internet draft, not even an
Dave Crocker wrote:
On 4/9/2014 7:25 PM, Miles Fidelman wrote:
Dave Crocker wrote:
Everything they are doing is legal.
Your (possibly entirely valid) assessment that their action is
ill-advised or unpleasant does not equal broken.
Well, sort of - given that DMARC is still an Internet draft,
On Wed, Apr 9, 2014 at 6:11 PM, bmann...@vacation.karoshi.com wrote:
and just how is an algorithm supposed to detect that
jeff-k...@utc.edu is a single human and not a list?
If the autoresponder is sane, it looks for:
List-Id: North American Network Operators Group
On 4/9/2014 5:45 PM, George Michaelson wrote:
procmail is a rewrite of MMDF mailfilter. badly.
Thanks, but I believe it slightly preceded MMDF's equivalent facility. On the
average, Allman put comparable features into sendmail sooner than I did.
Procmail's user interface, if you can call it
Aside from a horrid config notation. the main problem for me has always
been getting sysadmins to include the changes which expose envelope-sender
and envelope-recipient to procmail. Thats not procmail, its the way
procmail is typically called. Without it, some stuff simply cannot be done
because
Hi Dave,
On Wed, Apr 09, 2014 at 12:27:55PM -0500, Dave Crocker wrote:
But it's the result of an informed
corporate choice rather than software or operations error.
Why do you think (it seems to me you've said it more than once) that
this was informed choice? If I go to http://dmarc.org/,
On Wed, Apr 9, 2014 at 8:04 PM, Miles Fidelman
mfidel...@meetinghouse.netwrote:
On 4/9/2014 7:25 PM, Miles Fidelman wrote:
Yahoo! is choosing to apply the technology for usage scenarios that have
long been known to be problematic. Again, they've made an
In fact... it is too generous to say
44 matches
Mail list logo