| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12
Comments:
<0> fredk: anyway, this is all about someone mailing from another server?
<0> fredk: I wouldn't make a fuss. Its just too easy to set a 'from' adress to whatever you like best.
<1> Yeah, well, I block email claiming to be from a domain which is not in that senders allowed list
<1> that domain
<0> hmm. A little harsh IMO.
<1> is it?
<1> I mean, if you own lion-o.com
<0> fredk: well, dunno the full context but I only accept mail for the domains I host and only block mimickers.
<1> thats noe the problem
<1> this guy is mailing a client of mine
<1> using an @online.no email address
<1> problem is that the ISP online.no doesnt allow him to send email from that domain using other mailservers
<0> fredk: IMO you can't be too carefull with blocking email. Its too close to censorship. "somoen is mailing your client". For all you know its your client mailing to himself.
<0> fredk: rofl. As if online.no can actually enforce that.
<1> Lion-O, sure they can, that is what you have SPF for
<0> that is IMVHO one of the most funniest thing I've heard in a long time..
<2> Lion-O: other servers that use SPF will let online.no enforce that, though..
<1> SPF is designed to designate which servers can email on your behalf
<0> you can't enforce that, thats nonsense. Anyone can set a from addy.
<0> Cynic: and how many servers enforce spf? ;)
<1> Lion-O, I use it on all mine
<3> Lion-O: quite many on some level, spam******in uses it
<2> Lion-O: yeah well, exacly... until it's widely used people don't think about it much
<1> Microsoft uses it
<2> I think the problem is online.no being too restrictive with their SPF policy maybe?
<3> I only tag it as spam, don't delte though
<0> IMO this is a little over the top. I think its not very interesting to force people to use certain mailservers.
<1> Lion-O, it's a great way to reduce spam
<0> especially if people use multiple isp's and the likes.
<3> Lion-O: they can use any mailserver they want, as long as it matches the domain
<0> fredk: no its not. spam will just continue to flow, you're just stopping/blocking it at the mta. It does not reduce zip.
<1> Lion-O, you're reducing the amounts you accept
<1> hotmail gives out spf records
<0> K_F: so they cannot use any mailserver they want. I think this ****s.. I pop into an internet domain, send an email from *my* domain through them and it'll be blocked because it didn't went through a certain mta? bollocks.
<1> now, if you enable spf checking you can effectively ensure that everyone who mails from a hotmail address actually belongs to hotmail and is not a random spam drone script
<3> fredk: hotmail only uses softfail
<3> fredk: so you shouldn't block that, only flag it
<1> K_F, yeah, I dont block softfail
<3> Lion-O: not how SPF works
<3> Lion-O: dig TXT online.no
<3> online.no. 2525 IN TXT "v=spf1 a mx -ptr:bb.online.no -ptr:dialup.online.no ptr:online.no ip4:193.213.115.0/26 ptr:nsc.no a:nsc.no mx:nsc.no -all"
<0> K_F: that is just the scenario fredk pictured.
<3> Lion-O: no, "my domain"
<1> it helps increase authenticity of an email, which I dont see as a bad thing
<3> Lion-O: this is about user@online.no
<4> hah
<0> K_F: and what do you think happens when I send an email from an internet cafe with a from header "lion-o@mydomain.com" ?
<1> ok, it's not exactly a PGP signature :)
<3> Lion-O: and in the SPF record they specify that @online.no can only come from a certain set of servers
<0> K_F: bingo
<0> just the scenario I described.
<1> Lion-O, thats the thing, you *shouldn't* be doing that.
<3> Lion-O: not the server online.no, the FROM:
<0> fredk: why not? its MY domain for crying out loud?
<1> Lion-O, then you should specify in YOUR domain which servers YOU want to send mail from
<3> Lion-O: @mydomain.com would require its own SPF to be blocked
<0> fredk: sometimes I can't.
<1> Lion-O, then considering its your domain you either dont p ublish a spf record or you publish one that is pretty generic
<0> fredk: IMVHO this is plain out raping the whole mail structure. The SMTP specs allow me to do this; use both reply-to but /also/ to set a from adress.
<1> and lets face it, at an internet cafe you would generally be using webmail anyway
<1> Lion-O, incase you havent noticed , SMTP/email is *broken*
<3> Lion-O: http://www.openspf.org/ , I still think you misunderstand the concept..
<1> :)
<3> fredk: not really, users are
<1> K_F, well yes =)
<0> fredk: IMO this is going completly over the top. We're very close to censorship and limiting the users "to fight spam".
<3> fredk: if they didn't purchase things from spam, or could secure their computers it wouldn't be a problem
<3> easy solution, kill the users
<1> K_F, it's being used to what its not designed for
<3> except the hot chicks, I can take care of those
<1> Lion-O, censorship is just over the top. You *own* the domain, you should be allowed to specify which servers it should email from
<3> Lion-O: online.no specifies -all which means that the owner of online.no WANTS the mail to be blocked if not originating from specified servers
<3> anyone using a FROM: @online.no reports to their ToS
<0> aah, indeed. I ***umed one small detail.
<3> if it had been ~all it would be a softfail, so only tagged
<0> fredk: yeah, I see. Which is also why this system is bound to fail.
<1> Lion-O, alot of hosts are using it these days
<2> methinks the original SMTP RFCs didn't forsee bulk advertising. ;)
<0> it won't cut zip.. I mean; people abuse other peoples domains. But if those other people don't give a damn and don't implement spf you're still no where.
<0> and I for one would oppose the use of spf since its limiting my users.
<1> Lion-O, reducing by a given percentage is better than not at all
<0> fredk: fighting a sympton is always worse than fighting the problem.
<1> Lion-O, it *can* be limiting, depending on how you configure it really
<3> fredk: you can always try to ask telenor... they might want to consider ~all
<0> fredk: we're all too busy installing spamfilters (which are quite good) but also to limit users to insane levels. But no one is actually fighting the cause and/or the source of these problems so it seems. Sure; ISP's block email, but they won't (for example) check their clients (dsl network) to see if spam originates from them. Many don't give a damn.
<1> I am working on implementing spam check also on my outgoing network
<0> IMO all this anti-spam scheming is going into the wrong directions. Its only limiting my options as user. Either I'm enfored to accept a spamfilter at $ISP (which isn't foolproof) or....
<3> Lion-O: 21:11 < K_F> fredk: if they didn't purchase things from spam, or could secure their computers it wouldn't be a problem
<3> 21:11 < K_F> easy solution, kill the users
<1> K_F, I really agree
<3> 21:11 < K_F> except the hot chicks, I can take care of those
<3> that is the root of the problem
<0> K_F: Naah
<3> yes
<0> K_F: the root of the problem is the cause, not the effect
<1> Given a choice every person chooses the path of the least resistance
<3> Lion-O: the cause is that someone acts on it
<0> you can't blame a computer illitirate for this.
<1> It doesnt mean it's the *right* thing to choose
<3> Lion-O: the demand leads to someone offering it
<0> thats just arrogant bull****, idiots looking for a scapegoat IMVVHO
<3> and I blame idiots for this
<3> someone should re-implement darwinism
<0> the cause here is allowing people to **** up in setting up mailservers which turn into open relays. Then when you complain at their ISP they don't do a **** about it
<3> the problem isn't open relays
<3> by far worms that has taken over
<0> rofl
<0> K_F: amazing that so many of the spam I get seems to iriginate just from that.
<1> I totally agree that dialup users should implement firewalling on port 25
<1> dialup companies
<1> many do
<5> Lion-O: The botnet spam floods are far more noticable.
<3> fredk: UPC/Get does
<0> Shadur: getting to that :)
<3> Lion-O: http://www.f-secure.com/weblog/archives/sss.gif
<6> K_F: doube release today. traffic will be interesting :P
<3> Shadur: botnets originates from worms
<0> K_F: you realize that I also don't trust companies selling anti-virus stuff?
<1> Shadur, arent the botnets mostly run off of dialup ips?
<3> Lion-O: well, that is a screenshot form a russian company's application
<3> Lion-O: most probably the author of Sobig
<3> there are some similarities in the code at least
<0> Next we have data centres which rent storage space to idiots who think they have the potential to setup a server and then don't do **** when that box starts acting up.
<3> as long as there are people purchasing / acting upon the spam they get, there will be spam
<3> very easy psychology / business
<5> Lion-O: Again, the root cause is apathy as much as it is security issues.
<0> Spam is one thing, but its a lot of companies who at one side allow this to happen and on another limit their users over it whilst they should be looking the other way IMHO. But they won't, its easier limiting your users. Why? Simple.. Because 1) The money comes from the companies and bigger customers. 2) Its easier to limit your users since many won't see censorship and stuff like that but see only spam reducing and don't think about the possibl
<3> Lion-O: nobody is more against cencorship than me but I am also a firm believer of property rights
<1> I hate this monitor :\
<3> and if the OWNER of a domain specifies that only certain mailservers are to be used, then that be it
<3> if online.no used ~all it would softfail, they used -all which is a hard fail
<0> K_F: Well, I know I'm portraying extreme examples. but IMO you can't be too carefull since **** like this always starts small and grows slowly but steadily right to a point where its too late.
<3> the difference between tagging it as spam vs deleting it
<0> fredk: it looks good from where I'm sitting ;) oh wait; different monitor 8)
<1> hehe
<3> Lion-O: of course, I'd rather see an approach based on OpenPGP :)
<6> hehehe
<0> aaargghh
<0> K_F: but.. but... I don't have your pubkey anywhere, now I can't mail you? damnit; its my RIGHT to send you spam^D^D^D^Dvalued email :)
<1> K_F, given a pgp signature at birth =)
<0> oops..
<3> Lion-O: hehe
<3> Lion-O: only the key wouldn't be enough, would require a trust path
<1> K_F, norid uses pgp for domain registration these days
<3> fredk: has for some time
<1> Yea
<1> which is a good thing
<3> indeed
<3> fredk: they wouldn't give me the zone-file though
<1> before that *anyone* could send an email claiming to be a registrar
<3> so I'm sort of mad at them for that
Return to
#linux
or
Go to some related
logs:
#MissKitten
#AllNiteCafe
ifahar
#linux
linux codec dump
#linux
#linux
avacodes
#linux
clientWidth differs
|
|
