Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On Sat, 15 Oct 2016 17:33:00 +0200 Petr Bena wrote: > What exactly were you trying to tell me? I'm trying to tell you that unless we throw out SMTP, there is *no way* to detect spoofed email. That's because SMTP allows for "legitimate" spoofing (AKA mailing lists) which makes it impossible to f

The real spoofing issue (was Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless)

Oh, and one more thing... Even if there were a magic bullet to absolutely detect forged From: addresses and forged envelope senders... it would not help with phishing attacks and spoofing. That's because every email reader I've ever used shows neither the From: address nor the envelope sender by

Re: The real spoofing issue

On Sunday 16 October 2016 at 17:30:19, Dianne Skoll wrote: > Oh, and one more thing... > > ... every email reader I've ever used shows neither the From: address nor > the envelope sender by default. They all default to showing the full name > on the From: line, which naturally is impossible to p

Re: The real spoofing issue (was Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless)

> From: "Dianne Skoll " In my servers, the above string is not RFC compliant, and therefore the whole mail is automatically rejected as SPAM.

Re: The real spoofing issue

On Monday 17 October 2016 at 00:08:20, Ruga wrote: > > From: "Dianne Skoll " > > In my servers, the above string is not RFC compliant, > and therefore the whole mail is automatically > rejected as SPAM. I think you misunderstood. The suggestion was not that email should be sent with this as th

Re: The real spoofing issue (was Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless)

On Sun, 16 Oct 2016 18:08:20 -0400 Ruga wrote: > In my servers, the above string is not RFC compliant, > and therefore the whole mail is automatically > rejected as SPAM. Your servers fail in RFC comprehension. The message header: From: "Dianne Skoll " is absolutely 100% RFC-compliant. I

Re: The real spoofing issue (was Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless)

On 16 Oct 2016, at 18:08, Ruga wrote: From: "Dianne Skoll " In my servers, the above string is not RFC compliant, Are you writing your own RFC's? That's cool: the IETF could do with some competition. Where are you publishing them and accepting comments? The IETF's RFC5322 includes this A

Re: The real spoofing issue (was Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless)

On 2016-10-17 02:18, Dianne Skoll wrote: From: "Dianne Skoll " is absolutely 100% RFC-compliant. lets break test it :) If you feel it is not, please cite the RFC that's violated, including the specific section being violated. one could argue if From:Name and From:Addr have differing doma

Re: The real spoofing issue (was Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless)

>one could argue if From:Name and From:Addr have differing domains its >forged ? One could argue that, but one could not argue that my sample From: header is not RFC-compliant. Last I checked, Yahoo Groups rewrote the From: header in exactly that manner. Furthermore, the Quoted-String part of