On Mon, Apr 13, 2015 at 12:58 AM, Stephen J. Turnbull
turnb...@sk.tsukuba.ac.jp wrote:
Douglas Otis writes:
If the DMARC domain fails to step up, then a reasonable fallback
could require the display of the Sender header offering the needed
alignment.
I don't understand this. We
On April 13, 2015 5:22:52 PM EDT, Rolf E. Sonneveld
r.e.sonnev...@sonnection.nl wrote:
On 04/13/2015 08:21 PM, Murray S. Kucherawy wrote:
On Mon, Apr 13, 2015 at 12:58 AM, Stephen J. Turnbull
turnb...@sk.tsukuba.ac.jp mailto:turnb...@sk.tsukuba.ac.jp wrote:
Douglas Otis writes:
On 4/13/15 5:55 PM, Murray S. Kucherawy wrote:
On Apr 13, 2015 2:22 PM, Rolf E. Sonneveld
But, if this 'registration' does not apply to the 'mandatory tag draft',
that means that every sender will always add the weak signature +
'fs=initial domain' and a replay attack is reduced to breaking
On Apr 13, 2015 2:22 PM, Rolf E. Sonneveld
But, if this 'registration' does not apply to the 'mandatory tag draft',
that means that every sender will always add the weak signature +
'fs=initial domain' and a replay attack is reduced to breaking the weak
signature?
You can't reuse the weak
On 4/13/15 12:58 AM, Stephen J. Turnbull wrote:
Douglas Otis writes:
If the DMARC domain fails to step up, then a reasonable fallback
could require the display of the Sender header offering the needed
alignment.
I don't understand this. We already see that most professional
Rolf E. Sonneveld writes:
But, if this 'registration' does not apply to the 'mandatory tag draft',
that means that every sender will always add the weak signature +
'fs=initial domain' and a replay attack is reduced to breaking the
weak signature?
Definitely not. Some senders may do
Douglas Otis writes:
If the DMARC domain fails to step up, then a reasonable fallback
could require the display of the Sender header offering the needed
alignment.
I don't understand this. We already see that most professional
spammers exhibit From alignment on much of their traffic.