No, Scott. We do not get angry at white-hat researchers. We try to
learn from them before the black-hat researchers learn to do the same and
begin deployment.
Ale's message was a very impressive fake, and it obviously did not take
nation-state resources to produce it. This is alarming. Amo
To this point, some inbound configurations have no record or a permerror have a continue disposition. Is that risky? Everything is a trade off so I’m not asking is there any risk at all but more asking about the trade offs.On Apr 5, 2023, at 3:58 AM, Douglas Foster wrote:The sad thing is that the
It is going to be problematic to kick off someone who impersonates different
users. What do you do, block IP numbers?
We keep on saying that mailing list have worked this way for decades. Sure.
And email in general has been working for decades before the need to use
authentication arose. So
On April 7, 2023 6:43:33 PM UTC, Alessandro Vesely wrote:
>It is going to be problematic to kick off someone who impersonates different
>users. What do you do, block IP numbers?
>
>We keep on saying that mailing list have worked this way for decades. Sure.
>And email in general has been work
I think the reliance upon list operators is properly placed on that role.
It's not a DMARC problem, it's a DKIM problem, I think.
Eric D. Williams
PGP Public Key
http://new.infobro.com/KeyServ/EricDWilliams.asc
Finger Print: 1055 8AED 9783 2378 73EF 7B19 0544 A590 FF65 B789
_
Scott's approach solves our longest-running argument, but not in the way
that I expected.We can embrace his approach with a single Security
Consideration to this effect:
"Mailing lists are frequently characterized by operating practices that
depend on security through obscurity rather than Sen
