Hacker Poesy
  • FAQ
  • Login
  • Public

    • Public
    • Groups
    • Recent tags
    • Popular
    • Directory

Conversation:

Notices

  1. kat (boneidol)'s status on Friday, 30-Jan-2015 18:09:53 EST kat kat
    Remote profile options...
    • Joshua Judson Rosen
    • Temporary Marjolein
    @mk @rozzin you miss the point. A spam domain can have a strong SPF record. But if bank.com published a strong SPF record, it would be easy to identify email from bank.com
    Friday, 30-Jan-2015 18:09:53 EST from indy.im at 32°58'59"N 49°7'59"E permalink
    • Joshua Judson Rosen repeated this.
    • Temporary Marjolein (mk)'s status on Saturday, 31-Jan-2015 13:21:37 EST Temporary Marjolein Temporary Marjolein
      Remote profile options...
      • kat
      @boneidol no, sorry, but you miss my point. SPF only validates the *sender* address (that's what's on the *envelope*) by looking if the sending mail server is authorized to send mail for the domain the sender address belongs to. This check is done before the mail content is processed. A spammer could easily set up a domain and a sending server authorized to send mail from…
      Saturday, 31-Jan-2015 13:21:37 EST permalink

      Attachments

      1. mk-20150131-ostatus-rmjr.html
    • Joshua Judson Rosen (rozzin)'s status on Monday, 02-Feb-2015 22:58:16 EST Joshua Judson Rosen Joshua Judson Rosen
      • kat
      @boneidol, I'd rather bank on #DKIM. Or #PGP. Or S/MIME.
      Monday, 02-Feb-2015 22:58:16 EST permalink
    • Joshua Judson Rosen (rozzin)'s status on Monday, 02-Feb-2015 23:04:12 EST Joshua Judson Rosen Joshua Judson Rosen
      • kat
      • Cryptography
      @boneidol, we need to get past the idea that !crypto's too complicated & too slow for everyday use. It works better than the alternatives.
      Monday, 02-Feb-2015 23:04:12 EST permalink
      kat likes this.
    • Temporary Marjolein (mk)'s status on Tuesday, 03-Feb-2015 02:34:11 EST Temporary Marjolein Temporary Marjolein
      Remote profile options...
      • Joshua Judson Rosen
      • kat
      @boneidol @rozzin it seems you miss my point, too - see http://oracle.skilledtests.com/notice/886285
      Tuesday, 03-Feb-2015 02:34:11 EST permalink
    • kat (boneidol)'s status on Tuesday, 03-Feb-2015 02:53:28 EST kat kat
      Remote profile options...
      • Joshua Judson Rosen
      I should set DKIM up on some domains.
      Tuesday, 03-Feb-2015 02:53:28 EST permalink
    • Joshua Judson Rosen (rozzin)'s status on Tuesday, 03-Feb-2015 17:17:59 EST Joshua Judson Rosen Joshua Judson Rosen
      • Temporary Marjolein
      @mk, I'm pretty sure you and I are in agreement about SPF vs. DKIM/PGP/SMIME: all of that latter group operate on the message, not the envelope, and verify the origin in a user-compatible way regardless of the delivery path.
      Tuesday, 03-Feb-2015 17:17:59 EST permalink
      Temporary Marjolein likes this.
    • Joshua Judson Rosen (rozzin)'s status on Tuesday, 03-Feb-2015 17:47:36 EST Joshua Judson Rosen Joshua Judson Rosen
      • Temporary Marjolein
      @mk, you're actually being too nice to #SPF: it doesn't even verify the envelope sender beyond the last hop in the delivery path. It (sort of, sometimes...) `facilitates' traceability... but depends on `everyone else' doing work: the people who want to benefit from SPF need SRS all allong both their inbound and outbound delivery paths, and the people who'd need to implement SRS aren't the ones who benefit from SPF.
      Tuesday, 03-Feb-2015 17:47:36 EST permalink
      Temporary Marjolein likes this.
    • Temporary Marjolein (mk)'s status on Tuesday, 03-Feb-2015 19:37:18 EST Temporary Marjolein Temporary Marjolein
      Remote profile options...
      • Joshua Judson Rosen
      @rozzin that sounds like the evolution of spam origin analysis: first, all Received: headers were checked; but then it was seen that those could actually be spoofed, too - *except* for the origin machine of the last hop. Looks like SPF picked up on that 'wisdom' and doesn't bother itself with what could be fake anyway. But thanks, I hadn't realized that about SPF (though …
      Tuesday, 03-Feb-2015 19:37:18 EST permalink

      Attachments

      1. mk-20150204-ostatus-cter.html
      Joshua Judson Rosen repeated this.
    • Joshua Judson Rosen (rozzin)'s status on Tuesday, 03-Feb-2015 21:36:00 EST Joshua Judson Rosen Joshua Judson Rosen
      • Temporary Marjolein
      @mk, I think the idea is, if #SPF ever achieved #saturation (100% deployment), the list of "Received" headers would become trustworthy
      Tuesday, 03-Feb-2015 21:36:00 EST permalink
    • MJ Ray (mjray)'s status on Thursday, 05-Feb-2015 05:30:53 EST MJ Ray MJ Ray
      Remote profile options...
      • kat
      @boneidol and if you outsource email, it's possible other clients of the same provider can pass your SPF too
      Thursday, 05-Feb-2015 05:30:53 EST permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • Privacy
  • Source
  • Version
  • Contact

Hacker Poesy is a GNU social hub. It runs version 1.1.3-beta3, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Hacker Poesy content and data are available under the Creative Commons Attribution 3.0 license.

Switch to mobile site layout.