On Sat, 2005-02-05 at 19:10, J.D. Falk wrote:
> On 02/05/05, Douglas Otis <[EMAIL PROTECTED]> wrote:
>
> > DK or IIM makes it clear who is administering the server and this
> > authentication permits reputation assessment. Add an account
> > identifier, and the problem is nailed.
>
> Ah, so yo
On Sat, 5 Feb 2005, J.D. Falk wrote:
> > DK or IIM makes it clear who is administering the server and this
> > authentication permits reputation assessment. Add an account
> > identifier, and the problem is nailed.
>
> Ah, so you're saying that only the reputation of individual
> e-ma
>That, on the other hand, gets you into trouble with rather stupid Spam
>filters, that only accept mails from a server, if that server is also
>MX for the senders domain.
>
>Yes, this is stupid, but that does not change the fact, that these
>setups are out there.
No, they're not. Large ISPs, sta
On 02/05/05, Douglas Otis <[EMAIL PROTECTED]> wrote:
> DK or IIM makes it clear who is administering the server and this
> authentication permits reputation assessment. Add an account
> identifier, and the problem is nailed.
Ah, so you're saying that only the reputation of individual
On Sat, 2005-02-05 at 09:39 -0800, J.D. Falk wrote:
> On 02/04/05, Douglas Otis <[EMAIL PROTECTED]> wrote:
>
> > SPF does nothing, and could actually damage the reputation of those
> > domains that authorize the provider for their mailbox domain using
> > SPF. These records can be read by the s
JH> Date: Sat, 5 Feb 2005 19:18:53 -
JH> From: Jørgen Hovland
JH> A cryptographic signature would be a perfect guarantee as it can be
JH> used for direct identification and authorisation if you were
No, it's not direct. You trust whoever signed the key.
Note that I agree PGP key signing is
On Sat, 2005-02-05 at 19:18 +, JÃrgen Hovland wrote:
> - Original Message -
> From: "Edward B. Dreger" <[EMAIL PROTECTED]>
> > TV> From: Todd Vierling
> >
> > TV> The only way to be sure is via cryptographic signature. Barring
> > TV> that level
> >
> > False. You imply that a crypt
AL> Date: Sat, 5 Feb 2005 13:11:11 -0600
AL> From: Adi Linden
AL> Now that we have established a "trust chain" an verify the sending user we
AL> have an easy way (shuffling through mail logs is by no means easy in my
AL> books) for support people to address SPAM complaints.
Note that I'm ignorin
- Original Message -
From: "Edward B. Dreger" <[EMAIL PROTECTED]>
TV> Date: Fri, 4 Feb 2005 09:53:07 -0500 (EST)
TV> From: Todd Vierling
TV> The only way to be sure is via cryptographic signature. Barring that level
False. You imply that a crypto signature is a perfect guarantee, and
t
> Please explain how the "trust chain" does not verify the sending user.
> "Malware will steal username/password" is not a valid answer, as the
> same can apply equally to crypto keys.
Now that we have established a "trust chain" an verify the sending user we
have an easy way (shuffling through m
TV> Date: Fri, 4 Feb 2005 09:53:07 -0500 (EST)
TV> From: Todd Vierling
TV> The only way to be sure is via cryptographic signature. Barring that level
False. You imply that a crypto signature is a perfect guarantee, and
that nothing else can provide equal assurance.
TV> of immediate traceabil
On 02/04/05, Douglas Otis <[EMAIL PROTECTED]> wrote:
> Attempting to detect spam trickled through thousands of compromised
> systems sent through the ISP's mail servers, SPF does nothing,
Nor is it purported to. Domain-based authentication schemes
are intended to handle an ent
> > You should know all your users email addresses.
>
> You have got to be kidding.
Not kidding.
I have a mail system that handles mail for the example.com domain. I use
SMTP AUTH as the only means to relay through the server. My expectation
from my customers is that they will utilize this mail
13 matches
Mail list logo
