On 04/21/2014 12:37 PM, Vlatko Salaj wrote:
> I think Franck wrote:
>>> That doesn't seem to me like a shocking level of trust.
>> Yes indeed, but then, the recent breaches shows too much trust
>> has been sprinkled all around. Many ESP will provide you with
>> dedicated IPs for your sends, this al
On Monday, April 21, 2014 9:01 PM, "dmarc-requ...@ietf.org"
wrote:
>> That doesn't seem to me like a shocking level of trust.
> Yes indeed, but then, the recent breaches shows too much trust
> has been sprinkled all around. Many ESP will provide you with
> dedicated IPs for your sends, this all
- Original Message -
> From: "Joseph Humphreys"
> To: dmarc@ietf.org
> Sent: Monday, April 21, 2014 9:01:16 AM
> Subject: Re: [dmarc-ietf] alignment and parsing logic as optionals
>
> On Fri, Apr 18, 2014 at 2:00 PM, Franck Martin
> wrote:
> &
On Fri, Apr 18, 2014 at 2:00 PM, Franck Martin wrote:
>
>> If you are willing to accept additional DNS lookups, you actually
>> could use this to alleviate the mailing list problem, just by adding
>> an include syntax for aligned domain lists. That would create a
>> mechanism for people to make pu
On Fri, 18 Apr 2014 13:04:08 -0400, Joseph Humphreys wrote:
> Again, I have not been proposing this as a solution for mailing lists.
> It solves at least two other problems: third-party bounce handlers,
> and using your own domain with some large mail providers like gmail.
> In either case, the
- Original Message -
> From: "Joseph Humphreys"
> To: dmarc@ietf.org
> Sent: Friday, April 18, 2014 10:04:08 AM
> Subject: Re: [dmarc-ietf] alignment and parsing logic as optionals
>
> On Fri, Apr 18, 2014 at 4:50 AM, Murray S. Kucherawy
> wrote:
>
On Fri, Apr 18, 2014 at 4:50 AM, Murray S. Kucherawy
wrote:
>>
>> The alignment domain-list solution seems trivial to me, and it works
>> without active support from the sender, which is nice.
>
>
> How does it work without active support from the sender? Doesn't the sender
> first have to ensure
On Friday, April 18, 2014 10:44 AM, Murray S. Kucherawy
wrote:
> So you don't want the authentication enforcement, only the reports?
no, i do want authentication enforcement. i do not want alignment enforcement.
i want parsing of both SPF and DKIM in AND-based logic and i want it
standardized,
On Friday, April 18, 2014 10:44 AM, Murray S. Kucherawy
wrote:
> Assuming they're all dumb or lazy because they're "missing the point"
> seems like a pretty bad place from which to start.
didn't happen.
> If all people get is snark when they probe your ideas, I'm pretty sure
> they'll just
On Thu, Apr 17, 2014 at 12:37 PM, Tomki Camp wrote:
> What about a scenario where a user would like to
> - receive DMARC reporting
> - request DMARC-aware receivers reject email which does not pass base
> authentication measures (SPF or DKIM), but not apply the next step of
> alignment enforcemen
On Thu, Apr 17, 2014 at 10:01 AM, Joseph Humphreys <
jhumphr...@salesforce.com> wrote:
> The alignment domain-list solution seems trivial to me, and it works
> without active support from the sender, which is nice.
>
How does it work without active support from the sender? Doesn't the
sender fir
On Thu, Apr 17, 2014 at 11:20 PM, Vlatko Salaj wrote:
> > I think if you want to get your ideas understood and thus adopted,
> > you're going to have to set your patience and politeness thresholds
> > a lot higher than they are now.
>
> i do not have much patience for ppl that have no time to read
On Thu, Apr 17, 2014 at 7:51 AM, Vlatko Salaj wrote:
> making DMARC strictly based on OR-logic will get it obsolete as soon as
> someone finds a way to exploit any of the underlying mechanism, and that's
> already possible, either through DKIM replay attack, or through spoofed SPF
> authentication
> I think if you want to get your ideas understood and thus adopted,
> you're going to have to set your patience and politeness thresholds
> a lot higher than they are now.
i do not have much patience for ppl that have no time to read step by step
example, but do have time to write a lengthy resp
On Thu, Apr 17, 2014 at 1:42 PM, Vlatko Salaj wrote:
>
> wrong conclusion, but i'm not gonna repeat myself.
> one example should be enough to everybody.
>
>
I think if you want to get your ideas understood and thus adopted, you're
going to have to set your patience and politeness thresholds a lot
On Thursday, April 17, 2014 9:38 PM, Tomki Camp wrote:
> Could it be set up as allowing aspf=n for “align SPF = none” and adkim=n?
i find this a convenient way of introducing alignment-OFF logic, yes.
also, aspf and adkim tags would be a best place for alignment domain-list, imo.
for example "a
On Thursday, April 17, 2014 10:14 PM, "Popowycz, Alex" wrote:
> But if your ESP is where your email originates, then citing them in your
> SPF is appropriate.
wrong conclusion, but i'm not gonna repeat myself.
one example should be enough to everybody.
> As for small domains being able to sen
Original Message-
From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of Vlatko Salaj
Sent: Thursday, April 17, 2014 1:33 PM
To: dmarc@ietf.org
Subject: Re: [dmarc-ietf] alignment and parsing logic as optionals
On Thursday, April 17, 2014 6:53 PM, John Levine wrote:
>> I don't
On Thu, Apr 17, 2014 at 3:04 PM, John Levine wrote:
> On 4/17/14, 1:03 PM, Joseph Humphreys wrote:
>
>>
>> The alignment domain-list solution seems trivial to me, and it works
>> without active support from the sender, which is nice.
>
>
> As I understand it, it requires a domain to enumerate ever
. SPF alignment required in
relaxed mode; to pass DMARC-SPF, SPF must pass and be in alignment”
--
Tomki
-Original Message-
From: "J. Trent Adams"
Date: Thursday, April 17, 2014 at 11:02
To: Vlatko Salaj , "dmarc@ietf.org"
Subject: Re: [dmarc-ietf] alignment
The ISP rewrites the MAIL FROM to deflect bounces. This passes SPF (IP
matches MAIL FROM), and also passes DMARC's aligned SPF (RFC822 From has
the original sender domain, which includes the ISP's IP range).
Please tell me what I'm missing.
A DMARC SPF pass requires that the MAIL FROM domain
On 4/17/14, 1:03 PM, Joseph Humphreys wrote:
The alignment domain-list solution seems trivial to me, and it works
without active support from the sender, which is nice.
As I understand it, it requires a domain to enumerate every mailing list
domain in which any of its users participate in it
On Thu, Apr 17, 2014 at 2:04 PM, Miles Fidelman
wrote:
> Not sure who wrote this anymore:
>>>
>>> At one time I suggested adding a feature to list domains that could
>>> be considered "in alignment" with yours. So if a domain owner wanted
>>> to authorize an email service provider, they could just
Not sure who wrote this anymore:
At one time I suggested adding a feature to list domains that could
be considered "in alignment" with yours. So if a domain owner wanted
to authorize an email service provider, they could just add something
to their DMARC policy to specify the domain the ESP uses
Vlatko -
On 4/17/14 11:32 AM, Vlatko Salaj wrote:
[ snip ]
> so, my domain-email sent from yahoo mail isn't aligned. however, it is
> legitimate, it is DKIM-signed and it has proper SPF.
>
> out of my 15 small-business customers, 12 use exactly this usage scenario.
> usually google. and when i s
On Thursday, April 17, 2014 6:53 PM, John Levine wrote:
>> I don't see any scaling problem for the case of a domain used by a single
>> entity that wants to authorize a few service providers to send email on
>> its behalf.
> Is that really a problem? I was under the impression that a sender either
On Thu, Apr 17, 2014 at 10:01 AM, Joseph Humphreys <
jhumphr...@salesforce.com> wrote:
> It's a problem if the service provider wants to offer bounce processing by
> using their own domain for the return path, which I think is not uncommon.
> That puts SPF out of alignment.
>
I think the differen
On Thu, Apr 17, 2014 at 12:52 PM, John Sweet wrote:
> On Thursday, April 17, 2014 5:44 PM, Joseph Humphreys wrote:
>>
>> At one time I suggested adding a feature to list domains that could be
>> considered "in alignment" with yours. So if a domain owner wanted to
>> authorize an email service prov
On Thu, Apr 17, 2014 at 12:49 PM, John Levine wrote:
>> > 3. alignment domain-list value to include in alignment check:
>>
>>
>> It doesn't scale as a complete solution for mailing lists. I don't see
>> any scaling problem for the case of a domain used by a single entity
>> that wants to auth
On Thursday, April 17, 2014 5:44 PM, Joseph Humphreys wrote:
> At one time I suggested adding a feature to list domains that could be
> considered "in alignment" with yours. So if a domain owner wanted to
> authorize an email service provider, they could just add something to their
> DMARC policy
> 3. alignment domain-list value to include in alignment check:
It doesn't scale as a complete solution for mailing lists. I don't see
any scaling problem for the case of a domain used by a single entity
that wants to authorize a few service providers to send email on its
behalf.
Is that
On Thursday, April 17, 2014 5:44 PM, Joseph Humphreys wrote:
> At one time I suggested adding a feature to list domains that could
> be considered "in alignment" with yours. So if a domain owner wanted
> to authorize an email service provider, they could just add something
> to their DMARC policy
On Thu, Apr 17, 2014 at 11:41 AM, MH Michael Hammer (5304)
wrote:
>
> > 3. alignment domain-list value to include in alignment check: list of
> domains
> > the domain owner wants to have included in DMARC alignment check,
> > complementing
> > from: header domain; this will cover almost all cases
> -Original Message-
> From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of Vlatko Salaj
> Sent: Thursday, April 17, 2014 10:51 AM
> To: dmarc@ietf.org
> Subject: Re: [dmarc-ietf] alignment and parsing logic as optionals
>
> On Thursday, April 17, 2014 8:22 AM
On Thursday, April 17, 2014 8:22 AM, Murray S. Kucherawy wrote:
> For the "and" case, yes, that's possible to add if there's enough demand
> to add it. So far the people that have tried this are satisfied with the
> "or" logic.
making DMARC strictly based on OR-logic will get it obsolete as soon
atko.sa...@goodone.tk]
> *Sent: *Thursday, April 17, 2014 01:50 AM Eastern Standard Time
> *To: *dmarc@ietf.org
> *Subject: *Re: [dmarc-ietf] alignment and parsing logic as optionals
>
> On Wednesday, April 16, 2014 11:39 PM, Murray S. Kucherawy wrote:
>
>
> > I wouldn&#x
gt;]
Sent: Thursday, April 17, 2014 01:50 AM Eastern Standard Time
To: dmarc@ietf.org
Subject: Re: [dmarc-ietf] alignment and parsing logic as optionals
On Wednesday, April 16, 2014 11:39 PM, Murray S. Kucherawy wrote:
> I wouldn't take the lack of answers terribly personally.
i rly don&
On Wed, Apr 16, 2014 at 10:50 PM, Vlatko Salaj wrote:
> > One way of viewing DMARC is that it seeks to allow a domain owner to have
> > better control of how its domain is used, so I don't know what this would
> > accomplish. If alignment is optional, what does DMARC do policy-wise that
> > DKIM a
On Wednesday, April 16, 2014 11:39 PM, Murray S. Kucherawy wrote:
> I wouldn't take the lack of answers terribly personally.
i rly don't. i just found it rly lolable how everybody is whining about
ietf's purpose here, while list's main aim is about technical contributions
to the dmarc standard,
On Wednesday, April 16, 2014 7:44 PM, MH Michael Hammer (5304) wrote:
> I haven't seen any other post from you with this subject line.
http://www.ietf.org/mail-archive/web/dmarc/current/msg00749.html
--
Vlatko Salaj aka goodone
http://goodone.tk
__
40 matches
Mail list logo
