signature still passes after somebody modified headers. Good
intent aside, I see it being used for bad purposes too easily.
If you're worried about DKIM signing spam sent to the list address,
then that's a bit of a different problem, and it has a different,
non-DKIM-related solution.
Cheers,
Al
. It isn't. It's common as dirt.
It's hard to imagine a large, DKIM-checking mail provider, like, say,
Yahoo, doing that mid-transaction.
Do you have any data/insight on how to quantify common as dirt? I'm
doubtful of your claim without it.
Cheers,
Al Iverson
On Wed, Jun 2, 2010 at 9:48 AM, John R. Levine jo...@iecc.com wrote:
given the recent discussions, it seems to me that people want to have a
definition of what 'discard' means in the context as described above. As a
non-native English speaker (or what's the right term?) I suppose (but am not
the
very small to the very large, and I certainly do observe phishing
attempts of the smaller ones. For these situations, I want to be able
to utilize ADSP, even knowing that it is not compatible with
forwarding or mailing lists.
Regards,
Al Iverson
On Fri, May 28, 2010 at 3:34 PM, John Levine jo...@iecc.com wrote:
In past discussions there had been an expressed concern that the
number of domains/companies who send notifications and are phish
targets is very low, but I would counter that it is not low at all.
The question is low compared to
On Mon, May 3, 2010 at 5:53 PM, Dave CROCKER d...@dcrocker.net wrote:
On 5/3/2010 10:16 AM, MH Michael Hammer (5304) wrote:
So, using americangreetings.com, the Mail From and the From on our card
notifications is always eca...@americangreetings.com. The information
about the sender is
when doing it from the ESP side of things, the only mis-parsing of a
reply-to (replacing it with the from address) that I ever saw was a
specific, well-known, occasionally irritating MUA and it only applied
to its sending of automated out-of-office replies.
--
Al Iverson | Chicago, IL | (312) 725
address of the individual + third party DKIM signature. It's certainly
something that clients ask for quite a bit.
Regards,
Al Iverson
--
Al Iverson | Chicago, IL | (312) 725-0130
Anti-spam: dnsbl.com and spamresource.com
@aliverson on twitter | www.baconrodeo.com
interferes with your ability currently, and broader adoption of
authentication on the receiving side will only make it worse.
Apologies if this is off-topic, not germane to the broader discussion.
But this question has been nagging at me strongly these past few days.
Regards,
Al Iverson
On Thu, Apr 29, 2010 at 12:34 PM, Michael Thomas m...@mtcc.com wrote:
On 04/29/2010 10:23 AM, Al Iverson wrote:
On Thu, Apr 29, 2010 at 11:58 AM, McDowell, Brettbmcdow...@paypal.com
wrote:
On Apr 28, 2010, at 2:11 PM, John R. Levine wrote:
Your proposal that MLM remove Signatures would
longer the responsible party as far as a spam report goes.
I'm not grok'ing a scenario where that report would help you find
somebody who is spamming. I'm open to listening, though. What's an
example scenario where you would find that useful?
Regards,
Al Iverson
can cause what somebody
here thinks to be an imperfect result.
I tend to agree with him. I've been stripping DKIM signatures on my
own hosted mailing lists for that reason, and also so I can modify
content on the fly without the original signature failing.
Regards,
Al Iverson
On Fri, Apr 23, 2010 at 3:58 PM, John Levine jo...@iecc.com wrote:
But John made a private arrangement with Yahoo that if there was a
complaint about a mail and he DKIM signed it then Yahoo should send the
complaint to him as part of it's FBL offering. They did exactly what he
asked them to do.
Deiva,
Why are you sending Facebook photo requests to this mailing list?
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http://www.aliverson.com -- Chicago, IL, USA
. I wouldn't
be surprised to see more report spam plugins for various desktop or
smartphone MUAs in the future. Outlook + a widely distributed report
spam button plugin = a gold mine of reputation data for spam filter
developers. I am sure that I am not the first person to think of this.
--
Al
agree with your thought with how to proceed lacking consensus.
Best,
Al Iverson
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http://www.aliverson.com -- Chicago, IL, USA
On Tue, Apr 21, 2009 at 1:36 PM, Michael Thomas m...@mtcc.com wrote:
Al Iverson wrote:
On Tue, Apr 21, 2009 at 11:37 AM, Michael Thomas m...@mtcc.com wrote:
I continue to be amazed at how utterly useless this document is, and
more so that people are being asked to break a sweat to issue
Looks good to me.
I have a mild reservation in that opaque struck me as the most
appropriate term to begin with, but I'll certainly be OK with this.
Regards,
Al Iverson
On Wed, Mar 25, 2009 at 3:56 PM, Dave CROCKER d...@dcrocker.net wrote:
Folks,
The following is offered to prime
connotations associated with User Agents (UAs)?
WFM.
+1
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http://www.aliverson.com -- Chicago, IL, USA
am not going to claim that it is a magic
bullet. It addresses particular issues in a particular way.
+1
It has nothing to do with reputation or reputation granularity.
Regards,
Al Iverson
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info
(A), please.
--
Sent from my awesome T-Mobile G1.
Al Iverson - www.aliverson.com
On Feb 16, 2009 2:01 PM, John Levine jo...@iecc.com wrote:
(a) The erratum I-D [1] is ready to go. Process it.
R's,
John
PS: There's nothing wrong in what Eliot says, but it doesn't address
the problem of what
On Thu, Feb 12, 2009 at 1:54 PM, MH Michael Hammer (5304)
mham...@ag.com wrote:
Eliot,
I for one would prefer a straight up +1/-1 vote on the errata draft as
it stands.
As would I.
Al Iverson
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info
or a different description. But, just for the record,
this is what opaque means in common usage in technology applications.
Google is your friend: http://en.wikipedia.org/wiki/Magic_cookie
Regards,
Al
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info
, this strikes me as ready to go...My thought is that it's
appropriate to give a last call for feedback and then move it forward.
Regards,
Al Iverson
ExactTarget
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
On Fri, Jan 30, 2009 at 12:26 PM, J.D. Falk
jdfalk-li...@cybernothing.org wrote:
Al Iverson wrote:
Not bad questions, but ones that I don't really have answers for. I
could tell you what I *want* out of authentication, but that leads us
to things like *cough* disposition instructions for bad
no space on the agenda we could figure out a working lunch
of some sort?
I'm interested. Also, I wish somebody smarter than me would take a
shot at a PPT for dummies like me, showing a few examples of how a
receiver would like to use DKIM.
Al
--
Al Iverson on Spam and Deliverability, see http
On Fri, Jan 30, 2009 at 10:55 AM, Dave CROCKER d...@dcrocker.net wrote:
Al Iverson wrote:
Also, I wish somebody smarter than me would take a
shot at a PPT for dummies like me, showing a few examples of how a
receiver would like to use DKIM.
Can you describe particular usage examples
and answers would signer and assessor like
to share, which DKIM could help with? What kinds of roles and analyses
would be good to facilitate?
d/
Al Iverson wrote:
On Fri, Jan 30, 2009 at 10:55 AM, Dave CROCKER d...@dcrocker.net wrote:
Al Iverson wrote:
Also, I wish somebody smarter than me
example of that -- in how either
an ISP or ESP would want to sign in such a way? I'm a bit cornfused.
Thanks,
Al Iverson
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http
own purposes. But I'd be surprised if an ISP
actually cared/read the identifier.
Al
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http://www.aliverson.com -- Chicago, IL
of the reasons I tend to
fall into the d= camp.
I don't follow.
Al
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http://www.aliverson.com -- Chicago, IL, USA
Forgive me in advance for a really basic, quite possibly dumb,
question. What does DKIM do that receivers find valuable? What does an
ISP or large corporate receiving entity hope to get out of DKIM
adoption?
Regards,
Al Iverson
--
Al Iverson on Spam and Deliverability, see http
Keep.
(Though I could be convinced that modify is OK.)
Best,
Al
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http://www.aliverson.com -- Chicago, IL, USA
Remove lists from my
not
the only one.
I guess my overwhelming point here is that I don't think that the
limitation of certain tools is really a stumbling block. And keep in
mind that we're talking about *certain* tools, because there are
others that would handle this kind of thing just fine.
Regards,
Al Iverson
. I strongly second
his request.
I think that might be a bit better than just publishing a new draft
spec with it yanked out, based on a small subset of participants only,
based on a back room deal.
Regards,
Al Iverson
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News
settles it, and I'd get on board.
Best,
Al Iverson
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http://www.aliverson.com -- Chicago, IL, USA
Remove lists from my email address
it's very difficult to determine what the
actual arguments are. Could someone please summarize, perhaps with
suggested solutions to allow us to move forward?
+1
Regards,
Al
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists
is it senders anything alone.
Regards,
Al Iverson
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http://www.aliverson.com -- Chicago, IL, USA
Remove lists from my email address to reach me
, Dave.
Best,
Al Iverson
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http://www.aliverson.com -- Chicago, IL, USA
Remove lists from my email address to reach me faster
Delete
Regards,
Al
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http://www.aliverson.com -- Chicago, IL, USA
Remove lists from my email address to reach me faster
struggling to grasp what makes this different and potentially worse.
Regards,
Al
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http://www.aliverson.com -- Chicago, IL, USA
Remove
. It seems like it might be pretty similar. I'm
wondering if that's true.
Al Iverson
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http://www.aliverson.com -- Chicago, IL, USA
decisions. Examples welcome. (I have some idea of what I think this
means, but I'd like to see it clarified to better understand it.)
Best regards,
Al Iverson
Somewhere on I-65 in Indiana
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary
this a
potential loophole that is resolved only by a very careful vetting of
everything in your domain tree and ensuring each hostname/zone is
configured with ADSP? Or am I wrong on that?
It seems like the treewalking would help to address stuff like this?
Best,
Al
--
Al Iverson on Spam
they can still get away with a
lookalike domain seems to me like saying forget about locking the
door; we shouldn't bother, beause it's not the only way a bad guy can
enter.
Best,
Al Iverson
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary
towards settling this?
Vote? Survey?
Regards,
Al Iverson
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http://www.aliverson.com -- Chicago, IL, USA
Remove lists from my email
, regularly. I
would even dare to call this an observable best practice. I would need
to hear more on how it modifies SMTP and/or turns the universe on its
ear -- I'm not yet convinced that it is as earth shattering as
described.
Regards,
Al Iverson
--
Al Iverson on Spam and Deliverability, see http
locking, as have Jim Fenton's
comments. Perhaps they could theorize an example or two of where and
how this would be useful to them.
Regards,
Al Iverson
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
think you'll
have me on board.
(Replace foo.com with BigEarthBank.com and you'll get a better
understanding of why I care. These are the people I work with.)
Regards,
Al
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http
to DKIM+ADSP, can
best be persuaded to avoid use of account.info.bigbank.com, or any
other subdomain that they've thought of, that I haven't.
Has nothing to do with anyone's legal department. I'd recommend we
pretend that was never raised as a point.
Regards,
Al Iverson
--
Al Iverson on Spam
to the
rock throwing stage, I'll step back, because I'm busy and I don't see
the need.
Al
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http://www.aliverson.com -- Chicago, IL
could you make that would make it easier for you to can the phishing
mail?
I guess I'm even making an assumption that you would care to do that.
Would you? If not, why not?
If not, what do you theorize the operational objective of ADSP should be?
Al
--
Al Iverson on Spam and Deliverability, see
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http://www.aliverson.com -- Chicago, IL, USA
Remove lists from my email address to reach me faster and directly
FQDNs used in
PRA or MFROM (or somesuch).
This seems workable. Others who prefer treewalking functionality, why
does this not work for you? Where does this specifically fall down?
Thanks,
Al Iverson
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info
that would go 1-2 sublevels
deep and no deeper. Jim, is that basically correct? I'd love an
example or two of how this works with 1-2 level deep signed and
spoofed fqdns, and what happens with levels deeper (no opportunity for
DKIM? or ADSP?)
Best,
Al
--
Al Iverson on Spam and Deliverability, see
of us
aren't making much sense.
So, o fellow reasonable man, which way is the path back to
civilization? Do you feel there is is a way ADSP /should/ work here,
and if so, which way and why?
Best,
Al
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info
. (Too
many overly focused brains, not enough time to read it all.)
Best,
Al Iverson
PS - http://en.wikipedia.org/wiki/I_Think_We're_Alone_Now
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal
/ietf-list-rules.html
___
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http
come ill equipped and incomplete. Might I recommend
stepping back for a bit, if so?
Regards,
Al Iverson
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http://www.aliverson.com
Iverson
--
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http://www.aliverson.com -- Chicago, IL, USA
Remove lists from my email address to reach me faster and directly
60 matches
Mail list logo
