It appears that Al Iverson via mailop said:
>If you've got any evidence of x= in the wild that you care to share,
>thank you kindly in advance!
I've been collecting the DKIM signatures of mail that lands in my
personal mailboxes. Since May there are 19,000 signed messages
of which about 5000 hav
It appears that Dave Crocker via mailop said:
>
>On 10/9/2024 11:57 PM, Matus UHLAR - fantomas via mailop wrote:
>> checking SPF is a fallback mechanism.
>
>SPF is a fairly complex, fragile tool and it makes DMARC.. It's
>inclusion in DMARC is always justified with language such as you used,
>b
On 10Oct24, Al Iverson via mailop apparently wrote:
> > > If you've got any evidence of x= in the wild that you care to share,
> > > thank you kindly in advance!
I'd be curious as to evidence of systems which actually re-categorise email
based on
x=. And how often such recategorisations are real
Hi John,
if you don't mind me asking, when you say:
> which makes it easy for any of their customers to SPF spoof any
other customer.
you mean the header or the envelope from ? Afaik, the envelope from is
(should be!) tied to the authenticated user
Scott
On Friday, 11/10/2024 at 00:21 John Lev
* Dave Crocker:
> Longer-term use has, at least, operational import, for access to the
> DKIM key and for access to the message in its signed form. Neither of
> these is automatically cheap, given operational vagaries and given the
> manipulations many email systems do to the messages they handle.
On 10/9/2024 11:57 PM, Matus UHLAR - fantomas via mailop wrote:
checking SPF is a fallback mechanism.
SPF is a fairly complex, fragile tool and it makes DMARC.. It's
inclusion in DMARC is always justified with language such as you used,
but I've never seen any data offered about just how us
On 09.10.24 21:59, Dave Crocker via mailop wrote:
Since the primary function of the SMTP Mail From command is to specify
an address for receiving email handling problem notices, alignment with
the rfc5322.From field domain would seem to be secondary, at best.
On 10.10.24 08:32, Thomas Walter vi
Al Iverson via mailop:
I love the idea of the X tag with DKIM to set an expiration date after
which the signature should no longer be considered valid. (As
described here, and many other places: https://xnnd.com/dqio ). But
who actually has implemented this, if anyone? Are you aware of any
ISPs
On Wed, 9 Oct 2024, Al Iverson via mailop wrote:
I love the idea of the X tag with DKIM to set an expiration date after
which the signature should no longer be considered valid. (As
described here, and many other places: https://xnnd.com/dqio ). But
who actually has implemented this, if anyone?
On 10/10/2024 3:42 AM, Ralph Seichter via mailop wrote:
I love the idea of the X tag with DKIM to set an expiration date after
which the signature should no longer be considered valid.
Why is that, I wonder? A digital signature does not age, after all.
Either a signature matches the signed paylo
> If you've got any evidence of x= in the wild that you care to share,
> thank you kindly in advance!
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=customer.domain; s=k3;
t=1728563812; x=1728824312; i=news@customer.domain;
bh=x;
h=Subject:From:Reply-To:To:Date:Mes
* Al Iverson via mailop:
> I love the idea of the X tag with DKIM to set an expiration date after
> which the signature should no longer be considered valid.
Why is that, I wonder? A digital signature does not age, after all.
Either a signature matches the signed payload or it does not; there is
Thanks, all.
My answer to the question of why: To make it slightly harder for bad
guys to pick up and DKIM replay older messages. Putting a timer on
that signature is like leaving the milk out of the fridge after
opening it.
Cheers,
Al Iverson
--
Al Iverson // 312-725-0130 // Chicago
http://
On 10/10/2024 9:07 AM, Ralph Seichter via mailop wrote:
You call that attacking? 😂 Damn, but you're acting insecure. Also,
keep your ad hominem approach to yourself, I am not interested.
I just love how bullies respond to push-back. So interesting to see the
projections and contradictions the
On Thu 10/Oct/2024 14:42:43 +0200 Atro Tossavainen via mailop wrote:
If you've got any evidence of x= in the wild that you care to share,
thank you kindly in advance!
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=customer.domain; s=k3;
t=1728563812; x=1728824312; i=news@custo
On Thu, Oct 10, 2024 at 12:48 PM Mark E. Mallett via mailop
wrote:
>
> On Wed, Oct 09, 2024 at 05:47:43PM -0500, Al Iverson via mailop wrote:
> > I love the idea of the X tag with DKIM to set an expiration date after
> > which the signature should no longer be considered valid. (As
> > described h
On Wed, Oct 09, 2024 at 05:47:43PM -0500, Al Iverson via mailop wrote:
> I love the idea of the X tag with DKIM to set an expiration date after
> which the signature should no longer be considered valid. (As
> described here, and many other places: https://xnnd.com/dqio ). But
> who actually has im
I ran a check across our spamtraps.
Approximately 4% of the messages we received yesterday had the x= field.
Senders that included it were Gmail, Microsoft, Apple, Mailchimp, Mailgun,
Splio, dotdigital, HubSpot, Mailjet, Selligent, Campaigner, GetResponse,
Salesmanago, TurboSMTP, Postmark, Aweber
We, and a few other ESPs, implemented the x= tag originally for the purpose of
reducing the window of opportunity for DKIM replay attacks.
Yes I know It's a controversial topic, enforcement is optional and the RFC
states it is not intended for that purpose but, in a layered approach against
mess
On 10/10/2024 8:17 AM, Alberto Domenico Miscia via mailop wrote:
in a layered approach against messaging abuse, I think everything
plays its part.
In psychology, avoidance training is especially 'sticky' because the
subject does not test whether the thing that is (now) being avoided is
stil
* Dave Crocker:
> How delightful. Attacking with creation of a post-hoc requirement.
You call that attacking? :-D Damn, but you're acting insecure. Also,
keep your ad hominem approach to yourself, I am not interested.
-Ralph
___
mailop mailing list
mai
* Al Iverson via mailop:
> My answer to the question of why: To make it slightly harder for bad
> guys to pick up and DKIM replay older messages.
The problem I see with trusting the x-tag is that one cannot be sure if
the functionality is implemented, or if the tag is "honored" by third
parties.
On 10/10/2024 8:05 AM, Al Iverson via mailop wrote:
My answer to the question of why: To make it slightly harder for bad
guys to pick up and DKIM replay older messages.
My understanding is that the observed DKIM replay attacks have done the
replay very quickly -- maybe instantly -- upon origi
On 10/10/2024 6:19 AM, Ralph Seichter via mailop wrote:
* Dave Crocker:
Longer-term use has, at least, operational import, for access to the
DKIM key and for access to the message in its signed form. Neither of
these is automatically cheap, given operational vagaries and given the
manipulations
On 10/9/2024 11:32 PM, Thomas Walter via mailop wrote:
On 09.10.24 21:59, Dave Crocker via mailop wrote:
Since the primary function of the SMTP Mail From command is to specify
an address for receiving email handling problem notices, alignment with
the rfc5322.From field domain would seem to be s
• Kirill Miazine via mailop [2024-10-08 00:53]:
Apparently Abusix migrated user authentication system to Auth0.
As part of the migration, they nuked MFA backup codes, and request that
user disables and re-enables MFA to get new backup codes.
Now, that flow does not work, at least not for me -
26 matches
Mail list logo
