Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Jaroslaw Rafa via mailop
Dnia 18.10.2024 o godz. 14:24:21 Bill Cole via mailop pisze: > > It's been a while since I checked, but it used to be that a web > server could instruct the browser to display any URL by setting the > Location header (but NOT refreshing.) You mean response code 200 with a Location: header? Never

Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Bill Cole via mailop
On 2024-10-18 at 13:57:57 UTC-0400 (Fri, 18 Oct 2024 19:57:57 +0200) Jaroslaw Rafa via mailop is rumored to have said: Dnia 18.10.2024 o godz. 13:51:10 Michael Orlitzky via mailop pisze: On Fri, 2024-10-18 at 19:33 +0200, Jaroslaw Rafa via mailop wrote: I don't understand why anybody is develo

Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Bill Cole via mailop
On 2024-10-18 at 13:33:41 UTC-0400 (Fri, 18 Oct 2024 19:33:41 +0200) Jaroslaw Rafa via mailop is rumored to have said: [...] Does anybody have any reasonable explanation for that? Some 3rd-rate maintenance engineer at MS assigned to Outlook needed to have a deliverable for his quarterly rem

Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Jaroslaw Rafa via mailop
Dnia 18.10.2024 o godz. 13:51:10 Michael Orlitzky via mailop pisze: > On Fri, 2024-10-18 at 19:33 +0200, Jaroslaw Rafa via mailop wrote: > > I don't understand why anybody is developing such stupid mail clients that > > display either one or the other, or do any transformations on the From: > > hea

Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Michael Orlitzky via mailop
On Fri, 2024-10-18 at 19:33 +0200, Jaroslaw Rafa via mailop wrote: > I don't understand why anybody is developing such stupid mail clients that > display either one or the other, or do any transformations on the From: > header at all, instead of just displaying it as is... > > Does anybody have an

Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Jaroslaw Rafa via mailop
Dnia 18.10.2024 o godz. 13:46:07 Slavko via mailop pisze: > AFAIK, the SPF, DKIM nor DMARC never had SPAM as goal. They all (together > or standalone), from my point of vie, did significant drop of simple fake > sender > usage, in mean, if one's bank implements (properly) them and you will check >

Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Jaroslaw Rafa via mailop
Dnia 18.10.2024 o godz. 14:24:05 Slavko via mailop pisze: > > Of course, and spammers would be stupid to not abuse the > fact, that email client allow to setup to show display name > without email address, with fallback to email, if there is no > DN. How one then have to distinguish it? > > Here,

Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Slavko via mailop
Dňa 18. októbra 2024 14:38:42 UTC používateľ Bill Cole via mailop napísal: >On 2024-10-18 at 10:24:05 UTC-0400 (Fri, 18 Oct 2024 14:24:05 +) >Slavko via mailop >is rumored to have said: > >[...] >> BTW, this ML is exact example how bad it is, as i setup >> to show email, but here i lost to s

Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Dave Crocker via mailop
On 10/18/2024 6:16 AM, Paul Smith* via mailop wrote: A valid SPF does not indicate it is not spam. This is worth emphasizing.  Some others have also pointed this out, but it still is often missed: If a an identifier is authenticated with a stream of messages, then that stream of messages c

Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Paul Smith* via mailop
On 18/10/2024 15:00, Hans-Martin Mosner via mailop wrote: Am 18.10.24 um 15:16 schrieb Paul Smith* via mailop: A spammer can send SPF-authenticated mail 'From: "b...@microsoft.com" ', but any spam filtering knows that it's not really from Microsoft. What they actually do is register a domai

Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Bill Cole via mailop
On 2024-10-18 at 10:24:05 UTC-0400 (Fri, 18 Oct 2024 14:24:05 +) Slavko via mailop is rumored to have said: [...] BTW, this ML is exact example how bad it is, as i setup to show email, but here i lost to see, who was sender, and if someone do not add signature... ;-) The real original sen

Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Slavko via mailop
Dňa 18. októbra 2024 14:00:30 UTC používateľ Hans-Martin Mosner via mailop napísal: >What they actually do is register a domain "micorsoft.com", send >SPF-authenticated mail 'From: "b...@microsoft.com" ', and >neither spam filtering software (which doesn't see the similarity) nor the >human v

Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Hans-Martin Mosner via mailop
Am 18.10.24 um 15:16 schrieb Paul Smith* via mailop: A spammer can send SPF-authenticated mail 'From: "b...@microsoft.com" ', but any spam filtering knows that it's not really from Microsoft. What they actually do is register a domain "micorsoft.com", send SPF-authenticated mail 'From: "b..

Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Slavko via mailop
Dňa 18. októbra 2024 12:09:01 UTC používateľ Jaroslaw Rafa via mailop napísal: >That's the most important point against SPF, DKIM and DMARC. If they don't >stop spam at all, and are quite limited in preventing forged emails (plus >give a lot of trouble with FPs), are they really still worth push

Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Paul Smith* via mailop
On 18/10/2024 13:09, Jaroslaw Rafa via mailop wrote: Dnia 18.10.2024 o godz. 10:20:46 Hans-Martin Mosner via mailop pisze: In any case, spammers aren't dumb, and they can set up perfectly valid SPF and DKIM for their domains conveniently hidden behind That's the most important point against SPF

Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Louis via mailop
Yep, that's what backscatter is, isn't it? Groetjes, Louis Op donderdag 17 oktober 2024 om 17:21, schreef Gellner, Oliver via mailop : > On 17.10.2024 at 17:11 Louis via mailop [mailop@mailop.org]> wrote: > > >> Wouldn't backscatter spamming already currently work

Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Jaroslaw Rafa via mailop
Dnia 18.10.2024 o godz. 10:20:46 Hans-Martin Mosner via mailop pisze: > In any case, spammers aren't dumb, and they can set up perfectly > valid SPF and DKIM for their domains conveniently hidden behind > domain registrars and hosters who would rather bite and swallow > their tongue than disclose w

Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Louis via mailop
Yeah, that's true. A lot take SPF as an indicator instead of a hard policy. Even then, it'd be stupid to send a bounce to an SPF hard failed return address, so backscatter is still limited. Groetjes, Louis Op donderdag 17 oktober 2024 om 18:23, schreef Mark Milhollan via mailop : > On Thu, 17

Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Matus UHLAR - fantomas via mailop
On 10/17/2024 10:00 AM, Alessandro Vesely via mailop wrote: Missing a backup authentication method would make DMARC even less reliable. On 17.10.24 17:18, Dave Crocker via mailop wrote: A backup method that adds complexity and breaks under significant, common scenarios does not sound like a gr

Re: [mailop] SPF fragility vs. utility

2024-10-18 Thread Hans-Martin Mosner via mailop
Am 17.10.24 um 19:42 schrieb L. Mark Stone via mailop: Back in May at the InboxExpo conference in Atlanta, I was told by a consultant to very large senders that they advise customers to set their DMARC to "p=quarantine" because they had been observing that Microsoft's processing of some emails