In article <6134b4a7-9da8-2935-e9f6-e4374b3fd...@spamtrap.tnetconsulting.net>,
Grant Taylor via NANOG wrote:
https://datatracker.ietf.org/doc/draft-levine-dkim-conditional/
The only way that I can think of is for the originating mail server to
DKIM sign the message twice, 1st with the classi
On 11/30/2017 07:38 PM, John R. Levine wrote:
I did a draft of a double signing thing that let the sender say who's
expected to sign a modified forwarded version. The big mail systems
weren't interested. They want the recipient system to decide.
https://datatracker.ietf.org/doc/draft-levine-
Yeah, that's what ARC is intended to do.
Hum. My understanding of ARC is that it's a way for a server to assert
things about what it received. - Where as my interpretation of what we were
discussing is the sender authorizing intermediary MTAs to send the message.
The former is after the f
On 11/30/2017 06:47 PM, John Levine wrote:
I suppose that would make sense for the 0.1% of mailing lists run by
people with the skill and interest to hack on their list software.
I guess I'm in the 0.1% then.
ATPS was an experiment that failed. Nobody uses it, it didn't scale.
That's sort
In article <3d84c686-aa5f-8180-8a37-be77fef94...@tnetconsulting.net> you write:
>I would also configure MLMs to forward unknown bounces to the -owner.
>Hopefully the -owner would then feed (a sanitized copy of) the unknown
>bounce type the MLM maintainer(s) to improve said MLM.
I suppose that wo
I'd love to hear, not here particularly, from someone very
knowledgeable about the history of postal fraud and abuse.
I suspect there are more than a few parallels and we'd find out how
much of our efforts amount to reinventing wheels once one peels away
the technical abstractions and jargon. Bas
It's a one way correlation. If the rDNS is busted, you can be pretty
sure you don't want the mail. If the rDNS is OK, you need more clues.
Pretty sure, but far from certain.
Even this one-way correlation is rather tenuous. It’s mostly harmless because
everyone knows that mail servers are filt
On 11/30/2017 12:16 PM, Owen DeLong wrote:
it’s a rather large PITA for a small site with an admin that needs to count on
most things running on autopilot most of the time in order to survive.
I have to disagree with that.
I've been running SpamAssassin for > 15 years and have found it to be
> On Nov 30, 2017, at 12:11 , valdis.kletni...@vt.edu wrote:
>
> On Thu, 30 Nov 2017 11:16:09 -0800, Owen DeLong said:
>> i.e. rarely to bank robbers sign their names to the robbery note.
>
> An amazing number of them use a deposit slip with their name on it for the
> note.
I’m guessing that t
On Thursday, 30 November, 2017 10:55, Bjørn Mork , wrote:
>Steve Atkins writes:
>>> On Nov 30, 2017, at 1:22 AM, Bjørn Mork wrote:
>>> "John Levine" writes:
>> It tells you something about the competence of the operator and
>> whether the host is intended by the owners to send email.
>No.
On 11/30/2017 11:30 AM, John Levine wrote:
If you look at the bounce handling in packages like sympa and mailman,
they have lots of heuristics to try to figure out what bounces mean.
They work OK but I agree they are far from perfect.
I never have. Further, I think I'd like to not go insane.
On Thu, 30 Nov 2017 11:16:09 -0800, Owen DeLong said:
> i.e. rarely to bank robbers sign their names to the robbery note.
An amazing number of them use a deposit slip with their name on it for the note.
pgpLt6XbYQz1w.pgp
Description: PGP signature
On Thu, Nov 30, 2017 at 10:22:40AM +0100, Bj??rn Mork wrote:
> rDNS is not a host attribute, and will therefore tell you exactly
> nothing about the host.
The lack of rDNS disqualifies a system from being a legitimate mail host.
The lack of FCrDNS does the same. (Note that it's usually prudent to
> On Nov 30, 2017, at 10:28 , John Levine wrote:
>
> In article you write:
>>> Or, for a more empirical way to look at it, there's reasonable correlation
>>> between having missing, generic or incorrect reverse DNS and the host
>>> being a source of unwanted or malicious email.
>>
>> I’m not s
In article you write:
>> Without something like VERP to encode the original recipient in the return
>> address, the percentage of bounces your list successfully processes each
>> month will slowly but steadily decline.
>
>I think it's entirely possible to teach MLMs about the most common forms
In article you write:
>> Or, for a more empirical way to look at it, there's reasonable correlation
>> between having missing, generic or incorrect reverse DNS and the host
>> being a source of unwanted or malicious email.
>
>I’m not so sure about that.
It's a one way correlation. If the rDNS is
On 11/30/2017 01:53 AM, Benoit Panizzon wrote:
DKIM is not widely used and DKIM does break a lot of mailinglists and
sometimes also SRS compliant forwarding.
How does DKIM break SRS compliant forwarding? (Assuming that only the
message envelope is modified.)
Or are you referring to DMARC's
> On Nov 30, 2017, at 09:55 , Bjørn Mork wrote:
>
> Steve Atkins writes:
>
>>> On Nov 30, 2017, at 1:22 AM, Bjørn Mork wrote:
>>>
>>> "John Levine" writes:
>>>
Broken rDNS is just broken, since there's approximately no reason ever
to send from a host that doesn't know its own nam
> On Nov 30, 2017, at 09:03 , Steve Atkins wrote:
>
>
>> On Nov 30, 2017, at 1:22 AM, Bjørn Mork wrote:
>>
>> "John Levine" writes:
>>
>>> Broken rDNS is just broken, since there's approximately no reason ever
>>> to send from a host that doesn't know its own name.
>>
>> rDNS is not a host
Steve Atkins writes:
>> On Nov 30, 2017, at 1:22 AM, Bjørn Mork wrote:
>>
>> "John Levine" writes:
>>
>>> Broken rDNS is just broken, since there's approximately no reason ever
>>> to send from a host that doesn't know its own name.
>>
>> rDNS is not a host attribute, and will therefore tell
> On Nov 30, 2017, at 1:22 AM, Bjørn Mork wrote:
>
> "John Levine" writes:
>
>> Broken rDNS is just broken, since there's approximately no reason ever
>> to send from a host that doesn't know its own name.
>
> rDNS is not a host attribute, and will therefore tell you exactly
> nothing about t
"John Levine" writes:
> Broken rDNS is just broken, since there's approximately no reason ever
> to send from a host that doesn't know its own name.
rDNS is not a host attribute, and will therefore tell you exactly
nothing about the host.
Bjørn
Hi
> For those who operate public facing SMTPd that receive a large volume
> of incoming traffic, and accordingly, a lot of spam...
>
> How much weight do you put on an incoming message, in terms of adding
> additional score towards a possible value of spam, for total absence
> of DKIM signature?
On 11/29/2017 07:16 PM, William Herrin wrote:
There's no "must" standard for the format of bounce message, deferred
bounces are still a thing and mail gets auto-forwarded to addresses which
bounce (that is, bounce from an address different than the one you sent to).
Agreed. I wish that more s
On Wed, Nov 29, 2017 at 5:50 PM, John Levine wrote:
>
> In article <3677d101-3874-b8e4-87b3-37e4dd870...@tnetconsulting.net> you
write:
> >> Normal lists put their own bounce address in the
> >> envelope so they can handle the bounces, so their own SPF applies.
> >
> >Yep. V.E.R.P. is a very powe
On Wed, 29 Nov 2017 13:46:05 -0800, Michael Thomas said:
> Apparently the levine unit is hearing things again because nobody --
> least of all me -- has
> said anything about arc.
I believe it was a pre-emptive statement.
pgp2H7Fy1I06i.pgp
Description: PGP signature
On 11/29/2017 01:11 PM, John Levine wrote:
PPS: Please spare us pontification about why ARC can't possibly work
unless you're prepared to cite section numbers in the ARC spec
supporting your argument.
Apparently the levine unit is hearing things again because nobody --
least of all me -- has
On 11/29/2017 03:00 PM, Grant Taylor via NANOG wrote:
On 11/29/2017 03:46 PM, Michael Thomas wrote:
You know what the original header was via the signature. You can take
the delta of the current subject line and remove any additions and
validate the signature. Whether you're happy with the addi
On 11/29/2017 03:46 PM, Michael Thomas wrote:
You know what the original header was via the signature. You can take
the delta of the current subject line and
remove any additions and validate the signature. Whether you're happy
with the additions is a different concern,
Are you referring to t
In article <11e9c18dac053c4bb91b95a4993c1...@mail.dessus.com> you write:
>
>Not old enough to have had an Executive Secretary processing your incoming
>snail-mail before it gets to you?
Probably about the same age as you, but I hope that after 50 years of
e-mail we have figured out that the paral
In article <3677d101-3874-b8e4-87b3-37e4dd870...@tnetconsulting.net> you write:
>> Normal lists put their own bounce address in the
>> envelope so they can handle the bounces, so their own SPF applies.
>
>Yep. V.E.R.P. is a very powerful thing. (B.A.T.V. is an interesting
>alternative, but I ne
On 11/29/2017 02:40 PM, Grant Taylor via NANOG wrote:
On 11/29/2017 03:24 PM, Michael Thomas wrote:
Message footers and subject lines can be dealt with. That's already
been proven within the current DKIM spec.
Please humor my ignorance and explain how a subject line (which is
(over)signed) ca
On 11/29/2017 03:24 PM, Michael Thomas wrote:
Message footers and subject lines can be dealt with. That's already been
proven within the current DKIM spec.
Please humor my ignorance and explain how a subject line (which is
(over)signed) can be dealt with in the current DKIM spec?
I get how f
On 11/29/2017 01:11 PM, John Levine wrote:
In article <1d458e76-ab61-db28-79cb-6aabcab4f...@mtcc.com> you write:
I've been saying for years that it should be possible to create the
concept of DKIM-friendly mailing lists. ...
I suppose, if your users are OK with no subject tags, message footers,
--Original Message-
>From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of John Levine
>Sent: Wednesday, 29 November, 2017 14:28
>To: nanog@nanog.org
>Subject: Re: Incoming SMTP in the year 2017 and absence of DKIM
>
>In article <20171129183535.gb18...@ucsd.edu> y
On 11/29/2017 02:13 PM, John Levine wrote:
A mailing list sending with bad rDNS or bad SPF is a pretty cruddy
mailing list.
s/mailing list sending/sending server/
Agreed.
Normal lists put their own bounce address in the
envelope so they can handle the bounces, so their own SPF applies.
Yep
In article <20171129183535.gb18...@ucsd.edu> you write:
>As I see it, the problem isn't with DKIM, it's with the
>implementation of DMARC and other such filters. Almost all
>of them TEST THE WRONG FROM ADDRESS. They compare the Author's
>address (the header From: line) instead of the Sender's add
On 11/29/2017 11:35 AM, Brian Kantor wrote:
As I see it, the problem isn't with DKIM,
I don't think DKIM is (the source of) /the/ problem per say. Rather I
think it's a complication of other things (DMARC) that interact with DKIM.
it's with the
implementation of DMARC and other such filter
In article <85393a12-a51f-6722-4171-118919fcc...@mtcc.com> you write:
>The real problem with large enterprise that we found, however, is that
>it was really hard to track down every 25 year
>old 386 sitting in dusty corners that was sending mail directly instead
>of through corpro servers to make
In article <88a1ae22-a5c1-dc46-caa7-cca813109...@tnetconsulting.net> you write:
> - Requiring Reverse DNS
> - SPF
>
>I'm not commenting about the viability of these things, just that they
>are fairly well accepted and that they can trivially break mailing lists.
A mailing list sending with bad
In article <1d458e76-ab61-db28-79cb-6aabcab4f...@mtcc.com> you write:
>I've been saying for years that it should be possible to create the
>concept of DKIM-friendly mailing lists. ...
I suppose, if your users are OK with no subject tags, message footers,
or any of the other cruft that list users
As I see it, the problem isn't with DKIM, it's with the
implementation of DMARC and other such filters. Almost all
of them TEST THE WRONG FROM ADDRESS. They compare the Author's
address (the header From: line) instead of the Sender's address,
(the SMTP Mail From: transaction or Sender: header lin
only a Stairway to Heaven says a
lot about anticipated traffic volume.
>-Original Message-
>From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Eric Kuhnke
>Sent: Wednesday, 29 November, 2017 11:19
>To: nanog@nanog.org list
>Subject: Re: Incoming SMTP in the year 2017 and
On 11/29/2017 01:35 PM, Blake Hudson wrote:
Where DKIM/SPF really help is when there's a failure that indicates a
message has been spoofed.
There are other legitimate things that can break DKIM signatures. I
have personally seen changes in content type encoding break a DKIM
signature.
The
On 11/29/2017 01:17 PM, Michael Thomas wrote:
Remember: if you treat a broken signature better than lack of signature,
spammers will just insert phony signatures to game you.
So they really are the same.
Yes, they are /effectively/ the same. However it is possible to
distinguish between a b
On Wed, Nov 29, 2017 at 12:17:57PM -0800, Michael Thomas wrote:
> The real problem with large enterprise that we found, however, is
> that it was really hard to track down every 25 year
> old 386 sitting in dusty corners that was sending mail directly
> instead of through corpro servers to make cer
Eric Kuhnke wrote on 11/29/2017 11:03 AM:
For those who operate public facing SMTPd that receive a large volume of
incoming traffic, and accordingly, a lot of spam...
How much weight do you put on an incoming message, in terms of adding
additional score towards a possible value of spam, for tota
On 11/29/2017 11:53 AM, Grant Taylor via NANOG wrote:
On 11/29/2017 11:33 AM, Michael Thomas wrote:
A broken DKIM signature is indistinguishable from a lack of a
signature header.
I'll argue that it's possible to distinguish between the two.
*However* the DKIM standard states that you should
On 11/29/2017 11:03 AM, valdis.kletni...@vt.edu wrote:
Only 90% should be considered horribly broken. Anything that makes it
difficult to run a simple mailing list with less that at least 2 or 3
9's is unacceptable.
There have been a number of things that fall into that category, two of
whic
On 11/29/2017 11:33 AM, Michael Thomas wrote:
A broken DKIM signature is indistinguishable from a lack of a signature
header.
I'll argue that it's possible to distinguish between the two. *However*
the DKIM standard states that you should treat a broken DKIM signature
the same as no DKIM sig
A broken DKIM signature is indistinguishable from a lack of a signature
header. It's possible that as a heuristic
you might be able to divine something from lack of signature and the
existence of selectors for a domain, but
afaik there isn't an easy way to query for all of the dkim selectors for
Anecdotal experience. I'm subscribed to a lot of mailing lists. Some pass
through DKIM correctly. Others re-sign the message with DKIM from their own
server.
>98% of the spam that gets through my filters, which comes from an IP not
in any of the major RBLs, has no DKIM signature for the domain. My
On 11/29/2017 10:03 AM, valdis.kletni...@vt.edu wrote:
On Wed, 29 Nov 2017 09:32:27 -0800, Michael Thomas said:
There are quite a few things you can do to get the mailing list
traversal rate > 90%, iirc.
Only 90% should be considered horribly broken. Anything that makes
it difficult to run a
On Wed, 29 Nov 2017 09:32:27 -0800, Michael Thomas said:
> There are quite a few things you can do to get the mailing list
> traversal rate > 90%, iirc.
Only 90% should be considered horribly broken. Anything that makes
it difficult to run a simple mailing list with less that at least 2 or 3 9's
On Wed, 2017-11-29 at 12:24 -0500, William Herrin wrote:
> Alright, so "horribly broken design" overstates the case but there are
> enough problems that weighting the absence of DKIM at something other
> than zero will surely do more harm than good.
+1. A DKIM signature by itself means nothing mor
On 11/29/2017 09:24 AM, William Herrin wrote:
On Wed, Nov 29, 2017 at 12:17 PM, Stephen Frost wrote:
* William Herrin (b...@herrin.us) wrote:
On Wed, Nov 29, 2017 at 12:03 PM, Eric Kuhnke
wrote:
How much weight do you put on an incoming message, in terms of adding
additional score towards
On Wed, Nov 29, 2017 at 12:17 PM, Stephen Frost wrote:
> * William Herrin (b...@herrin.us) wrote:
> > On Wed, Nov 29, 2017 at 12:03 PM, Eric Kuhnke
> wrote:
> > > How much weight do you put on an incoming message, in terms of adding
> > > additional score towards a possible value of spam, for to
Greetings,
* William Herrin (b...@herrin.us) wrote:
> On Wed, Nov 29, 2017 at 12:03 PM, Eric Kuhnke wrote:
>
> > For those who operate public facing SMTPd that receive a large volume of
> > incoming traffic, and accordingly, a lot of spam...
> >
> > How much weight do you put on an incoming mess
On Wed, Nov 29, 2017 at 12:03 PM, Eric Kuhnke wrote:
> For those who operate public facing SMTPd that receive a large volume of
> incoming traffic, and accordingly, a lot of spam...
>
> How much weight do you put on an incoming message, in terms of adding
> additional score towards a possible val
For those who operate public facing SMTPd that receive a large volume of
incoming traffic, and accordingly, a lot of spam...
How much weight do you put on an incoming message, in terms of adding
additional score towards a possible value of spam, for total absence of
DKIM signature?
60 matches
Mail list logo
