Re: Whitelisting DKIM-signed domains

I’ll just pick out one particular argument, as RW touched upon the others: | Why would you trust list B and W knowing that they can be corrupted? That was one specific concern in the design of dnswl.org , which we documented eg here: https://www.dnswl.org/?page_id=23

Re: Whitelisting DKIM-signed domains

On Wed, 11 Oct 2017 07:13:29 -0400 Rupert Gallagher wrote: > The problem I see here is the number of people who really want to > push blacklists and whitelists, as if they were a magic thing to add > to their served to catch spam and blame for the failures. Why would > you trust list B and W knowi

Re: Whitelisting DKIM-signed domains

On 10/11/2017 06:13 AM, Rupert Gallagher wrote: The problem I see here is the number of people who really want to push blacklists and whitelists, as if they were a magic thing to add to their served to catch spam and blame for the failures. Why would you trust list B and W knowing that they can

Re: Whitelisting DKIM-signed domains

, Oct 8, 2017 at 4:18 PM, David Jones wrote: > On 10/08/2017 08:42 AM, Rupert Gallagher wrote: > You are blinded by your > purpose. > > > > On Sun, Oct 8, 2017 at 9:45 AM, Matthias Leisi > wrote: >> > > Am 08.10.2017 um 00:55 schrieb Rupert Gallagher : > &

Re: Whitelisting DKIM-signed domains

> I assume that eventually this DNS query would respond with high trust: > > # dig alertsp.chase.com.dwl.dnswl.org I wondered why this query suddenly appeared from dozens and dozens of sources in the log :) That is a good example, in that it shows one point to discuss: subdomains. At least i

Re: Whitelisting DKIM-signed domains

On 10/08/2017 08:42 AM, Rupert Gallagher wrote: You are blinded by your purpose. On Sun, Oct 8, 2017 at 9:45 AM, Matthias Leisi <mailto:matth...@leisi.net>> wrote: > Am 08.10.2017 um 00:55 schrieb Rupert Gallagher : > > Whitelisting DKIM-signed domains is a bad idea for at

Re: Whitelisting DKIM-signed domains

You are blinded by your purpose. On Sun, Oct 8, 2017 at 9:45 AM, Matthias Leisi wrote: >> Am 08.10.2017 um 00:55 schrieb Rupert Gallagher : > > Whitelisting >> DKIM-signed domains is a bad idea for at least two reasons: mass-mailing >> services, and spammers who sen

Re: Whitelisting DKIM-signed domains

On 08.10.17 11:55, Matthias Leisi wrote: > If the DKIM signature does not validate, the rules do not fire. My bad, I had missed the sentence "Askdns rules awaiting for a tag which never receives its value never result in a DNS query" in http://search.cpan.org/dist/Mail-SpamAssassin/lib/Mail/SpamA

Re: Whitelisting DKIM-signed domains

> I have a primary and several secondary domains tied to a DNSWL ID. All Currently, all domains in a given DNSWL Id share the same trust score. This may change over time, but we want to get some experience first. As a starting point, the trust of the domains is derived from the trust in the IPs

Re: Whitelisting DKIM-signed domains

On 07.10.17 23:41, Matthias Leisi wrote: > More details are here https://www.dnswl.org/?p=311 Since the blog did not explain it, I'm asking here: I have a primary and several secondary domains tied to a DNSWL ID. All of these domains can be used to send emails to public mailing lists. Some maili

Re: Whitelisting DKIM-signed domains

> Am 08.10.2017 um 01:01 schrieb Benny Pedersen : > > so report spam to dnswl ? That’s always very welcome :) This was recently updated and included in the self service. If logged in on https://www.dnswl.org/selfservice/ you’ll see a section labelled „Spam Reporting“. Simple emails to admins

Re: Whitelisting DKIM-signed domains

> Am 08.10.2017 um 00:55 schrieb Rupert Gallagher : > > Whitelisting DKIM-signed domains is a bad idea for at least two reasons: > mass-mailing services, and spammers who send from real addresses of people > whose passwords were easy to guess. This is not whitelisting any and

Re: Whitelisting DKIM-signed domains

Rupert Gallagher skrev den 2017-10-08 00:55: Whitelisting DKIM-signed domains is a bad idea for at least two reasons: mass-mailing services, and spammers who send from real addresses of people whose passwords were easy to guess. so report spam to dnswl ?

Re: Whitelisting DKIM-signed domains

On 17-10-07 18:55:35, Rupert Gallagher wrote: > Whitelisting DKIM-signed domains is a bad idea for at least two > reasons: mass-mailing services, and spammers who send from real > addresses of people whose passwords were easy to guess. I second this. Cheers, Georg signature.asc De

Re: Whitelisting DKIM-signed domains

Whitelisting DKIM-signed domains is a bad idea for at least two reasons: mass-mailing services, and spammers who send from real addresses of people whose passwords were easy to guess. Sent from ProtonMail Mobile On Sat, Oct 7, 2017 at 11:41 PM, Matthias Leisi wrote: > Last week at the 4

Re: Whitelisting DKIM-signed domains

On Sat, 7 Oct 2017 15:12:42 -0700 (PDT) John Hardin wrote: > On Sat, 7 Oct 2017, Matthias Leisi wrote: > > > Note that this only works on DKIM-signed domains (DKIM_VALID). > > ...then shouldn't those negatively-scored rules be meta'd with && > DKIM_VALID? It's doing lookups on domains extract

Re: Whitelisting DKIM-signed domains

On Sat, 7 Oct 2017, Matthias Leisi wrote: Note that this only works on DKIM-signed domains (DKIM_VALID). ...then shouldn't those negatively-scored rules be meta'd with && DKIM_VALID? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #1

Whitelisting DKIM-signed domains

Last week at the 41st M3AAWG meeting in Toronto there was considerable interest in domain-based whitelisting information when I presented the dnswl.org project. Obviously, this needs to be authenticated, and that’s what we have DKIM for. We created an experimental list dwl.dnswl.org (subject t