On Fri, Apr 18, 2025, 2:10 p.m. Alessandro Vesely wrote:
> On Wed 16/Apr/2025 21:04:27 +0200 Richard Clayton wrote:
> > In message , Larry M.
> Smith writes
> >
> >>Experience has shown that threat actors are willing to go to great
> >>lengths to have access to a large pool of resources to abuse
On Wed 16/Apr/2025 21:04:27 +0200 Richard Clayton wrote:
In message , Larry M. Smith
writes
Experience has shown that threat actors are willing to go to great
lengths to have access to a large pool of resources to abuse and then
rapidly discard.[1] Knowing what object to apply poor reputati
On Fri, Apr 18, 2025 at 11:10 AM Alessandro Vesely wrote:
> > Indeed so, but reputation systems (because once again to state the
> > obvious, protocols cannot prevent bad email, but they can provide tools
> > for handling it efficiently) may take the view that a brand-new identity
> > that has ac
On Mon 14/Apr/2025 19:01:35 +0200 Wei Chuang wrote:
Instead I think we need a better way that can describe the originator, when a
message was forwarded and when a participant tries to spoof the forwarding
description. DKIM2 does this. With that we can more easily see abusive
scenarios like re
It appears that Allen Robinson said:
>I generally don't see evaluation of the content as a problem DKIM2 needs to
>solve. The modification algebra allows for attribution of content to a
>signing domain. Local policy could always decide that certain classes of
>changes aren't deemed acceptable, an
It appears that Murray S. Kucherawy said:
>-=-=-=-=-=-
>
>On Fri, Apr 18, 2025 at 10:11 AM Alessandro Vesely wrote:
>
>> Why didn't the practice of signing by user name, as in i=
>> john@example.com,
>> catch on? Would personal responsibility have played a role? Will it now?
>>
>
>How would
On Fri, Apr 18, 2025 at 10:11 AM Alessandro Vesely wrote:
> On Mon 14/Apr/2025 19:01:35 +0200 Wei Chuang wrote:
> > Instead I think we need a better way that can describe the originator,
> when a
> > message was forwarded and when a participant tries to spoof the
> forwarding
> > description. DK
It appears that Alessandro Vesely said:
>On Wed 16/Apr/2025 21:04:27 +0200 Richard Clayton wrote:
>> In message , Larry M. Smith
>> writes
>>
>>>Experience has shown that threat actors are willing to go to great
>>>lengths to have access to a large pool of resources to abuse and then
>>>rapid
On Fri, Apr 18, 2025 at 10:11 AM Alessandro Vesely wrote:
> Why didn't the practice of signing by user name, as in i=
> john@example.com,
> catch on? Would personal responsibility have played a role? Will it now?
>
How would that address the replay question?
-MSK
__
