Bravo! At last. Spam is a clutter of our way to use TCP/IP and SMTP in
which criminal and cyberwarfare actions develop. I was interested talking
about vulnerability to internet with the Chair of a Banking Association
Committee on Security to hear him calling spam saturation bombing.
Solution
On May 28, 2004, at 2:42 PM, Paul Vixie wrote:
If there's a more blatant example of rubber stamping in the history of
IETF, then I hope a better historian than I can share the archives with
me.
If there's a more blatant example of mischaracterization in the history
of IETF
-andy
From: Andrew Newton [EMAIL PROTECTED]
To: Paul Vixie [EMAIL PROTECTED]
If there's a more blatant example of rubber stamping in the history of
IETF, then I hope a better historian than I can share the archives with
me.
If there's a more blatant example of mischaracterization in the
As the AD who sponsored this work, I have to disagree. ...
The recent interim meeting resulted in an agreement to work on
a converged spec taking ideas from SPF and Caller-ID.
Why? These are latecomers to the field. Or is it because of this:
As the AD who sponsored this work, I have to disagree. ...
The recent interim meeting resulted in an agreement to work on
a converged spec taking ideas from SPF and Caller-ID.
Why? These are latecomers to the field. Or is it because of this:
[EMAIL PROTECTED] (Vernon Schryver) writes:
...
If your ISP is incompetent at configuring an SMTP server, then whose
fault is it that you continue to buy bad service? Why don't you treat
your incompetent locl provider of Client only, non-public address
or Client only, public address as a
Open letter.
[EMAIL PROTECTED] (Nathaniel Borenstein) writes:
...
However, you are right that my current laptop configuration is one of
many that won't work when Caller-ID or SPF records come into use for
the domain guppylake.com. At that point, obviously, I will change my
laptop's
At 6:42 PM + 05/28/2004, Paul Vixie wrote:
As the AD who sponsored this work, I have to disagree. ...
The recent interim meeting resulted in an agreement to work on
a converged spec taking ideas from SPF and Caller-ID.
Why? These are latecomers to the field. Or is it because of this:
Sigh. None of these proposals will work, and none really even deserve much
attention, since this subject and all sorts of related proposals have been
discussed __AT_LENGTH__ before.
** I have already demonstrated (or rather, pointed out that others have
already discovered this) to near
Perry E. Metzger writes:
I think the easy solution is just to block port 25
You can stop right there. The rest is so much
wishful thinking.
Mike
unless someone asks
for it to be opened. Average users have no idea what
port 25 does or even what TCP is, so they won't
On Sun, 30 May 2004 23:20:49 -0600 (MDT)
Vernon Schryver [EMAIL PROTECTED] wrote:
From: Mark Smith
[EMAIL PROTECTED]
Yes, spam filtering can be quite effective.
Not using spam filtering ... I don't like the chances of
false positives or negatives.
Today either you filter spam,
On May 30, 2004, at 8:26 PM, Vernon Schryver wrote:
I don't mind in the least if Mr. Borenstein has changed his mind but
does not wish to say so.
To the best of my knowledge I haven't changed my mind about anything,
but I'm done with this argument. Anyone who chooses to re-read the
thread will
Can this thread die, please?
On 31-mei-04, at 7:20, Vernon Schryver wrote:
Yes, spam filtering can be quite effective.
Not using spam filtering ... I don't like the chances of false
positives or negatives.
[...]
My various layers of filters averaged 521 spam/day for the last 40
days.
And how
--On Thursday, May 27, 2004 12:51:49 -0600 Vernon Schryver
[EMAIL PROTECTED] wrote:
block port 25 for all types of IP
service except the one that draft-klensin-ip-service-terms-01.txt calls
Full Internet Connectivity.
(agreeing with Iljitsch on this snippet)
I have a *very* hard time
From: =?ISO-8859-1?Q?M=E5ns_Nilsson?= [EMAIL PROTECTED]
block port 25 for all types of IP
service except the one that draft-klensin-ip-service-terms-01.txt calls
Full Internet Connectivity.
I have a *very* hard time seeing an IETF document (or discussion on the
list) coming even close
This would be a very interesting philosophical argument if in fact what
we were discussing was something that could take a significant bite out
of spam. In the absence of such an ability, however, the real question
is whether user accounts should be crippled in the name of spam
fighting when
From: Nathaniel Borenstein [EMAIL PROTECTED]
This would be a very interesting philosophical argument if in fact what
we were discussing was something that could take a significant bite out
of spam. In the absence of such an ability, however, the real question
is whether user accounts
On May 30, 2004, at 10:45 AM, Vernon Schryver wrote:
Mr. Borenstein and others like him expect the rest of us to subsidize
their $30/month connectivity by dealing with the network abuse of his
fellow customers, because they find $30/month comfortable.
Just for the record, I spend plenty more than
On Sun, 30 May 2004 08:45:41 -0600 (MDT)
Vernon Schryver [EMAIL PROTECTED] wrote:
From: Nathaniel Borenstein [EMAIL PROTECTED]
snip
As Mr. Borenstein knows, a substantial fraction and probably
most spam is current sent using $30/month consumer accounts.
The spam that is not sent using
Received: from mail.optistreams.net (206-169-2-196.gen.twtelecom.net [206.169.2.196])
by calcite.rhyolite.com (8.12.11/8.12.11) with ESMTP id i4UG8bio077225
for [EMAIL PROTECTED] env-from [EMAIL PROTECTED];
Sun, 30 May 2004 10:08:38 -0600 (MDT)
From: Nathaniel Borenstein
From: Mark Smith [EMAIL PROTECTED]
people to monitor and deal with their abusive customers. That
is why many of the providers of those $30/month accounts submit
their own IP address blocks to various dynamic backlists or
block port 25 themselves.
Do you have more information or
From: Nathaniel Borenstein [EMAIL PROTECTED]
Please stop this random speculating. The ISP that was blocked is not
my current ISP (I moved last fall), so none of this is relevant.
So what ISP was blocked? Why do I suspect you are being disingenuous
and that it was a $30/month account?
On May 30, 2004, at 2:27 PM, Vernon Schryver wrote:
So what ISP was blocked?
What are you, the ISP police? Not that it's any of your business, it
was X0 DSL and I paid just under $100/month and hosted my server at
home; it was blacklisted as part of a larger block of IP addresses
beyond my
Nathaniel Borenstein [EMAIL PROTECTED] writes:
This would be a very interesting philosophical argument if in fact
what we were discussing was something that could take a significant
bite out of spam. In the absence of such an ability, however, the
real question is whether user accounts
From: Nathaniel Borenstein [EMAIL PROTECTED]
On May 30, 2004, at 2:27 PM, Vernon Schryver wrote:
So what ISP was blocked?
What are you, the ISP police? Not that it's any of your business, it
was X0 DSL
Your repeated, unprovoked public complaints about the blocking that
affected you
This is a remarkably reasonable proposal, and I would have no objection
to it (just a fear that ISPs might make it unnecessarily hard to get it
opened, but they tend to make everything hard). Heck, I might not even
mind paying an extra dollar or two per month to have it open. As long
as
From: Nathaniel Borenstein [EMAIL PROTECTED]
This is a remarkably reasonable proposal, and I would have no objection
to it (just a fear that ISPs might make it unnecessarily hard to get it
opened, but they tend to make everything hard). Heck, I might not even
mind paying an extra dollar
On Sun, 30 May 2004 11:04:32 -0600 (MDT)
Vernon Schryver [EMAIL PROTECTED] wrote:
From: Mark Smith
[EMAIL PROTECTED]
people to monitor and deal with their abusive customers.
That is why many of the providers of those $30/month
accounts submit their own IP address blocks to various
On Sun, 30 May 2004 17:16:42 -0400
Perry E. Metzger [EMAIL PROTECTED] wrote:
Nathaniel Borenstein [EMAIL PROTECTED] writes:
This would be a very interesting philosophical argument if in
fact what we were discussing was something that could take a
significant bite out of spam. In the
... HREF=http://sa.vix.com/~vixie/mailfrom.txt;MAIL-FROM/A.
I do not see a draft in the ietf process anyplace . Was this
ever submitted ? I do notice that several of the other
proposal's make mention of this work , But in none of them do
they mention it as a
Iljitsch van Beijnum wrote:
On 27-mei-04, at 16:56, [EMAIL PROTECTED] wrote:
(I've yet to see a proposal that works if the spammers start
utilizing zombie machines that snarf the already-stored credentials
of the user
to send mail)
The question is whether spammers can obtain new credentials
From: John Stracke [EMAIL PROTECTED]
(I've yet to see a proposal that works if the spammers start
utilizing zombie machines that snarf the already-stored credentials
of the user
to send mail)
The question is whether spammers can obtain new credentials (stolen or
otherwise)
Paul,
MARID was formed to merge Microsoft Caller-ID with SPF and so far has
been successfully used by Microsoft to bully us to submit to their own
proposal or else ... There are better ways to implement mail-from (i.e.
as from Paul's draft which is basicly still the basis for MARID) which
1. block port 25 to external IP addresses for all of your customers
except those with what draft-klensin-ip-service-terms-01.txt calls
Full Internet Connectivity.
... and receive a flood of complaints because 10% of your users are
using a mail service provided by someone else than
At 9:17 PM + 05/27/2004, Paul Vixie wrote:
MARID is basically a layer 9 exercise, uninterested in engineering as
such. it was formed to merge two ill considered ideas, one from yahoo
and one from microsoft, in a way that would cause either no loss of face,
or equal loss of face, for those two
From: Christian Huitema [EMAIL PROTECTED]
1. block port 25 to external IP addresses for all of your customers
except those with what draft-klensin-ip-service-terms-01.txt calls
Full Internet Connectivity.
... and receive a flood of complaints because 10% of your users are
On 28-mei-04, at 15:06, John Stracke wrote:
(I've yet to see a proposal that works if the spammers start
utilizing zombie machines that snarf the already-stored credentials
of the user to send mail)
The question is whether spammers can obtain new credentials (stolen
or otherwise) faster
In fact, there isn't any sane way to detect inconsistent header
information without external hints - this is the reason why there's the
SPF proposal, the Yahoo domain-keys proposal, and Microsoft's proposal.
And MARID.
and don't forget
On Wed, 26 May 2004 15:00:00 MDT, Vernon Schryver [EMAIL PROTECTED] said:
I don't see any of those proposals and their competitors as sane.
Oh, I wasn't addressing whether the proposals were workable, merely listing
proposals motivated by the fact that verifying the legitimacy of a sending
On 27-mei-04, at 16:56, [EMAIL PROTECTED] wrote:
the proposals aren't even a workable solution to
the real problem (I've yet to see a proposal that works if the
spammers start
utilizing zombie machines that snarf the already-stored credentials of
the user
to send mail)
It amazes me how many
Hello Paul ,
On Wed, 26 May 2004, Paul Vixie wrote:
In fact, there isn't any sane way to detect inconsistent header
information without external hints - this is the reason why there's the
SPF proposal, the Yahoo domain-keys proposal, and Microsoft's proposal.
And MARID.
and
On Thu, 27 May 2004 18:23:17 +0200, Iljitsch van Beijnum said:
There is also the possibility of blacklisting known bad credentials.
Anybody who's had to get themselves out of 3,000 private blacklists, and
anybody who's had to fight with places that were blackholing the 69/8 address
space, knows
From: [EMAIL PROTECTED]
The people who claim that something can't be done shouldn't get in the
way of the people doing it.
I didn't say it *cant* be done. I said there were known problems that any
successful solution would have to address.
Another response is to point out that all of
On 27-mei-04, at 20:51, Vernon Schryver wrote:
The vast majority of the spam that sender validating systems might
block after they have been installed in most SMTP clients 5 or 10 years
from now is rejected today at any organization that really cares about
spam using any of various tactics
On May 24, 2004, at 1:49 PM, [EMAIL PROTECTED] wrote:
In fact, there isn't any sane way to detect inconsistent header
information
without external hints - this is the reason why there's the SPF
proposal, the
Yahoo domain-keys proposal, and Microsoft's proposal.
And MARID.
-andy
From: Andrew Newton [EMAIL PROTECTED]
On May 24, 2004, at 1:49 PM, [EMAIL PROTECTED] wrote:
In fact, there isn't any sane way to detect inconsistent header
information
without external hints - this is the reason why there's the SPF
proposal, the
Yahoo domain-keys proposal, and
Since Thursday (last) I've been receiving hundreds of bounces from spam
filters and mail servers for email messages I've not sent at
[EMAIL PROTECTED] I can see from those bounces where the header info of
the orginal message is included that somebody has been using my address to
disguise the
On Mon, 24 May 2004 10:18:28 BST, Christian de Larrinaga [EMAIL PROTECTED] said:
I'm hoping that spam filters will detect the inconsistent header information
and not blacklist me at [EMAIL PROTECTED] but I'm not hopeful.
In fact, there isn't any sane way to detect inconsistent header
Hi -
From: Christian de Larrinaga [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, May 24, 2004 2:18 AM
Subject: spoofing email addresses
Since Thursday (last) I've been receiving hundreds of bounces from spam
filters and mail servers for email messages I've not sent at
[EMAIL
On May 24, 2004, at 5:18 AM, Christian de Larrinaga wrote:
Incidentally does anybody run a retribution service?
Boy, do I hope this question is a joke. But if I were running some of
the blacklisting services, I would worry that someone might get serious
about revenge. If I were a less placid
50 matches
Mail list logo
