Re: Somewhat OT: Is this wrong?

2012-08-24 Thread Jason Haar
On 25/08/12 09:13, John Levine wrote: > As I understand it, you're referring to Exchange 2003, which was > shipped nine years ago, and which, if you believe the Wikipedia > article, hasn't been updated since 2005 and hasn't been supported > since 2009. What, exactly, do you expect to happen here? >

Re: Somewhat OT: Is this wrong?

2012-08-24 Thread David F. Skoll
On 24 Aug 2012 21:13:57 - "John Levine" wrote: > As I understand it, you're referring to Exchange 2003, The MSFT article referred to Exchange 2003. AFAIK, the behavior is the same even in modern versions of Exchange. For example http://technet.microsoft.com/en-us/library/aa996295.aspx is a

Re: Somewhat OT: Is this wrong?

2012-08-24 Thread John Levine
>It appears to be on by default as part of Exchange's Intelligent [sic] >Message Filter. As I understand it, you're referring to Exchange 2003, which was shipped nine years ago, and which, if you believe the Wikipedia article, hasn't been updated since 2005 and hasn't been supported since 2009. W

Re: Rules Needed to verify bank fraud

2012-08-24 Thread Alexandre Boyer
Yep, you are damn right. I work in a company where I maintain a list for canadian banks and more. It's a pain, but it's effective. Should a few responsible of us contribute, it would greatly help. Alex, from osmose. Bow before me, for I am root. On 12-08-24 02:03 PM, Matt Garretson wrote: > In

Re: Somewhat OT: Is this wrong?

2012-08-24 Thread David F. Skoll
On 24 Aug 2012 18:08:42 - "John Levine" wrote: > Microsoft's Sender-ID has been using SPF records to do Sender-ID > checks for a decade. You just noticed now? Yes. It's never been an issue for me before now. > In practice, Sender-ID has been a failure, nobody of any importance > uses it a

Re: Somewhat OT: Is this wrong?

2012-08-24 Thread John Levine
>The problem is that I publish SPF records for my domain in the expectation >that they'll be used correctly. By behaving incorrectly, Microsoft >is making it less attractive for sites to publish SPF records lest they >be misinterpreted. Microsoft's Sender-ID has been using SPF records to do Sende

Re: Somewhat OT: Is this wrong?

2012-08-24 Thread David F. Skoll
On Fri, 24 Aug 2012 19:01:34 +0100 Ned Slider wrote: > I don't think it diminishes the effectiveness of SPF though. Here's the problem: One of our services sends email with an envelope address of <> and a From: header address within roaringpenguin.com. In this case, an SPF implementation may use

Re: Rules Needed to verify bank fraud

2012-08-24 Thread Matt Garretson
In my experience, banks and financial institutions tend to be among the worst offenders against sane bulk mailing practices. SPF or DKIM will be broken or inconsistently applied, and sender/relay domains seem to vary with the weather. I think it will be tough to nail down all the valid domains a

Re: Somewhat OT: Is this wrong?

2012-08-24 Thread Ned Slider
On 24/08/12 16:55, David F. Skoll wrote: On Fri, 24 Aug 2012 16:29:18 +0100 Ned Slider wrote: If Microsoft want to examine the From header then that is their concern. Googling shows others tend to agree with you that their implementation is broken, or in your words wrong. It is certainly wrong

Re: Somewhat OT: Is this wrong?

2012-08-24 Thread David F. Skoll
On Fri, 24 Aug 2012 16:29:18 +0100 Ned Slider wrote: > If Microsoft want to examine the From header then that is their > concern. Googling shows others tend to agree with you that their > implementation is broken, or in your words wrong. It is certainly > wrong in SPF terms, but again it's not SP

Re: Somewhat OT: Is this wrong?

2012-08-24 Thread Ned Slider
On 24/08/12 16:03, David F. Skoll wrote: On Fri, 24 Aug 2012 15:58:27 +0100 Ned Slider wrote: The Microsoft Sender ID system is not the same as SPF. The technet article I posted implied (and real-world tests seem to confirm) that MSFT Exchange 2003 really does SPF lookups against header-send

Re: Somewhat OT: Is this wrong?

2012-08-24 Thread Jeremy McSpadden
Microsoft handles SPF using the Edge Transport service, in 2010. If it is configured on the domain. You are correct with the article, although 2003 is old ... -- Jeremy McSpadden Flux Labs, Inc | http://www.fluxlabs.net | Endless Solutions Office : 850-250-5590 x 101 |

Re: Somewhat OT: Is this wrong?

2012-08-24 Thread David F. Skoll
On Fri, 24 Aug 2012 15:58:27 +0100 Ned Slider wrote: > The Microsoft Sender ID system is not the same as SPF. The technet article I posted implied (and real-world tests seem to confirm) that MSFT Exchange 2003 really does SPF lookups against header-sender domains. Regards, David.

Re: Somewhat OT: Is this wrong?

2012-08-24 Thread Ned Slider
On 24/08/12 15:37, David F. Skoll wrote: Hi, Somewhat OT, but I figure there are SPF experts here: http://technet.microsoft.com/en-us/library/aa995992.aspx It appears to me that Microsoft uses header sender/from addresses to do an SPF lookup (see "How Sender ID Works") Am I the only one who t

Re: Somewhat OT: Is this wrong?

2012-08-24 Thread Jeremy McSpadden
Topic Last Modified: 2006-04-05 http://technet.microsoft.com/en-us/library/aa996295.aspx .. for Exchange 2010 -- Jeremy McSpadden Flux Labs, Inc | http://www.fluxlabs.net | Endless Solutions Office : 850-250-5590 x 101 | Cell : 850-890-2543 | Fax : 850-254-2955 On Aug

Somewhat OT: Is this wrong?

2012-08-24 Thread David F. Skoll
Hi, Somewhat OT, but I figure there are SPF experts here: http://technet.microsoft.com/en-us/library/aa995992.aspx It appears to me that Microsoft uses header sender/from addresses to do an SPF lookup (see "How Sender ID Works") Am I the only one who thinks this is utterly wrong? To me, this is