If a mailing list can perform 100% sender authentication, it makes sense to
delegate that responsibility to the list -- giving it the same treatment
as I am currently giving to the best-known ESPs.Getting there requires
a list that:
- wants one of my users as a subscriber,
- can perform 100%
> On Jul 19, 2023, at 3:21 PM, Douglas Foster
> wrote:
>
>
> Perhaps you can clarify what you think DMARC is.
>
> Apparently a significant number of evaluators think that "DMARC Fail with
> p=reject always means unwanted mail". Or to use Michael Hammer's language,
> "DMARC Fail with
On Jul 23, 2023, at 9:39 PM, Douglas Foster wrote:Neil, this is about whether to block first and ask questions later: quarantining first is safer, but not initially feasible.My working assumption is that essentially all evaluators release unauthenticated traffic to their users every day. To
Neil, this is about whether to block first and ask questions later:
quarantining first is safer, but not initially feasible.
My working assumption is that essentially all evaluators release
unauthenticated traffic to their users every day. To fix the mailing list
problem, we are proposing to
>>
>>
>
> I think it is a mistake to consider technologies such as SPF, DKIM, and DMARC
> as anti-spam. They are a component of spam mitigation, but authentication of
> an identifier isn't a solution for spam. Meng Wong (for those of you that
> weren't around, he's the one that synthesized
On July 21, 2023 6:53:03 PM UTC, "Jan Dušátko"
wrote:
>
>
>Dne 21. 7. 2023 v 16:34 Murray S. Kucherawy napsal(a):
>> On Wed, Jul 19, 2023 at 6:31 PM Douglas Foster <
>> dougfoster.emailstanda...@gmail.com> wrote:
>>
>>> I don't take DMARC as a certain result to be used in isolation, but
>>>
Doug, you’ve done a fine job of explaining as I groked what you said. If I get
I think most people here got it. I’ve been busy with work and personal life so
haven’t had as much time to lurk here. I’m curious what sparked your concern
now? Also, isn’t it best to block first and ask questions
On Fri 21/Jul/2023 20:53:03 +0200 Jan Dušátko wrote:
Dne 21. 7. 2023 v 16:34 Murray S. Kucherawy napsal(a):
On Wed, Jul 19, 2023 at 6:31 PM Douglas Foster
wrote:
My problem with your favorite line is that the domain owner's preference
is of no interest to my filtering decision, but the
Yes, a message can be malicious or unwanted, with or without correct
identification. But the two ARE correlated, not independent. Correct
identity allows correct attribution of sender reputation. Successful
impersonation allows an attacker to obtain more favorable treatment from
both the
Dne 21. 7. 2023 v 16:34 Murray S. Kucherawy napsal(a):
On Wed, Jul 19, 2023 at 6:31 PM Douglas Foster <
dougfoster.emailstanda...@gmail.com> wrote:
I don't take DMARC as a certain result to be used in isolation, but
clearly a quorum evaluators do, and hence the mailing list problem that has
On Wed, Jul 19, 2023 at 6:31 PM Douglas Foster <
dougfoster.emailstanda...@gmail.com> wrote:
> I don't take DMARC as a certain result to be used in isolation, but
> clearly a quorum evaluators do, and hence the mailing list problem that has
> caused such consternation.
>
> If we want to diminish
On Wed, Jul 19, 2023 at 10:42 PM Douglas Foster <
dougfoster.emailstanda...@gmail.com> wrote:
> Can you find a commercial product that can configure a rule which says,
> "Don't worry about DMARC if Mail from = bounceaddtess@listdomain and the
> MailFrom address produces SPF PASS"?
>
> Simple
m not a Cisco expert but, to be confirmed.
>
> Regards,
> Olivier Hureau
>
> --------------
> *De: *"Douglas Foster"
> *À: *"Dotzero"
> *Cc: *"IETF DMARC WG"
> *Envoyé: *Jeudi 20 Juillet 2023 04:41:57
> *Ob
be confirmed.
Regards,
Olivier Hureau
De: "Douglas Foster"
À: "Dotzero"
Cc: "IETF DMARC WG"
Envoyé: Jeudi 20 Juillet 2023 04:41:57
Objet: Re: [dmarc-ietf] How did DMARC go wrong, and how does our document fix
it?
Can you find a commercial product that
Can you find a commercial product that can configure a rule which says,
"Don't worry about DMARC if Mail from = bounceaddtess@listdomain and the
MailFrom address produces SPF PASS"?
Simple enough rule. If vendors understood what we want them to understand,
they would allow creation of
I don't take DMARC as a certain result to be used in isolation, but clearly
a quorum evaluators do, and hence the mailing list problem that has caused
such consternation.
If we want to diminish their numbers, we have to communicate very
differently than RFC 7489.
My problem with your favorite
On Wed, Jul 19, 2023 at 6:21 PM Douglas Foster <
dougfoster.emailstanda...@gmail.com> wrote:
> Perhaps you can clarify what you think DMARC is.
>
> Apparently a significant number of evaluators think that "DMARC Fail with
> p=reject always means unwanted mail". Or to use Michael Hammer's
>
Perhaps you can clarify what you think DMARC is.
Apparently a significant number of evaluators think that "DMARC Fail with
p=reject always means unwanted mail". Or to use Michael Hammer's
language, "DMARC Fail with p=reject means the domain owner wants it
rejected so I will reject it."These
It appears that Barry Leiba said:
>> - An attacker sends 10 messages that maliciously impersonates a
>> big bank. With help from DMARC p=reject, the evaluator blocks
>> them all. The attacker follows up with 10 messages that
>> maliciously impersonate a major university. The stupid
>>
> - An attacker sends 10 messages that maliciously impersonates a
> big bank. With help from DMARC p=reject, the evaluator blocks
> them all. The attacker follows up with 10 messages that
> maliciously impersonate a major university. The stupid
> evaluator says, "p=none means no problem here".
It appears that OLIVIER HUREAU said:
>-=-=-=-=-=-
>
>Hi,
>
>> The stupid evaluator says, "p=none means no problem here".
>
>And the non-stupid evaluator knows that p=none means that the domain owner
>doesn't (yet) have the appropriate sending infrastructure to have
>p=reject.
Or it means
ganizations started to break
> away from the IETF and RFC7489 in particular.
> You only have to look at the inconsistencies between what is suggested and
> stated in the RFC and what happens in reality to understand why it went
> wrong.
>
>
> Best,
> Olivier Hureau
>
> --
uot;Douglas Foster"
À: "IETF DMARC WG"
Envoyé: Samedi 15 Juillet 2023 13:27:04
Objet: [dmarc-ietf] How did DMARC go wrong, and how does our document fix it?
Murray recently observed, correctly, that something went horribly wrong with
the DMARC rollout, because it caused (conti
Murray recently observed, correctly, that something went horribly wrong
with the DMARC rollout, because it caused (continues to cause) many safe
and wanted messages to be blocked.
My assessment was in a recent post:
Something about the language of RFC 7489 caused implementers to focus on
24 matches
Mail list logo
