Would a MUA send a POST to a known domain if it was found on a message
coming from an unknown, or anyway different domain?
Maybe. It's quite common for a message to come from some company and the
links to point back to the ESP.
Isn't it difficult to agree on opaque tokens in that case?
No.
On Thu 09/Mar/2023 19:21:36 +0100 John R Levine via mailop wrote:
Yes, the idea was to prevent malicious unsubs by sending fake spam with
someone else's one-click unsub.
Would a MUA send a POST to a known domain if it was found on a message coming
from an unknown, or anyway different domain?
Yes, the idea was to prevent malicious unsubs by sending fake spam with
someone else's one-click unsub.
Would a MUA send a POST to a known domain if it was found on a message coming
from an unknown, or anyway different domain?
Maybe. It's quite common for a message to come from some company
On Wed 08/Mar/2023 18:39:37 +0100 John R Levine via mailop wrote:
And why does RFC8058 require that fields such as List-Unsubscribe-Post:
MUST be signed?
Is it special "One click" case? I was not interested in it yet...
Yes, the idea was to prevent malicious unsubs by sending fake spam with
On Wed 08/Mar/2023 22:27:57 +0100 Ángel via mailop wrote:
On 2023-03-08 at 11:24 +0100, Alessandro Vesely wrote:
On Tue 07/Mar/2023 20:02:48 +0100 Slavko wrote:
Why do you sign Content-Type: since you know it is going to be
changed?
Do you mean exactly me, or it was generic question? If you
On 2023-03-08 at 11:24 +0100, Alessandro Vesely wrote:
> On Tue 07/Mar/2023 20:02:48 +0100 Slavko wrote:
> >
> > > Why do you sign Content-Type: since you know it is going to be
> > > changed?
> >
> > Do you mean exactly me, or it was generic question? If you mean me:
> >
> > Do you want change
Yeah, RFC4871 was a proposed standard, RFC6376, four years later became an
Internet standard. Once there was a level in between...
Seems that 4 years was not enough ;-) Or we understand idea behind that
RFC wrongly...
Keep in mind that DMARC was invented long after SPF and DKIM. Also that
t
Hi,
Dňa 8. marca 2023 15:18:49 UTC používateľ Stephen Frost via mailop
napísal:
>Certainly doesn't seem to be a common issue.
Yes, as i wrote, it isn't common, but it happens...
I had even less scientific approach, as i had manually to exclude
messages from lists... But my goal was not to ins
Ahoj,
Dňa Wed, 8 Mar 2023 11:24:54 +0100 Alessandro Vesely via mailop
napísal:
> I slightly lean toward the hypothesis of our understanding the idea
> behind that RFC wrongly, because, ...
IMO we can discuss it in more details, but as i see how many people are
interested (and contributed) in
Greetings,
* Slavko via mailop (mailop@mailop.org) wrote:
> Dňa Mon, 6 Mar 2023 17:41:45 -0500 Stephen Frost via mailop
> napísal:
> > > I was interesting in this, thus i log DKIM signed headers list (not
> > > from ML) for some weeks, oversigned List-* headers are not common,
> > > but happens.
On Tue 07/Mar/2023 20:02:48 +0100 Slavko via mailop wrote:
Dňa 7. marca 2023 17:36:17 UTC používateľ Alessandro Vesely via mailop
napísal:
Yeah, RFC4871 was a proposed standard, RFC6376, four years later became an
Internet standard. Once there was a level in between...
Seems that 4 years
Hi,
Dňa 7. marca 2023 17:36:17 UTC používateľ Alessandro Vesely via mailop
napísal:
>Yeah, RFC4871 was a proposed standard, RFC6376, four years later became an
>Internet standard. Once there was a level in between...
Seems that 4 years was not enough ;-) Or we understand idea behind that
RFC
Hi,
On Tue 07/Mar/2023 12:58:01 +0100 Slavko via mailop wrote:
Dňa Tue, 7 Mar 2023 12:00:35 +0100 Alessandro Vesely via mailop napísal:
The RFC was written at a time when there was not so much experience
with DKIM and DMARC wasn't there.
In that case, the RFC have to be in proposed state, un
Ahoj,
Dňa Tue, 7 Mar 2023 12:00:35 +0100 Alessandro Vesely via mailop
napísal:
> The RFC was written at a time when there was not so much experience
> with DKIM and DMARC wasn't there.
In that case, the RFC have to be in proposed state, until enough
experiences are gathered. But we see it in ma
On Tue 07/Mar/2023 09:51:31 +0100 Slavko via mailop wrote:
IMO, the real problem comes, that there is not good description, when
and which headers to sign and what are consequences, if one does this
or this... The RFC is vague in that, but that is OK, as there are too
many possibilities how m
Ahoj,
Dňa Mon, 6 Mar 2023 17:41:45 -0500 Stephen Frost via mailop
napísal:
> > I was interesting in this, thus i log DKIM signed headers list (not
> > from ML) for some weeks, oversigned List-* headers are not common,
> > but happens.
>
> I'm curious where it does happen and isn't actually fr
On Fri, Mar 3, 2023 at 10:07 AM Mark Fletcher via mailop
wrote:
> On Fri, Mar 3, 2023 at 9:21 AM Jesse Hathaway via mailop <
> mailop@mailop.org> wrote:
>
>>
>> 1. Rewrite the RFC5322.From address to be an address from the mailing
>> list domain, place the original RFC5322.From address in the Rep
Greetings,
* Slavko via mailop (mailop@mailop.org) wrote:
> Dňa 3. marca 2023 17:03:35 UTC používateľ Jesse Hathaway via mailop
> napísal:
> >2. Preserve the original DKIM signing of the message by only adding
> >additional headers, i.e. do not modify the subject or add a trailer
> >message.
Th
On Fri, Mar 3, 2023 at 9:21 AM Jesse Hathaway via mailop
wrote:
>
> 1. Rewrite the RFC5322.From address to be an address from the mailing
> list domain, place the original RFC5322.From address in the Reply-To
> header. Sign the message with the mailing list's DKIM key.
>
> This is what we do.
2.
Dňa 3. marca 2023 17:03:35 UTC používateľ Jesse Hathaway via mailop
napísal:
>2. Preserve the original DKIM signing of the message by only adding
>additional headers, i.e. do not modify the subject or add a trailer
>message.
This one will work only if sender doesn't oversigns List-* (or any oth
My understanding is that there are a couple popular approaches which
Mailing Lists can take to support domains with a DMARC reject policy:
1. Rewrite the RFC5322.From address to be an address from the mailing
list domain, place the original RFC5322.From address in the Reply-To
header. Sign the mes
21 matches
Mail list logo