On Tue 15/Aug/2023 14:59:18 +0200 Laura Atkins wrote:
On 15 Aug 2023, at 12:36, Alessandro Vesely wrote:
On Tue 15/Aug/2023 08:10:23 +0200 Bron Gondwana wrote:
"Problem solved." [...]
Hm.. More than defining the replay attack, we need to define what kind of
solution is acceptable. The B
> On 16 Aug 2023, at 09:57, Alessandro Vesely wrote:
>
> On Tue 15/Aug/2023 14:59:18 +0200 Laura Atkins wrote:
>>> On 15 Aug 2023, at 12:36, Alessandro Vesely wrote:
>>> On Tue 15/Aug/2023 08:10:23 +0200 Bron Gondwana wrote:
>>
"Problem solved." [...]
>
>
> Hm.. More than defining the
On Wed 16/Aug/2023 11:17:50 +0200 Laura Atkins wrote:
On 16 Aug 2023, at 09:57, Alessandro Vesely wrote:
How about enacting common sense rules such as Never sign anything without reading
the small print? In the same way that users agree to any Terms & Conditions
without reading, domains sign
> On 16 Aug 2023, at 12:59, Alessandro Vesely wrote:
>
> On Wed 16/Aug/2023 11:17:50 +0200 Laura Atkins wrote:
>>> On 16 Aug 2023, at 09:57, Alessandro Vesely wrote:
>>> How about enacting common sense rules such as Never sign anything without
>>> reading the small print? In the same way tha
On Wed 16/Aug/2023 15:26:43 +0200 Laura Atkins wrote:
On 16 Aug 2023, at 12:59, Alessandro Vesely wrote:
On Wed 16/Aug/2023 11:17:50 +0200 Laura Atkins wrote:
On 16 Aug 2023, at 09:57, Alessandro Vesely wrote:
How about enacting common sense rules such as Never sign anything without reading
t
On Wed, Aug 16, 2023 at 10:25 AM Alessandro Vesely wrote:
> On Wed 16/Aug/2023 15:26:43 +0200 Laura Atkins wrote:
> >> On 16 Aug 2023, at 12:59, Alessandro Vesely wrote:
> >> On Wed 16/Aug/2023 11:17:50 +0200 Laura Atkins wrote:
> On 16 Aug 2023, at 09:57, Alessandro Vesely wrote:
> H
> On Aug 16, 2023, at 10:25, Alessandro Vesely wrote:
>
> To repeat my questions, then, would limiting (qualified) DKIM signatures to
> verified accounts diminish replay attacks by any amount? Is this kind of
> solution acceptable?
There's two reasons that this isn't acceptable. One is tha
On 8/16/2023 10:48 AM, Murray S. Kucherawy wrote:
Yet, an open
signer is for DKIM the equivalent of what an open relay is for SPF.
It is nothing of the sort.
Open relays perform a relaying function, which actively moves mail,
where the abuse is a) obfuscation, and b) fan-out.
What you are
On 16 Aug 2023, at 10:57, Jon Callas wrote:
>> On Aug 16, 2023, at 10:25, Alessandro Vesely wrote:
>>
>> To repeat my questions, then, would limiting (qualified) DKIM signatures to
>> verified accounts diminish replay attacks by any amount? Is this kind of
>> solution acceptable?
>
> There's t
On Wed, Aug 16, 2023 at 11:19 AM Dave Crocker wrote:
> On 8/16/2023 10:48 AM, Murray S. Kucherawy wrote:
> > Yet, an open
> > signer is for DKIM the equivalent of what an open relay is for SPF.
>
> It is nothing of the sort.
>
> [...]
>
For the record, the attribution here is wrong. That was A
On 8/16/2023 11:21 AM, Jim Fenton wrote:
If my outgoing MTA served multiple users, it should check whether the From
address corresponded to my account.
or not check, depending on the operational environment. that is, there
are providers where this is a good thing to do but others where it is
On 8/16/2023 11:23 AM, Murray S. Kucherawy wrote:
For the record, the attribution here is wrong. That was Alessandro's
comment, not mine.
drat. sorry. the downside of trying to compress quoted text. this was
not a lossless compression...
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw
> On Aug 16, 2023, at 11:21, Jim Fenton wrote:
>
> On 16 Aug 2023, at 10:57, Jon Callas wrote:
>
>>> On Aug 16, 2023, at 10:25, Alessandro Vesely wrote:
>>>
>>> To repeat my questions, then, would limiting (qualified) DKIM signatures to
>>> verified accounts diminish replay attacks by any
On Tue, Aug 15, 2023, at 21:36, Alessandro Vesely wrote:
> On Tue 15/Aug/2023 08:10:23 +0200 Bron Gondwana wrote:
>
> > We've love to not sign spam at all, but short of never allowing users to
> > send email, it's not actually possible. We're not trying to "accomodate
> > sites that send spam",
On Wed, Aug 16, 2023, at 8:26 AM, Laura Atkins wrote:
>
>
>> On 16 Aug 2023, at 12:59, Alessandro Vesely wrote:
>
>> BTW, how many replay attacks does an average ESP or MP notice in one month?
>
> Maybe representatives of either group could offer numbers.
ESPs have limited visibility becaus
15 matches
Mail list logo
