On Sun, Aug 20, 2023, at 6:13 AM, Alessandro Vesely wrote:
> On Fri 18/Aug/2023 12:21:31 +0200 Emanuel Schorsch wrote:
> >>
> >>> For example, we have seen very large DKIM Replay attacks of youtube.com
> >>> Terms of Service emails. There is no malicious content in these emails,
> >>> but
Presumably a last message of mine.
Without any personal insult meant i wanted to complain on the the
initial sentence
Mailing-lists have long complicated email authentication.
And this echoes IETF documents written a decade and longer ago
(last week i looked on my local ones and i think as
On Fri 18/Aug/2023 12:21:31 +0200 Emanuel Schorsch wrote:
For example, we have seen very large DKIM Replay attacks of youtube.com
Terms of Service emails. There is no malicious content in these emails,
but spammers still send very large volumes (perhaps using them to
generate affinity with
>
> > BUT, I think this is a good idea that is separate from DKIM Replay.
> > Specifically, we do see non-free mail providers as victims of DKIM
> Replay as
> > well.
>
>
> If the rate is similar, I agree. That kind of information is missing from
> the I-D.
>
>
> > For example, we have seen very
On Thu 17/Aug/2023 20:12:51 +0200 Emanuel Schorsch wrote:
On Thu, Aug 17, 2023 at 2:06 PM Alessandro Vesely mailto:ves...@tana.it>> wrote:
If corporate domains are victims of replay attacks at the same rate as
free mail providers, then my theory is wrong. See below. >
Ale, I think there is
On Thu, Aug 17, 2023, at 5:30 AM, Alessandro Vesely wrote:
> When domain authentication arrived, they considered that /all/ messages from
> their domain must be authenticated.
Some receivers only send FBLs if the messages are DKIM=pass. So, the
responsible thing to do is for a MBP/ESP to sign
On Thu, Aug 17, 2023 at 2:06 PM Alessandro Vesely wrote:
> On Thu 17/Aug/2023 18:21:35 +0200 Murray S. Kucherawy wrote:
> > On Thu, Aug 17, 2023 at 3:30 AM Alessandro Vesely
> wrote:
> >
> >>> I'm not convinced advice is necessary here. Do you really need signs
> in
> >>> banks that say "Don't
On Thu 17/Aug/2023 18:21:35 +0200 Murray S. Kucherawy wrote:
On Thu, Aug 17, 2023 at 3:30 AM Alessandro Vesely wrote:
I'm not convinced advice is necessary here. Do you really need signs in
banks that say "Don't put your signature on random financial documents"? I
have to believe that
On Thu, Aug 17, 2023 at 3:30 AM Alessandro Vesely wrote:
> > I'm not convinced advice is necessary here. Do you really need signs in
> > banks that say "Don't put your signature on random financial
> documents"? I
> > have to believe that people understand what it means to sign something,
>
On Wed 16/Aug/2023 20:19:44 +0200 Dave Crocker wrote:
On 8/16/2023 10:48 AM, Murray^W Ale wrote:
Yet, an open
signer is for DKIM the equivalent of what an open relay is for SPF.
It is nothing of the sort.
Open relays perform a relaying function, which actively moves mail, where the
abuse is
On Wed 16/Aug/2023 19:48:30 +0200 Murray S. Kucherawy wrote:
On Wed, Aug 16, 2023 at 10:25 AM Alessandro Vesely wrote:
On Wed 16/Aug/2023 15:26:43 +0200 Laura Atkins wrote:
On 16 Aug 2023, at 12:59, Alessandro Vesely wrote:
On Wed 16/Aug/2023 11:17:50 +0200 Laura Atkins wrote:
On 16 Aug
On Wed, Aug 16, 2023, at 8:26 AM, Laura Atkins wrote:
>
>
>> On 16 Aug 2023, at 12:59, Alessandro Vesely wrote:
>
>> BTW, how many replay attacks does an average ESP or MP notice in one month?
>
> Maybe representatives of either group could offer numbers.
ESPs have limited visibility
> On Aug 16, 2023, at 11:21, Jim Fenton wrote:
>
> On 16 Aug 2023, at 10:57, Jon Callas wrote:
>
>>> On Aug 16, 2023, at 10:25, Alessandro Vesely wrote:
>>>
>>> To repeat my questions, then, would limiting (qualified) DKIM signatures to
>>> verified accounts diminish replay attacks by any
On 8/16/2023 11:23 AM, Murray S. Kucherawy wrote:
For the record, the attribution here is wrong. That was Alessandro's
comment, not mine.
drat. sorry. the downside of trying to compress quoted text. this was
not a lossless compression...
d/
--
Dave Crocker
Brandenburg InternetWorking
On 8/16/2023 11:21 AM, Jim Fenton wrote:
If my outgoing MTA served multiple users, it should check whether the From
address corresponded to my account.
or not check, depending on the operational environment. that is, there
are providers where this is a good thing to do but others where it
On Wed, Aug 16, 2023 at 11:19 AM Dave Crocker wrote:
> On 8/16/2023 10:48 AM, Murray S. Kucherawy wrote:
> > Yet, an open
> > signer is for DKIM the equivalent of what an open relay is for SPF.
>
> It is nothing of the sort.
>
> [...]
>
For the record, the attribution here is wrong. That was
On 16 Aug 2023, at 10:57, Jon Callas wrote:
>> On Aug 16, 2023, at 10:25, Alessandro Vesely wrote:
>>
>> To repeat my questions, then, would limiting (qualified) DKIM signatures to
>> verified accounts diminish replay attacks by any amount? Is this kind of
>> solution acceptable?
>
> There's
On 8/16/2023 10:48 AM, Murray S. Kucherawy wrote:
Yet, an open
signer is for DKIM the equivalent of what an open relay is for SPF.
It is nothing of the sort.
Open relays perform a relaying function, which actively moves mail,
where the abuse is a) obfuscation, and b) fan-out.
What you are
> On Aug 16, 2023, at 10:25, Alessandro Vesely wrote:
>
> To repeat my questions, then, would limiting (qualified) DKIM signatures to
> verified accounts diminish replay attacks by any amount? Is this kind of
> solution acceptable?
There's two reasons that this isn't acceptable. One is
On Wed, Aug 16, 2023 at 10:25 AM Alessandro Vesely wrote:
> On Wed 16/Aug/2023 15:26:43 +0200 Laura Atkins wrote:
> >> On 16 Aug 2023, at 12:59, Alessandro Vesely wrote:
> >> On Wed 16/Aug/2023 11:17:50 +0200 Laura Atkins wrote:
> On 16 Aug 2023, at 09:57, Alessandro Vesely wrote:
>
On Wed 16/Aug/2023 15:26:43 +0200 Laura Atkins wrote:
On 16 Aug 2023, at 12:59, Alessandro Vesely wrote:
On Wed 16/Aug/2023 11:17:50 +0200 Laura Atkins wrote:
On 16 Aug 2023, at 09:57, Alessandro Vesely wrote:
How about enacting common sense rules such as Never sign anything without reading
> On 16 Aug 2023, at 12:59, Alessandro Vesely wrote:
>
> On Wed 16/Aug/2023 11:17:50 +0200 Laura Atkins wrote:
>>> On 16 Aug 2023, at 09:57, Alessandro Vesely wrote:
>>> How about enacting common sense rules such as Never sign anything without
>>> reading the small print? In the same way
On Wed 16/Aug/2023 11:17:50 +0200 Laura Atkins wrote:
On 16 Aug 2023, at 09:57, Alessandro Vesely wrote:
How about enacting common sense rules such as Never sign anything without reading
the small print? In the same way that users agree to any Terms & Conditions
without reading, domains
> On 16 Aug 2023, at 09:57, Alessandro Vesely wrote:
>
> On Tue 15/Aug/2023 14:59:18 +0200 Laura Atkins wrote:
>>> On 15 Aug 2023, at 12:36, Alessandro Vesely wrote:
>>> On Tue 15/Aug/2023 08:10:23 +0200 Bron Gondwana wrote:
>>
"Problem solved." [...]
>
>
> Hm.. More than defining
On Tue 15/Aug/2023 14:59:18 +0200 Laura Atkins wrote:
On 15 Aug 2023, at 12:36, Alessandro Vesely wrote:
On Tue 15/Aug/2023 08:10:23 +0200 Bron Gondwana wrote:
"Problem solved." [...]
Hm.. More than defining the replay attack, we need to define what kind of
solution is acceptable. The
> On 15 Aug 2023, at 17:39, Dave Crocker wrote:
>
> On 8/15/2023 9:32 AM, Jim Fenton wrote:
>> That isn’t quite fair. We thought about replay quite a bit, and didn’t see a
>> viable way of addressing it. Your comment makes it sound like we didn’t care.
>
> To be a bit more thorough, my
On 8/15/2023 9:32 AM, Jim Fenton wrote:
That isn’t quite fair. We thought about replay quite a bit, and didn’t see a
viable way of addressing it. Your comment makes it sound like we didn’t care.
To be a bit more thorough, my recollection is that we also did not
expect it to be a serious
> On 15 Aug 2023, at 17:32, Jim Fenton wrote:
>
> On 15 Aug 2023, at 5:59, Laura Atkins wrote:
>
>> But the reality is: bad-actors are going to get through every process. If we
>> could ID spammers up front and stop them from spamming we’d very likely have
>> done it already. In this case,
On 15 Aug 2023, at 5:59, Laura Atkins wrote:
> But the reality is: bad-actors are going to get through every process. If we
> could ID spammers up front and stop them from spamming we’d very likely have
> done it already. In this case, they’re using DKIM in a way that was forseen
> by the
> On 15 Aug 2023, at 12:36, Alessandro Vesely wrote:
>
> On Tue 15/Aug/2023 08:10:23 +0200 Bron Gondwana wrote:
>> "Problem solved."
>> As someone who has, as a person running a service with a large number of
>> customers who can send email, ...
>> If you can provide me an accurate
30 matches
Mail list logo