Key Fact: Not all e-mail is sent by or through 800 pound
gorilla providers such as Google.
Many organizations and businesses (including the OpenSSL
project) run their own e-mail servers and simply don't
have the manpower to track and implement every new
"anti-spam flagging" fad that comes along.
For example SMTP2SMTP encryption (aka SMTP with STARTTLS
and various configuration option choices) is default in
some MTA implementations, yet nearly impossible to add
in others.
Therefore setting up rules banning any domains not
implementing the latest "standard" anti-spam measures
would be extremely stifling and would force many more
people to send through surveillance-happy organizations
such as Google.
And anyway, this seems to be a case where the genuine
operator of an e-mail domain is failing to correctly
authenticate submissions by their own users, which no
amount of 3rd party automation (other than blacklisting
the failing provider, in this case gmail) could stop.
On 03/04/2016 00:30, Ben Humpert wrote:
Fun Fact: (For me) Gmail often marks completely legit emails from
mailing lists as spam and you manually have to mark them as "no spam".
The fun comes in when you notice that actual spam is not marked as
such at all.
Looks like strong encryption is much easier to develop than a decent
spam filter.
The main problem I guess is that neither Google nor any other major
email provider actually block other email providers who do not offer
SPF, SMTP2SMTP encryption or whatever else. If they would do so, we
would have solved most major (email) problems within a week or at
least a month. Either by forcing those to offer these security
features or by "killing" these providers indirectly.
2016-04-02 17:41 GMT+02:00 Jeffrey Walton <noloa...@gmail.com>:
On Sat, Apr 2, 2016 at 11:24 AM, Salz, Rich <rs...@akamai.com> wrote:
why is junk like this not being caught?
Almost all of it is. Nothing is perfect. Thanks for your understanding and
patience.
I was looking at some of it landing in my Inbox. Its all from Gmail
users. The headers are Gmail headers submitted via the web. The DKIM
signatures are OK. There are no headers to indicate its been
forwarded. The {from|return|reply to} address does not appear to
forged. Here's an example header from another Gmail user who contacted
me: http://pastebin.com/hRAtRt7S.
I've also had a couple of people contact me asking me to stop spamming
them. I looked at two of those headers, and it clearly appears to be
coming from me though I did not send it (and no evidence in my
Outbox).
I'm thinking there's a vulnerability in the Gmail or Google servers we
have not heard about.
Jeff
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
Jakob Bohm, CIO, partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Soborg, Denmark. direct: +45 31 13 16 10
<tel:+4531131610>
This message is only for its intended recipient, delete if misaddressed.
WiseMo - Remote Service Management for PCs, Phones and Embedded
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
