Kris Deugau wrote:
> > > OK, I think I've thought of a sort of a counter-example: [...]
> > > I'm sending "from" myfriendsdomain.com's server, but I don't have an
> > > account there. I do, however, have an account [EMAIL PROTECTED]
> > > on my own server- to which I want all replies/bounces/etc to
Julian Mehnle wrote:
> Kris Deugau wrote:
> > OK, I think I've thought of a sort of a counter-example:
> > [...]
> > I'm sending "from" myfriendsdomain.com's server,
> > but I don't have an account there.
^
> > I do, however, have an account
> > [EMAIL PROTECTED
Kris Deugau wrote:
> Julian Mehnle wrote:
> > Andreas Metzler wrote:
> > > If I send an e-mail over mail.nusrf.at with envelope-from
> > > [EMAIL PROTECTED] I am _not_ forging anything or making
> > > "unauthorized use of domains"
> >
> > Yes, you are. The envelope-from address is not a reply-to
Julian Mehnle wrote:
> Andreas Metzler wrote:
> > Julian Mehnle <[EMAIL PROTECTED]> wrote:
> > > It's about forging an e-mail sender's identity. By preventing
> > > the unauthorized use of domains as the sender domain of e-mails,
> > > most of the practiced cases of identity forgery are prevented.
On Mon, Oct 13, 2003 at 05:54:41PM -0500, John Hasler wrote:
> > No, you understood it correctly. That's exactly the point.
>
> If I can configure my domain with a list of IPs from which mail claiming to
> originate from it must come without having a static IP and without the
> cooperation of th
On Tue, Oct 14, 2003 at 04:40:15PM -0500, Manoj Srivastava wrote:
> On Tue, 14 Oct 2003 10:21:23 -0500, John Hasler <[EMAIL PROTECTED]> said:
>
> > I understand all that, which is why I found statements such as those
> > in
> >> [EMAIL PROTECTED]> confusing. The fact is I can add SPF
> > records
Manoj writes:
> Consider this use case: I travel a lot, and stay in hotels with network
> connections. Unfortunately, these nigtly billed domains have very poor
> mail gateways; I've been burned before. I now connect directly and
> deliver mail from the MTA on my laptop.
> I do not know, a priori,
Manoj Srivastava said on Tue, Oct 14, 2003 at 04:40:15PM -0500:
> Consider this use case: I travel a lot, and stay in hotels
> with network connections. Unfortunately, these nigtly billed domains
> have very poor mail gateways; I've been burned before. I now connect
> directly and deliver
On Tue, 14 Oct 2003, Manoj Srivastava wrote:
> I do not know, a priori, what the IP address is likely to be,
> and getting DNS changed for datasync.com would take days, not hours,
> by which time I would no longer be at the IP.
You'd just need something akin to the ddns services... but in
On Tue, 14 Oct 2003 10:21:23 -0500, John Hasler <[EMAIL PROTECTED]> said:
> I understand all that, which is why I found statements such as those
> in
>> [EMAIL PROTECTED]> confusing. The fact is I can add SPF
> records for any IP numbers I want to domains I control. Thus if I
> want to be able
Joel Baker writes:
> Many places do hosting of DNS domains (only; no web or mail, etc) for
> absurdly cheap rates ($5/mo in some cases), and allow either DDNS or an
> automateable webpage to do updates with.
I'm aware of these. While interesting should they start supporting SPF
they are not reall
On Mon, Oct 13, 2003 at 06:51:01PM -0500, John Hasler wrote:
> Joel Baker writes:
> > I'm going to gloss over the utter mistake of your first statement
>
> I am on a dialup with a "dynamic" IP number: I am allowed to borrow a
> number from my ISP at need. There is no IP number over which I have a
Joel Baker writes:
> I'm going to gloss over the utter mistake of your first statement
I am on a dialup with a "dynamic" IP number: I am allowed to borrow a
number from my ISP at need. There is no IP number over which I have any
administrative control. Thus I have no IP in that I would be unable
Julian Mehnle writes:
> Consider your ISP's smarthost's IP address "your IP". It makes no
> difference.
It would if the proposed system was unusable by those of us without static
IPs, which was the impression I was getting. Evidently that impression was
incorrect: good.
> No, you understood it
On Mon, Oct 13, 2003 at 04:26:35PM -0500, John Hasler wrote:
> Joel Baker writes:
> > I'm sorry, but your individual desire to be able to send mail from
> > anywhere on the planet, claiming to be anyone on the planet...
>
> What makes you think I want to claim to be "anyone on the planet"?
> I hav
John Hasler wrote:
> Joel Baker writes:
> > If adding .1 to your SA score for lacking a repudiation protocol, and
> > 3 (or 5, or whatever) for claiming to be from a domain that denies
> > that it origionates mail to the rest of the world from your IP...
>
> I have no IP. Outgoing mail from home
Joel Baker writes:
> I'm sorry, but your individual desire to be able to send mail from
> anywhere on the planet, claiming to be anyone on the planet...
What makes you think I want to claim to be "anyone on the planet"?
I have a valid domain and I want replies and bounces to go to it.
> If adding
On Mon, Oct 13, 2003 at 08:06:33PM +0200, Julian Mehnle wrote:
> John Hasler wrote:
> > Julian Mehnle writes:
> > > No, but this again is one of these broken "e-mail vs. real world"
> > > analogies. You can't receive mail through such a letter box, but a
> > > sender address is inherently meant to
John Hasler wrote:
> Julian Mehnle writes:
> > No, but this again is one of these broken "e-mail vs. real world"
> > analogies. You can't receive mail through such a letter box, but a
> > sender address is inherently meant to be a valid address through which
> > you can be contacted (among other c
Julian Mehnle writes:
> No, but this again is one of these broken "e-mail vs. real world"
> analogies. You can't receive mail through such a letter box, but a
> sender address is inherently meant to be a valid address through which
> you can be contacted (among other criteria).
I can no more be c
John Hasler wrote:
> Julian Mehnle writes:
> > It does very well make sense to specify a "sender address" for an
> > e-mail, and that's exactly what the SMTP "MAIL FROM" command AKA
> > envelope-from (and the "Sender:" header) is meant to be. Even RFCs
> > (2)821 and (2)822 articulate it that way.
Julian Mehnle writes:
> Michael Poole wrote:
>> Mail is not sent from any particular address at all; it is sent by a
>> person or program. It is delivered to one or more addresses. The
>> From: address and SMTP and envelope sender addresses are for human
>> understanding and status reporting.
>
Julian Mehnle writes:
> It does very well make sense to specify a "sender address" for an e-mail,
> and that's exactly what the SMTP "MAIL FROM" command AKA envelope-from
> (and the "Sender:" header) is meant to be. Even RFCs (2)821 and (2)822
> articulate it that way. Nowhere do these RFCs state
Michael Poole wrote:
> Julian Mehnle writes:
> > Don't you agree on my understanding of a sender address (or source
> > mailbox) being the address (or source mailbox) the sender sends
> > from? If so, please state it explicitly, so I have something I can
> > argue against. :-)
>
> Mail is not sen
Julian Mehnle writes:
> Don't you agree on my understanding of a sender address (or source
> mailbox) being the address (or source mailbox) the sender sends
> from? If so, please state it explicitly, so I have something I can
> argue against. :-)
Mail is not sent from any particular address at a
Andreas Metzler wrote:
> On Mon, Oct 13, 2003 at 02:47:44PM +0200, Julian Mehnle wrote:
> > There you have it. It's the "source mailbox", and while it can be
> > used to report errors, it can *not only* be used to report errors.
> > I'm relieved that the RFC doesn't contradict my common sense
> >
On Mon, Oct 13, 2003 at 02:47:44PM +0200, Julian Mehnle wrote:
> Andreas Metzler wrote:
>> Julian Mehnle <[EMAIL PROTECTED]> wrote:
>>> Andreas Metzler wrote:
If I send an e-mail over mail.nusrf.at with envelope-from
[EMAIL PROTECTED] I am _not_ forging anything or making
"unauthoriz
Andreas Metzler wrote:
> Julian Mehnle <[EMAIL PROTECTED]> wrote:
> > Andreas Metzler wrote:
> > > If I send an e-mail over mail.nusrf.at with envelope-from
> > > [EMAIL PROTECTED] I am _not_ forging anything or making
> > > "unauthorized use of domains"
> >
> > Yes, you are. The envelope-from ad
On Mon, Oct 13, 2003 at 12:34:46AM +0200, Tollef Fog Heen wrote:
> * Riku Voipio
> I have mail-followup-set for a reason. In addition, it is normal
> policy on Debian lists not to Cc people unless explicitly requested.
Hmm. my mutt setup appears to be b0rken then. sorry about that.
need to loo
Julian Mehnle <[EMAIL PROTECTED]> wrote:
> Andreas Metzler wrote:
>> Julian Mehnle <[EMAIL PROTECTED]> wrote:
>> > It's about forging an e-mail sender's identity. By preventing the
>> > unauthorized use of domains as the sender domain of e-mails, most of
>> > the practiced cases of identity forger
On Sun, Oct 12, 2003 at 11:41:45PM +0200, Andreas Metzler wrote:
> Julian Mehnle <[EMAIL PROTECTED]> wrote:
> > Bernhard R. Link wrote:
> >> * Riku Voipio <[EMAIL PROTECTED]> [031012 20:25]:
> >> > Second hint: If you insist on your right to forge your email address,
> >> > anyone else can forge yo
Tollef Fog Heen wrote:
> * Riku Voipio
> > Second hint: If you insist on your right to forge your email address,
> > anyone else can forge your address as well. Is that a right you really
> > need?
>
> Uhm, how would you forge your own mail address? It's like forging
> your own signature, somethi
Andreas Metzler wrote:
> Julian Mehnle <[EMAIL PROTECTED]> wrote:
> > It's about forging an e-mail sender's identity. By preventing the
> > unauthorized use of domains as the sender domain of e-mails, most of
> > the practiced cases of identity forgery are prevented. [...]
>
> If I send an e-mail
* Riku Voipio
I have mail-followup-set for a reason. In addition, it is normal
policy on Debian lists not to Cc people unless explicitly requested.
| > I think it's a silly proposal, since it will hinder people like me who
| > are sending all their mail from a laptop to send their mail properly
Julian Mehnle <[EMAIL PROTECTED]> wrote:
> (Bernhard, please excuse the accidental CC!)
> Bernhard R. Link wrote:
>> * Riku Voipio <[EMAIL PROTECTED]> [031012 20:25]:
>> > Second hint: If you insist on your right to forge your email address,
>> > anyone else can forge your address as well. Is that
(Andreas, please excuse the accidental CC!)
Andreas Metzler wrote:
> Julian Mehnle <[EMAIL PROTECTED]> wrote:
> > Convince the owner of these domains that you are (that is, your
> > outgoing mail server is) allowed to send mail "from these domains".
>
> Think "these domains" = debian.org and "out
(Bernhard, please excuse the accidental CC!)
Bernhard R. Link wrote:
> * Riku Voipio <[EMAIL PROTECTED]> [031012 20:25]:
> > Second hint: If you insist on your right to forge your email address,
> > anyone else can forge your address as well. Is that a right you really
> > need?
>
> It's about to
* Riku Voipio <[EMAIL PROTECTED]> [031012 20:25]:
> Second hint: If you insist on your right to forge your email address,
> anyone else can forge your address as well. Is that a right you really
> need?
It's about to *use* an e-mail address, not about forging one...
> Third hint: You can still c
On Thu, Oct 09, 2003 at 10:03:45PM +0200, Tollef Fog Heen wrote:
> * Joel Baker
> | Last I checked, this was (unfortunately) not yet an RFC, but only a draft
> | proposal. It happens to be one I really like the idea of, but I am aware
> | of more or less 'nobody' implementing it, nor any significa
Miquel van Smoorenburg <[EMAIL PROTECTED]> wrote:
[...]
>> And it does not help in the first szenario at all
>> (unless you think it to be ok that user a receives the bounces for
>> user b).
Just for a reminder: Two people using different domains with a changing
smarthost on one computer.
> If yo
In article <[EMAIL PROTECTED]>,
Andreas Metzler <[EMAIL PROTECTED]> wrote:
>Miquel van Smoorenburg <[EMAIL PROTECTED]> wrote:
>> You know, there is a difference between Envelope-From (SMTP MAIL FROM:)
>> and whatever you put in the From: header. They don't have to be the same.
>[...]
>
>I do know
Miquel van Smoorenburg <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> Andreas Metzler <[EMAIL PROTECTED]> wrote:
>> SMTP AUTH is no magic solution, you'd have to start routing mail by
>> sender instead of recipient.
>> Take myself, sharing a computer at home with somebody else who
Julian Mehnle <[EMAIL PROTECTED]> wrote:
> Tollef Fog Heen wrote:
[...]
>> How would you set up so that my laptop (or yours or whoever's) can
>> send mail from about ten different domains if the server you are
>> sending to is using SPF and the domain you are sending from have it
>> implemented in
In article <[EMAIL PROTECTED]>,
Andreas Metzler <[EMAIL PROTECTED]> wrote:
>SMTP AUTH is no magic solution, you'd have to start routing mail by
>sender instead of recipient.
>
>Take myself, sharing a computer at home with somebody else who uses a
>completely different domain for her e-mail. Curren
Tollef Fog Heen wrote:
> * Gerfried Fuchs
> > The concept of SMTP AUTH is completely new to you, is it? Sorry,
> > these kind of objections are just as silly as you call the proposal
> > silly.
>
> Uhm, no, why should it be? Having gnus set up to use SMTP auth and
> using a different server base
* Gerfried Fuchs
(Discussion moved from -private, all text and references which refer
to stuff not ok to quote outside -private removed.)
| * Tollef Fog Heen <[EMAIL PROTECTED]> [2003-10-09 22:03]:
|
| > I think it's a silly proposal, since it will hinder people like me who
| > are sending all t
On Fri, Oct 10, 2003 at 12:21:33PM +0200, Gerfried Fuchs wrote:
> * Tollef Fog Heen <[EMAIL PROTECTED]> [2003-10-09 22:03]:
>> (please take this off -private, don't sure where, though. Please
>> quote me anywhere.)
> Same for me -- so this whole message is quoteable outside of -private.
Moved t
47 matches
Mail list logo
