On 2018-02-17 03:48, Stefano Bagnara wrote:
Unfortunately there are still some server accepting everything and
sending bounces without headers or malformed bounces.
This is not a small group. Every few months I get massive floods of
bounces from some spambot that decided forging my domain is a
In article
you write:
>Missing the point there. It has nothing to do with knowing the To:
>address for a given recipient. If the VERP string fields are just
>simple numeric identifiers, a bad actor could send ones with
>incremented or otherwise changed numbers to make the bounce handling
>system
On 17 February 2018 at 18:46, John Levine wrote:
> In article
> you
> write:
>>The use of IDs instead of the real original email in the return-path
>>may also be because of length limits.
>>Max length of an email address is 254 chars. If you have to insert it
>>"almost clear" in a return path a
On Sat, Feb 17, 2018 at 12:43 PM, John Levine wrote:
> In article
> you
> write:
>>I am saying that I think it's unwise to put what amounts to
>>subscriber-level PII or basically clear identifiers in the Return
>>Path/MFROM, if mail back to that address is interpreted as an
>>indication that an
In article
you write:
>>>My 2cents: some ISPs require a manual registration based on the MAIL FROM
>>>email address (not just the domain name),
>>>hence VERP can't be used for them.
>>
>> Sounds like an excellent reason to get a less clueless ISP.
>>
>> Long before VERP, we had wildcard names li
In article
you write:
>The use of IDs instead of the real original email in the return-path
>may also be because of length limits.
>Max length of an email address is 254 chars. If you have to insert it
>"almost clear" in a return path and change the domain then there are
>chance your return-path
In article
you write:
>I am saying that I think it's unwise to put what amounts to
>subscriber-level PII or basically clear identifiers in the Return
>Path/MFROM, if mail back to that address is interpreted as an
>indication that an action should be taken (like logging a bounce and
>potentially s
On 17 February 2018 at 17:21, Al Iverson wrote:
> []
> I am saying that I think it's unwise to put what amounts to
> subscriber-level PII or basically clear identifiers in the Return
> Path/MFROM, if mail back to that address is interpreted as an
> indication that an action should be taken (li
On Sat, Feb 17, 2018 at 11:28 AM, Stefano Bagnara wrote:
> On 17 February 2018 at 14:23, Benjamin BILLON wrote:
>> My 2cents: some ISPs require a manual registration based on the MAIL FROM
>> email address (not just the domain name), hence VERP can't be used for them.
>
> Hi Benjamin,
>
> Intere
On Sat, Feb 17, 2018 at 11:19 AM, John Levine wrote:
> In article
>
> you write:
>>My 2cents: some ISPs require a manual registration based on the MAIL FROM
>>email address (not just the domain name),
>>hence VERP can't be used for them.
>
> Sounds like an excellent reason to get a less cluele
On 17 February 2018 at 14:23, Benjamin BILLON wrote:
> My 2cents: some ISPs require a manual registration based on the MAIL FROM
> email address (not just the domain name), hence VERP can't be used for them.
Hi Benjamin,
Interesting, can you elaborate? real ISP example?
What does it happen if y
Sure, there's pros and cons.
VERP Pros
1. Makes processing async (delayed) bounces much easier
2. Makes processing the infinitely variable content of NDNs less of a
concern overall.
VERP Cons
1. Confuses admins who are trying to whitelist in bound mail based on
MFROM address.
2. Confuses people w
On Fri, Feb 16, 2018 at 8:58 PM, John Levine wrote:
> In article <32db9480-1666-d007-4d83-976d891e2...@linuxmagic.com> you write:
>>> It's not really wise to use non-obfuscated return paths when using
>>> VERP. If it's easily decodable, a goofball could spin up fake ones to
>>> try to get 'em logg
In article
you write:
>My 2cents: some ISPs require a manual registration based on the MAIL FROM
>email address (not just the domain name),
>hence VERP can't be used for them.
Sounds like an excellent reason to get a less clueless ISP.
Long before VERP, we had wildcard names like joe+whate...
My 2cents: some ISPs require a manual registration based on the MAIL FROM email
address (not just the domain name), hence VERP can't be used for them.
--
Benjamin Billon
-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Stefano Bagnara
Sent: Saturday, 17 Feb
On 17 February 2018 at 02:19, Michael Peddemors wrote:
> [...]
> And since the direction most MTA's go is to reduce any form of 'bounce' or
> backscatter, the idea of using the VERP to detect 'bounces' is probably not
> as important as it once was, unless the emails are forwarded or client side
>
16 matches
Mail list logo
