Forgot your password?

Comment: Re:Am I understanding this correctly? (Score 1) 83

by UnderCoverPenguin (#46710711) Attached to: Yahoo DMARC Implementation Breaks Most Mailing Lists


Are digest messages considered forgery?

Nor am I suggesting a back door for spammers. I do think it is likely that list servers will not be trusted to do proper Sender Authentication. Both the list message and the original message would have to pass sender authentication.

If the list server acted exactly as a proper MTA would, then the message would only be subject to a single level of sender authentication. My idea would subject the forwarded message to double authentication: Once for the original sender and the second for the list server.

Comment: Re:SPF.. (Score 1) 83

by UnderCoverPenguin (#46710371) Attached to: Yahoo DMARC Implementation Breaks Most Mailing Lists

such action would be a direct violation of the section of the RFC I quoted. The "robot" is not the author; its mailbox does not appear in the header field intended for the mailbox of the author. The "robot" is also not the agent that introduced the message for transmission, it is retransmitting a message already in the system.

If I had a secretary and I instructed him to forward messages related to certain topics to designated recipients, he would be the author of the new messages that contain the original messages. The section I quoted allows this. How is this different from having a list server perform the same task?

A multi-post digest is reasonably consided a new message. One that is "authored" by the list server. With the list owner as the responsible agent. As best I can decern, the people at IETF do not think this is a violation. So, why not a digest with just one post?

I think you and I are viewing this from two different perspectives. You seem to view the list server as part of the mail transport and delivery infrastructure. I view the list server as an "electronic secretary" interacting with, but outside of the mail infrastructure.

Granted, proper use of Resent-From and Resent-Sender would be the best solution. How likely do you think it would be for all the Sender Authentication systems to be updated to use these fields? I think very unlikely. So, that leaves it to the list server admins (and, possibly, developers) to implement a work around.

Comment: Re:Am I understanding this correctly? (Score 1) 83

by UnderCoverPenguin (#46709325) Attached to: Yahoo DMARC Implementation Breaks Most Mailing Lists

Forwarded email breaks all these kinds of "sender authentication" systems, and that's unlikely to change in the near future. Mailing lists are one type of forwarded email, but not the only type.

Properly used, the Resent-From and Resent-Sender fields could help with this. Of course, this would require the Sender Authentication systems to properly handle these fields.

Another option occurred to me since I made my previous post. The original message could be made an attachment to the message sent by the list server. This way, both the list message and the original message would be available for DMARC/SPF/whatever sender authentication.

Comment: Re:SPF.. (Score 2) 83

by UnderCoverPenguin (#46709241) Attached to: Yahoo DMARC Implementation Breaks Most Mailing Lists

RFC5322 also says this:

Note: Reintroducing a message into the transport system and using
            resent fields is a different operation from "forwarding".
            "Forwarding" has two meanings: One sense of forwarding is that a
            mail reading program can be told by a user to forward a copy of a
            message to another person, making the forwarded message the body
            of the new message. A forwarded message in this sense does not
            appear to have come from the original sender, but is an entirely
            new message from the forwarder of the message. Forwarding may
            also mean that a mail transport program gets a message and
            forwards it on to a different destination for final delivery.

So, one could make the case that a list server is a robot reading and forwarding messages, therefor it is technically not wrong for the list server to put its own address in the From field and a contact address for the list owner in the Sender field. Note that list servers that batch posts in to messages containing several posts already do this.

(Replies to the author and/or list could be directed by the Reply-To and Cc fields. Suggest author in Reply-To and list in Cc.)

Of course, best solution would be for DMARC and SPF (and the list servers) to be configured to properly use the Resent-From and Resent-Sender fields. Unfortunately, I think that DMARC and SPF will be left as they are, thus forcing the list servers to bare burden of a work around.

Comment: Re:Too long, didn't read. (Score 1) 162

by UnderCoverPenguin (#46688823) Attached to: Judge (Tech) Advice By Results

I think often it is a desire to help by someone who misjudges the ability, desire to learn, and time someone is prepared

And perception.

Example: A friend of mine was still using MS Office 2003 because he hated MS Office 2007. Then, one day, he received an Office 2007 document that Office 2003 could not handle. I asked him to give me a copy of the file, then opened it in Open Office. He happily did what he needed to do, saved his changes, copied the file back to his PC and emailed it to whomever needed it. Then he asked me what version of Office I was running. When I showed him, he said "That's not acceptable. No one will be able to use the document I just sent." Even after everyone he sent the updated document to had no problem, he still didn't believe Open Office an acceptable alternative. He still hates the "new" MS Office, but is using it because "there is no alternative."

Comment: Re:Address exhaustion (Score 1) 223

by UnderCoverPenguin (#46688539) Attached to: Why There Are So Few ISP Start-Ups In the U.S.

As long as you don't hide it from your customers I don't see a problem with providing IPv6 addresses to your customers and perform NAT for accessing IPv4 hosts.

For that matter, could NAT IPv4 to IPv4. Many businesses, including huge multi nationals, do this for their internal networks. In some cases they even NAT between major segments of their networks, so are not limited to just 16 million addresses (Not claiming any of them have that many, but a merger between 2 large companies can result in address collisions. One of my former clients, a multi national, merged with another multi national. Within a few hours of the closing, the respective IT departments had the 2 networks linked together. Client PCs were able to access shared (non-Microsoft based) services through NAT. The few cases where peer-to-peer connectivity was required were also handled very quickly. All without modifying the existing DHCP configurations, and only a very few changes to the internal DNS.

Comment: Re:Customers may benefit... maybe (Score 1) 455

Plus Walmart beating up Visa on price is almost certainly going to benefit consumers in the long run and Walmart is big enough to actually succeed. The cost of credit card swipe fees gets rolled into the prices we pay for products so if they get lowered at least some of that money will flow through to us as end customers. Not all of course but definitely some.

More likely that Visa (and others) will make up the difference by raising rates on smaller retailers. They will be forced to raise their prices, which will make WalMart's prices look better.

Comment: There are still similar names and copies of lists (Score 4, Interesting) 286

by UnderCoverPenguin (#46604227) Attached to: One Person Successfully Removed From US No-Fly List

Besides the possibility of a match to a similar name, even if only "official" copies of the the no-fly list are consulted, I would not be surprised if copies of her entry linger in the various copies of that list.

(A friend of mine who has a name similar to someone on a sex offenders' list was mistakenly added as a variant spelling of the original listing. Even after getting a court order to remove his listing, it had propagated to other copies and was eventually merged back in to the original as updates were passed around the various government agencies. He then got an order to amend his listing to state it was invalid, but (A) that merely added a new entry, with no guarantee which entry would show first, and (B), most checkers don't look beyond seeing of there is a match.)

Comment: How hard to support multiple VR headsets? (Score 2) 300

Oculus isn't the only VR headset. They may be the current best (I don't actually know). At least conceptually, the inputs and outputs are reasonably understood. So what makes it hard for an application that supports the Oculus headset to support others?

Ma Bell is a mean mother!