s discussing changing
the algorithm or adding another algorithm.
I am not clear on how changing the algorithm addresses the DKIM replay problem.
Can you explain to us how this will address the issue the group is currently
chartered to address?
laura (participating)
--
The Delivery Expert
Lau
door.
>>>
>>> R's,
>>> John
>>>
>>> ___
>>> Ietf-dkim mailing list
>>> Ietf-dkim@ietf.org
>>> https://www.ietf.org/mailman/listinfo/ietf-dkim
>>>
>>
&
> On 1 Sep 2023, at 18:31, Grant Taylor
> wrote:
>
> On 9/1/23 3:32 AM, Laura Atkins wrote:
>> You don’t know that they don’t do spamfiltering on outbound messages. You
>> don’t see what they catch and don’t send. What you do see is when that spam
>> filterin
ith that
>> in mind.
>
> I still think that it's hypocritical to have zero spam filtering on outbound
> email while having any spam filtering on inbound email.
laura (participating)
--
The Delivery Expert
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Delivery hints and commentary: http://wordtothewise.com/blog
___
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
round; good reputation to spot good actors.
>
> Much like a brand new domain is effectively neutral immediately after it's
> created. Said domain earns a reputation either good or bad over time.
In reality “new” domains are actually treated more negatively than neutral in
many
spectrum transmission
> style...)
My understanding is that one of the primary ways to ID a replay is using Google
postmaster tools and seeing increases in their graphs without a corresponding
increase in volume from their systems.
laura
--
The Delivery Expert
Laura Atkins
Word to the Wis
> On 16 Aug 2023, at 12:59, Alessandro Vesely wrote:
>
> On Wed 16/Aug/2023 11:17:50 +0200 Laura Atkins wrote:
>>> On 16 Aug 2023, at 09:57, Alessandro Vesely wrote:
>>> How about enacting common sense rules such as Never sign anything without
>>> readi
> On 16 Aug 2023, at 09:57, Alessandro Vesely wrote:
>
> On Tue 15/Aug/2023 14:59:18 +0200 Laura Atkins wrote:
>>> On 15 Aug 2023, at 12:36, Alessandro Vesely wrote:
>>> On Tue 15/Aug/2023 08:10:23 +0200 Bron Gondwana wrote:
>>
>>>> "Probl
onclusion. But,
again, for whatever reason it wasn’t something that was anticipated to be a big
problem.
> Kinder, simpler days.
Very much so.
laura (participating)
--
The Delivery Expert
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Delivery hints and co
> On 15 Aug 2023, at 17:32, Jim Fenton wrote:
>
> On 15 Aug 2023, at 5:59, Laura Atkins wrote:
>
>> But the reality is: bad-actors are going to get through every process. If we
>> could ID spammers up front and stop them from spamming we’d very likely have
>>
eputation of the
victim domain results in better mail delivery for the attacker than using
domains they own or control.
There might be a plact, too, to describe the effects on the victims. Sender
victims have mail they wouldn’t normally allow out in volume impact their
reputati
> On 9 Aug 2023, at 15:55, Murray S. Kucherawy wrote:
>
> On Wed, Aug 9, 2023 at 2:54 AM Laura Atkins <mailto:la...@wordtothewise.com>> wrote:
>> If there are multiple BCCs that implies that whatever is creating the mail
>> must make individual copies of
f heavy lifting to be done to make sure that the
individual recipient only sees a copy of the message with their address in the
BCC header.
If there are multiple BCCs that implies that whatever is creating the mail must
make individual copies of the message with only the BCC r
> On 6 Aug 2023, at 19:07, Jesse Thompson wrote:
>
> On Sat, Aug 5, 2023, at 6:50 AM, Laura Atkins wrote:
>>> On 5 Aug 2023, at 02:43, Jesse Thompson >> <mailto:z...@fastmail.com>> wrote:
>>>
>>> On Thu, Aug 3, 2023, at 11:08 AM, Laura
> On 5 Aug 2023, at 02:43, Jesse Thompson wrote:
>
> On Thu, Aug 3, 2023, at 11:08 AM, Laura Atkins wrote:
>> I agree with this and have been working to recruit folks to come here. I’ll
>> also be in Brooklyn and pitching the need for participation in the IETF
>>
k, and I'll be
> interested to see what results from that.
I agree with this and have been working to recruit folks to come here. I’ll
also be in Brooklyn and pitching the need for participation in the IETF working
group from folks in the email space who are seeing issues with this.
laura
the spec focus on the spec vs. how much does it discuss all the
examples and data about why we got to this as the spec. I think that the why,
condensed down in a supporting document, is valuable. I think, though, that as
part of the spec it’s a distraction.
laura (participating)
--
The De
said, this'll be my last opinion on that point, as I don't think
> it's worth a great deal of debate and I'm happy to accept whatever
> consensus we wind up with. Better to spend the effort on the
> solution.
>
> Barry
>
> On Tue, Aug 1, 2023 at 1:30
a
--
The Delivery Expert
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Delivery hints and commentary: http://wordtothewise.com/blog
___
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
> On 10 Apr 2023, at 19:38, Murray S. Kucherawy wrote:
>
> On Mon, Apr 10, 2023 at 11:24 AM Scott Kitterman <mailto:ietf-d...@kitterman.com>> wrote:
>> On Monday, April 10, 2023 2:05:28 PM EDT Laura Atkins wrote:
>> ...
>> > There is currently
Laura and Tim, as chairs
--
The Delivery Experts
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Email Delivery Blog: http://wordtothewise.com/blog
___
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman
Wei’s draft so that we have text to work
with and on. The list is still on moderation status but we will be approving
posts.
laura
--
The Delivery Experts
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Email Delivery Blog: http://wordtothewise.com/blog
mas wrote:
>
>
>
> On 3/28/23 2:31 AM, Laura Atkins wrote:
>> Dear Michael,
>>
>> Your message of 27 March quoted in its entirety below, included _ad hominem_
>> attacks against another participant. _Ad hominem_ is a fallacious form of
>> argument
you to return to disrupting the work of the group, we shall
undertake action under BCP 25.
Sincerely,
Laura (for the chairs)
> On 27 Mar 2023, at 17:04, Michael Thomas wrote:
>
>
> On 3/27/23 8:46 AM, Scott Kitterman wrote:
>>
>> On March 27, 2023 3:10:40 PM UTC,
Sent from my iPhone
> On Mar 27, 2023, at 6:40 PM, Scott Kitterman wrote:
>
> On Monday, March 27, 2023 12:42:25 PM EDT Laura Atkins wrote:
>>>> On 27 Mar 2023, at 16:46, Scott Kitterman wrote:
>>>
>>> On March 27, 2023 3:10:40 PM UTC, Laura Atkins
> On 27 Mar 2023, at 16:46, Scott Kitterman wrote:
>
>
>
> On March 27, 2023 3:10:40 PM UTC, Laura Atkins
> wrote:
>>
>>
>>> On 26 Mar 2023, at 11:13, Murray S. Kucherawy wrote:
>>>
>>> On Sat, Mar 25, 2023 at 10:29 AM Michael T
has
worked and what hasn’t worked. Given the current state of the group, I simply
don’t think we have the time to put this into the problem statement and get it
out in time.
I do think we have the time and space to discuss techniques after the problem
statement is done and include it in one
iling list
>> Ietf-dkim@ietf.org
>> https://www.ietf.org/mailman/listinfo/ietf-dkim
>
> ___
> Ietf-dkim mailing list
> Ietf-dkim@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-dkim
--
The Delivery Experts
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Email Delivery Blog: http://wordtothewise.com/blog
___
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
t doesn't
> allow it. If it's actually "sign for the next ADMD", that problem goes away,
> but the definition of "ADMD" gets a bit muddy because now you have to include
> in that definition any MX that might be providing transparent
> store-and-forward.
mind and bring
> it to IETF to vet in the wider community. That sure sounds like a research
> project to me.
>
> Mike
>
> ___
> Ietf-dkim mailing list
> Ietf-dkim@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-dkim
--
e of authentication protocols that are independent and
interdependent.
laura (participating)
--
The Delivery Experts
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Email Delivery Blog: http://wordtothewise.com/blog
___
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
> On 24 Mar 2023, at 16:48, Michael Thomas wrote:
>
>
> On 3/24/23 6:14 AM, Laura Atkins wrote:
>> Please, let’s focus on the current issue with is addressing and refining
>> the problem statement.
>
> So you agree with me that any discussion of ARC and its
Great! Thanks.
laura
> On 24 Mar 2023, at 14:14, Wei Chuang wrote:
>
> +1 I'm working on it.
>
> -wei
>
> On Fri, Mar 24, 2023, 6:45 AM Dave Crocker <mailto:d...@dcrocker.net>> wrote:
>> On 3/24/2023 6:42 AM, Laura Atkins wrote:
>> > W
consensus of the group?
Do we have any volunteers to handle editing duties?
laura
--
The Delivery Experts
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Email Delivery Blog: http://wordtothewise.com/blog
___
Ietf-dkim mailing
have on the table.
> Plus, frankly, I made up those dates during chartering. The chairs and I
> haven't discussed whether they're reasonable or whether something else should
> be there. If people want to propose adjustments, I'm all ears.
I do want to stick with April
There has always been the ability to build reputation
> regardless of the domain doing the signing. This re-chartering of the DKIM wg
> wouldn't be happening if that were not true. There seems to be an awful lot
> of magical thinking going on with it.
>
> Mike
>
etty much impossible to test the recommendations to see if they
> are correct.
The IETF process will be followed for any documents published by this working
group.
laura
--
The Delivery Experts
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Email Delivery Blog: http:
> On 9 Mar 2023, at 22:47, Michael Thomas wrote:
>
>
> On 3/7/23 4:09 AM, Laura Atkins wrote:
>> There is a current problem statement at
>> https://datatracker.ietf.org/doc/draft-chuang-dkim-replay-problem/. Please
>> take a moment to read through it and provi
laura (as chair)
--
The Delivery Experts
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Email Delivery Blog: http://wordtothewise.com/blog
___
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
not equal opportunity: they target
the large consumer mailbox providers. So if the problem only affects groups
that are this tall, then a solution that fixes it for those providers might be
reasonable.
laura
--
The Delivery Experts
Laura Atkins
Word to the Wise
la...@wordto
;
> -Wei
>
>
> d/
>
> --
> Dave Crocker
> Brandenburg InternetWorking
> bbiw.net <http://bbiw.net/>
> mast:@dcrocker@mastodon.social
>
> ___
> Ietf-dkim mailing list
> Ietf-dkim@ietf.org <mailto:Ietf-dk
ocol to make it more
resistant to replay attacks? Telling the victims that the problem is they’re
not doing outbound filtering isn’t helpful, nor does it address the problem.
Expecting the spammer to do outbound filtering doesn’t seem to be a useful
pathway. If we could convince spammers to ou
down to a TTL issue on the DKIM's public key record in
> DNS and implementation complexity.
>
> What am I failing to take into account?
Operational overhead.
laura
--
The Delivery Experts
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Email Delivery Blog: http://wordt
The question is whether we should proclaim that the bar needs to be even
> higher, maybe even an all-or-nothing proposition. I'm suggesting that's not
> a good idea.
Agreed.
laura
--
The Delivery Experts
Laura At
rver to any number of
>> recipients, using any number of envelopes, to your heart's content. Won't
>> pass SPF, but it passes DKIM. If the receiver values DKIM more, or only
>> cares if one passes, you win
>>
> No, I mean that the if number of RCPT
n your mail. That, though, sounds a
> lot to me like tossing DKIM in the bin
Agreed.
laura
--
The Delivery Experts
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Email Delivery Blog: http://wordtothewise.com/blog
___
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
> relative to the replay problem, might be a possible output? It's within the
> realm of possibility that no protocol work comes out of this, but a
> "checkpoint" about current realities might be good to publish in that case.
I think a checkpoint / review is a good goal fo
a solution.
Of course, that is not going to address the replay attack problem at all.
laura
--
The Delivery Experts
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Email Delivery Blog: http://wordtothewise.com/blog
___
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
, please contact me off-list.
+1
laura
--
The Delivery Experts
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Email Delivery Blog: http://wordtothewise.com/blog
___
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
imental trials first.
>
> Current proposals include the following drafts:
>
> - draft-bradshaw-envelope-validation-extension-dkim
> - draft-chuang-replay-resistant-arc
> - draft-gondwana-email-mailpath
> - draft-kucherawy-dkim-anti-replay
>
> The working gro
icks to avoid port25 blocking and a
whole host of other things that cost money, time and other resources.
--
The Delivery Experts
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Email Delivery Blog: http://wordtothewise.com/blog
___
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
s the desired signalling information, without being useful for
>> replay.
>>
>> d/
>>
>> --
>> Dave Crocker
>> Brandenburg InternetWorking
>> bbiw.net
>> mast:@dcrocker@mastodon.social
>>
>> _______
> On 15 Nov 2022, at 12:29, Murray S. Kucherawy wrote:
>
> On Mon, Nov 14, 2022 at 11:04 AM Laura Atkins <mailto:la...@wordtothewise.com>> wrote:
> Does it make sense to add in a brief discussion of ‘responsibility for the
> message'? As I see it, responsibility
l isn’t going out through your network, you have
very little control and if you don’t have control can you really be responsible?
laura
--
The Delivery Experts
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Email Delivery Blog: http://wordtothewise.com/blog
___
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
alking about ESPs?
Yes. I was.
laura
--
The Delivery Experts
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Email Delivery Blog: http://wordtothewise.com/blog
___
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
> On 11 Nov 2022, at 11:33, Alessandro Vesely wrote:
>
> On Fri 11/Nov/2022 10:23:44 +0100 Laura Atkins wrote:
>>> On 11 Nov 2022, at 05:04, Scott Kitterman wrote:
>>> [...]
>>>
>>> For those that have been around for awhile this reminds me of the
Ultimately, I don't think senders should DKIM sign mail they aren't willing
> to
> take responsibility for, since that's exactly what a DKIM signature is
> supposed to signify.
They took responsibility for the single opt-in message that was sent through
their system.
> On 10 Nov 2022, at 13:24, Murray S. Kucherawy wrote:
>
> [offlist]
>
> On Thu, Nov 10, 2022 at 1:21 PM Laura Atkins <mailto:la...@wordtothewise.com>> wrote:
>
>> On 10 Nov 2022, at 13:17, Murray S. Kucherawy > <mailto:superu...@gmail.com>> w
> On 10 Nov 2022, at 13:17, Murray S. Kucherawy wrote:
>
> On Thu, Nov 10, 2022 at 12:54 PM Laura Atkins <mailto:la...@wordtothewise.com>> wrote:
> In many cases, the reason the mail isn’t going out through the signing domain
> is because the signing domain’s anti-
osals; other
>>>>>> proposals remain welcome.
>>>>>
>>>>> Isn't there a report on relevant replay attacks? All the above I-D
>>>>> say
>>>>> that replay attacks are a problem. Bron adds that the attack was
:
> Spam and Virus Prevention
> Mass Mailing
> G Suite/Gmail
>
> ang...@uconn.edu <mailto:ang...@uconn.edu>
> University of Connecticut, ITS, SSG, Server Systems
> 860-486-9075
>
> ___
> Ietf-dkim mailing list
>
61 matches
Mail list logo
