Our real goal needs to be mandatory sender authentication.Any secure
email gateway must go through these steps:
Source Analysis: Filter message from unwanted sources Sender
Authentication: Filter messages that are attempting impersonation Content
Analysis: Filter messages wi
ged than ever,
Doug Foster
From: "Dave Crocker"
Sent: Friday, May 31, 2019 12:41 AM
To: fost...@bayviewphysicians.com
Cc: "IETF DMARC WG"
Subject: Re: [dmarc-ietf] Debugging and preventing DKIM failures-
suggestion
Thank you for the education The IETF list processor seems to be an
illustration of your point.
It invalidates the orginal sender's signature Then it adds an
ietf.org
signature Then the message is relayed internally within a single IETF
server, where the IETF signature is invali
Problem
DKIM verification failures are difficult to debug because the recipient
cannot detect where the problem occurred or why.
Proposed Solutions
1) Identify the point of failure
It would seem helpful to support a DKIM trace record that a device can use
to indicate that it d
The genius of DMARC, as compared to DKIM and SPF alone, is the feedback
component. Unfortunately, sender authentication remains challenged by
these issues:
Limited deployment of DMARC feedback between senders and receivers.
Significant levels of SPF and DKIM validation e
org
Subject: Re: [dmarc-ietf] Rethinking DMARC for PSDs
On April 8, 2019 11:08:30 PM UTC, "Kurt Andersen (b)"
wrote:
>On Mon, Apr 8, 2019 at 3:55 PM Douglas E. Foster <
>fost...@bayviewphysicians.com> wrote:
>
>> I don't know how to express my shock at tod
ence rules need to make it into the specification.
From: "Kurt Andersen (b)"
Sent: Monday, April 8, 2019 7:09 PM
To: fost...@bayviewphysicians.com
Cc: "dmarc@ietf.org"
Subject: Re: [dmarc-ietf] Rethinking DMARC for PSD
I don't know how to express my shock at today's conversations. One of the
shocks comes from this:
We have consensus that the better email filters do not need the DMARC for
PSDs standard, because they are already blocking non-existent domains.
The inferior email filters are not expected t
the interim, I am open to recommendations for good spam filters. I
have been trying to avoid disparaging the bad ones by name in a public
forum.
Doug Foster
From: "John R Levine"
Sent: Monday, April 8, 2019 9:41 AM
To: "Do
roprietary databases that only the richest vendors can offer.
Doug Foster
From: "Jeremy Harris"
Sent: Monday, April 8, 2019 7:21 AM
To: dmarc@ietf.org
Subject: Re: [dmarc-ietf] Rethinking DMARC for PSDs
On 08/04/2019 12:02, Do
Have the national CIRT groups made an issue about needing to block
non-existent domains?
Because a spammer can create a non-existent government agency like
"irs.audit.gov", this email weakness becomes a national security issue and
should be handled as a CVE.This should get the vendors mo
Mr Levine brings up the valid point that there are a lot of mail filters
with inadequate capabilities. I determined that my two products have
inexcusable weaknesses, so I went shopping.
I had only these rudimentary requirements:
IP filteringReverse DNS filtering Multi-factor w
I understand how much work it takes to create consensus toward an IETF
standard, but I suggest that the problem needs to be re-examined because
DMARC for PSDs seems to be neither the sufficient solution nor the
necessary one.
The problem:
Spammers use non-existent domains to achieve
g hype :-).
Ta.
I.
-
Dr Ian Levy
Technical Director
National Cyber Security Centre
i...@ncsc.gov.uk
(I work stupid hours and weird times - that doesn't mean you have to. If this
arrives outside your normal working hours, don't feel compelled to respond
immediately!)
-
Certainly not.
You cannot drop existing defenses until the new standard is 100% deployed on
the Internet, which means probably never.Your experimental implementation
will need to prioritize the new test over the SPF test, to prove that it is
working and to show that it is good at intercept
Based on my frustration with observed product offerings, it feels like no
one has articulated a reference model of how spam filters should operate --
either that, or the vendors are just ignoring such work.
The SPF / DKIM / DMARC standards define what senders should do, but I
don't think it
I tried to understand what IETF is doing about email security, and this
working group seems to be the only surviving effort. Based on the index,
the groups attention is focused on polishing the existing DMARC
implementaton rather than plowing new territory. Given the devastating
effect of W
101 - 117 of 117 matches
Mail list logo
