On 4/14/2025 6:59 PM, Mark Alley wrote:
I'd like to add from a corp/company user-generated mail perspective -
there have been instances I've seen of Replay also being used to tank
a company's email domain reputation intentionally as a form of email DoS.
This is an interesting point. I don't r
On Fri, Apr 18, 2025 at 10:11 AM Alessandro Vesely wrote:
> On Mon 14/Apr/2025 19:01:35 +0200 Wei Chuang wrote:
> > Instead I think we need a better way that can describe the originator,
> when a
> > message was forwarded and when a participant tries to spoof the
> forwarding
> > description. DK
It appears that Murray S. Kucherawy said:
>-=-=-=-=-=-
>
>On Fri, Apr 18, 2025 at 10:11 AM Alessandro Vesely wrote:
>
>> Why didn't the practice of signing by user name, as in i=
>> john@example.com,
>> catch on? Would personal responsibility have played a role? Will it now?
>>
>
>How would
On Fri, Apr 18, 2025 at 10:11 AM Alessandro Vesely wrote:
> Why didn't the practice of signing by user name, as in i=
> john@example.com,
> catch on? Would personal responsibility have played a role? Will it now?
>
How would that address the replay question?
-MSK
__
On Mon 14/Apr/2025 19:01:35 +0200 Wei Chuang wrote:
Instead I think we need a better way that can describe the originator, when a
message was forwarded and when a participant tries to spoof the forwarding
description. DKIM2 does this. With that we can more easily see abusive
scenarios like re
On Wed, Apr 16, 2025 at 11:06 AM John Levine wrote:
> The bulk of the spam that makes it into my inbox these days is low-rent
> B2B spam
> sent from accounts at Gmail, Outlook, and occasionally Yahoo. I would very
> much
> prefer that those operators not let their users send that mail, and I'm
>
It appears that Murray S. Kucherawy said:
>
>On Sat, Apr 12, 2025 at 12:45 AM Dave Crocker wrote:
>> It is, however, curious that there is no interest in considering that
>> the relatively few platforms generating this problem, through a lack of
>> accountability, might maybe oughta be considere
On Sat, Apr 12, 2025 at 12:45 AM Dave Crocker wrote:
> > The mailbox provider's explanation that this is entirely legitimate
> email, that comes from where it says it does, has a DKIM1 signature that
> > attests to it not being altered in any way cuts little ice.
>
> Looks like you are viewing m
Wei Chuang wrote in
:
|I agree that DKIM replay has been and still is very much a problem.[.]
...
|[.] DKIM2 does this.
All proposals do this.
|With that we can
|more easily see abusive scenarios like replay where some message intended
|for one recipient was sent to many others in an inaut
On Sat, Apr 12, 2025 at 12:45 AM Dave Crocker wrote:
>
> Out in the real world, the problem is caused by lack of adequate
> controls over users, on some platforms.
Consider an outbound email spam filtering system that's 99.9% accurate.
Under normal circumstances, that's good performance. Under
On 4/14/2025 10:21 AM, Bron Gondwana wrote:
I don't know how many other services which allow their users to
generate emails were similarly affected; but I do know that even a
perfectly legitimate email to its intended recipient (e.g. an invoice
for services rendered) sent to one person can be
I agree that DKIM replay has been and still is very much a problem. While
this issue peaked in 2022 where many senders were impacted, I still see
current deliverability escalation issues with DKIM replay described as the
root cause. Since 2022, we put in place several mitigation but those have
li
On 4/14/2025 5:21 PM, Bron Gondwana wrote:
Regarding the "relatively few platforms generating this problem"
statement. This is an assertion without data.
Indeed, my comment is based on the view that Replay is only worth doing
at scale and therefore using domain names that have an 'interesting'
On Sat, Apr 12, 2025, at 03:43, Dave Crocker wrote:
> On 4/11/2025 12:56 PM, Richard Clayton wrote:
> > > So, really, this is a failure of internal regulation and
> > accountability that is
> > > being externalized here.
> >
> > Although that is strictly true, the recipients of the replayed email
On 4/11/2025 12:56 PM, Richard Clayton wrote:
> So, really, this is a failure of internal regulation and
accountability that is
> being externalized here.
Although that is strictly true, the recipients of the replayed email do
not see it that way.
That almost sounds like a reasonable point, e
15 matches
Mail list logo
