On Thu, Aug 3, 2023, at 11:08 AM, Laura Atkins wrote:
> I agree with this and have been working to recruit folks to come here. I’ll
> also be in Brooklyn and pitching the need for participation in the IETF
> working group from folks in the email space who are seeing issues with this.
I'll be th
On Sat, Aug 5, 2023, at 6:50 AM, Laura Atkins wrote:
>> On 5 Aug 2023, at 02:43, Jesse Thompson wrote:
>>
>> On Thu, Aug 3, 2023, at 11:08 AM, Laura Atkins wrote:
>>> I agree with this and have been working to recruit folks to come here. I’ll
>>> also be i
On Sun, Aug 6, 2023, at 2:00 PM, Emanuel Schorsch wrote:
>
>
> On Sun, Aug 6, 2023 at 11:52 AM Wei Chuang
> wrote:
>>
>>
>> On Sat, Aug 5, 2023 at 4:51 AM Laura Atkins wrote:
>>>
>>>
>>>> On 5 Aug 2023, at 02:43, Jesse Thompso
On Mon, Aug 7, 2023, at 3:42 AM, Alessandro Vesely wrote:
> On Sun 06/Aug/2023 18:07:15 +0000 Jesse Thompson wrote:
> > On Sat, Aug 5, 2023, at 6:50 AM, Laura Atkins wrote:
> >>> [...]
> >>>
> >> The replay attackers aren’t sending what we commonly think
On Mon, Aug 7, 2023, at 10:24 PM, Murray S. Kucherawy wrote:
> On Mon, Aug 7, 2023 at 7:43 PM Jesse Thompson wrote:
>> __
>> Similar to what Emmanuel is saying about detecting SPF/DKIM zone
>> misalignment, the solution to DKIM replay is for receivers to maintain some
>
On Mon, Aug 7, 2023, at 10:54 PM, Murray S. Kucherawy wrote:
> On Mon, Aug 7, 2023 at 8:00 PM Emanuel Schorsch
> wrote:
>> If there are not that many BCC recipients for a message then it is likely
>> not necessary as the duplicate message counting is unlikely to have a
>> negative impact. If th
On Tue, Aug 8, 2023, at 6:37 AM, Scott Kitterman wrote:
> On August 8, 2023 10:18:58 AM UTC, Laura Atkins
> wrote:
> >> On 6 Aug 2023, at 19:07, Jesse Thompson wrote:
> >>
> >> On Sat, Aug 5, 2023, at 6:50 AM, Laura Atkins wrote:
> >>>> On 5 Au
On Tue, Aug 8, 2023, at 12:55 AM, Murray S. Kucherawy wrote:
> On Mon, Aug 7, 2023 at 9:23 PM Jesse Thompson wrote:
>> __On Mon, Aug 7, 2023, at 10:54 PM, Murray S. Kucherawy wrote:
>>> On Mon, Aug 7, 2023 at 8:00 PM Emanuel Schorsch
>>> wrote:
>>>> If the
On Tue, Aug 8, 2023, at 5:18 AM, Laura Atkins wrote:
>> On 6 Aug 2023, at 19:07, Jesse Thompson wrote:
>>
>> On Sat, Aug 5, 2023, at 6:50 AM, Laura Atkins wrote:
>>>> On 5 Aug 2023, at 02:43, Jesse Thompson wrote:
>>>>
>>>> On Thu, Aug 3
On Wed, Aug 9, 2023, at 3:12 PM, Murray S. Kucherawy wrote:
> On Wed, Aug 9, 2023 at 9:07 AM Steffen Nurpmeso wrote:
>> All these problems are long known to (and "solved" by) the OpenPGP
>> (and S/MIME) communities, no?
>> In OpenPGP you can either encrypt-to a single or many recipients.
>> (With
On Fri, Aug 11, 2023, at 4:34 PM, Steffen Nurpmeso wrote:
> Jesse Thompson wrote
> The aspect of DKIM-subsignatures revealing Bcc: presence (of 1+
> recipients of a domain) if a Bcc: recipient replies to a message
> that Murray Kucherawy adduced i obviously have not fully address
On Sat, Aug 12, 2023, at 9:00 PM, Murray S. Kucherawy wrote:
> Lastly, I suggest that we've wandered pretty far afield from talking about
> the problem statement document.
Agreed. I realize my participation in exploring the feasibility of the solution
space is a rabbit hole for purposes of agree
Just a quick clarification:
You mentioned below that you didn't understand what ESP meant. I honestly have
a hard time unraveling the nuanced differences of Email Sending Provider and
MTAs, MSAs, MDAs, MTAs, "intermediary" and "forwarder"; all of which an ESP
could be providing as a service, d
On Mon, Aug 14, 2023, at 11:08 AM, Dave Crocker wrote:
> MTAs that are doing MTA functions are not supposed to make changes to
> the content and typically they don't.
I'm not designing a typical MTA. I want to design one that doesn't allow DKIM
replay.
Jesse
On Wed, Aug 16, 2023, at 8:26 AM, Laura Atkins wrote:
>
>
>> On 16 Aug 2023, at 12:59, Alessandro Vesely wrote:
>
>> BTW, how many replay attacks does an average ESP or MP notice in one month?
>
> Maybe representatives of either group could offer numbers.
ESPs have limited visibility becaus
On Thu, Aug 17, 2023, at 12:02 PM, Steffen Nurpmeso wrote:
> More, usually (it happened in the past) they then point to their
> web site, where you then *do*, and isn't the certificate of that
> website, which itself is likely verified by some CA in some CA
> pool that you do not have control over,
On Thu, Aug 17, 2023, at 5:30 AM, Alessandro Vesely wrote:
> When domain authentication arrived, they considered that /all/ messages from
> their domain must be authenticated.
Some receivers only send FBLs if the messages are DKIM=pass. So, the
responsible thing to do is for a MBP/ESP to sign e
On Sun, Aug 20, 2023, at 6:13 AM, Alessandro Vesely wrote:
> On Fri 18/Aug/2023 12:21:31 +0200 Emanuel Schorsch wrote:
> >>
> >>> For example, we have seen very large DKIM Replay attacks of youtube.com
> >>> Terms of Service emails. There is no malicious content in these emails,
> >>> but spammer
On Tue, Aug 29, 2023, at 9:02 PM, Dave Crocker wrote:
> DKIM, SPF, et al, are all 'collaborative' mechanisms. Originators and
> receivers opt in to use them. Both sides are necessary. So I'm wondering
> about looking for something the furthers the collaboration.
The lack of reporting to the o
On Thu, Sep 7, 2023, at 12:02 PM, Dave Crocker wrote:
> On 9/2/2023 7:29 AM, Jesse Thompson wrote:
>> On Tue, Aug 29, 2023, at 9:02 PM, Dave Crocker wrote:
>>> DKIM, SPF, et al, are all 'collaborative' mechanisms. Originators and
>>> receivers opt in to use
On Thu, Sep 7, 2023, at 11:42 PM, Murray S. Kucherawy wrote:
> On Thu, Sep 7, 2023 at 9:38 PM Jesse Thompson wrote:
>> __
>> Is rfc6651 a lost cause? It looks like it defines a reporting mechanism in
>> control of the signer, as opposed to the attacker.
>
> Has a
On Fri, Sep 8, 2023, at 9:23 AM, Murray S. Kucherawy wrote:
> On Fri, Sep 8, 2023 at 7:17 AM Jesse Thompson wrote:__
>>>> Is rfc6651 a lost cause? It looks like it defines a reporting mechanism in
>>>> control of the signer, as opposed to the attacker.
>>>
On Wed, Sep 27, 2023, at 9:06 AM, Alessandro Vesely wrote:
> On 9/27/23 13:36, Brotman, Alex wrote:
> > I've attached a draft that uses attributes of a passing DKIM
> > signature to create a DNS label that can be used to discover an FBL
> > address. This feedback address can be used by message r
23 matches
Mail list logo
