77 messages in net.sourceforge.lists.courier-users[courier-users] Re: freemail list and...| From | Sent On | Attachments |
|---|---|---|
| Mitch (WebCob) | Jan 5, 2004 11:31 am | |
| Jeff Potter | Jan 5, 2004 12:58 pm | |
| Mitch (WebCob) | Jan 5, 2004 1:26 pm | |
| Gerardo Gregory | Jan 5, 2004 1:34 pm | |
| Sam Varshavchik | Jan 5, 2004 1:56 pm | |
| Andrew Newton | Jan 5, 2004 3:02 pm | |
| Sam Varshavchik | Jan 5, 2004 3:23 pm | |
| Mitch (WebCob) | Jan 5, 2004 3:38 pm | |
| Andrew Newton | Jan 5, 2004 5:49 pm | |
| Sam Varshavchik | Jan 5, 2004 5:57 pm | |
| Andrew Newton | Jan 5, 2004 7:06 pm | |
| Mitch (WebCob) | Jan 5, 2004 8:19 pm | |
| Gordon Messmer | Jan 5, 2004 11:58 pm | |
| Sam Varshavchik | Jan 6, 2004 4:10 am | |
| Sam Varshavchik | Jan 6, 2004 4:11 am | |
| Sam Varshavchik | Jan 6, 2004 4:12 am | |
| Gordon Messmer | Jan 6, 2004 10:20 am | |
| Mitch (WebCob) | Jan 6, 2004 10:50 am | |
| Malcolm Weir | Jan 6, 2004 2:10 pm | |
| Julian Mehnle | Jan 6, 2004 3:07 pm | |
| Phillip Hutchings | Jan 6, 2004 3:28 pm | |
| Sam Varshavchik | Jan 6, 2004 3:44 pm | |
| Sam Varshavchik | Jan 6, 2004 3:46 pm | |
| Mitch (WebCob) | Jan 6, 2004 3:56 pm | |
| Julian Mehnle | Jan 6, 2004 4:17 pm | |
| Sam Varshavchik | Jan 6, 2004 4:31 pm | |
| Julian Mehnle | Jan 6, 2004 4:45 pm | |
| Roger B.A. Klorese | Jan 6, 2004 5:17 pm | |
| Roger B.A. Klorese | Jan 6, 2004 5:20 pm | |
| Julian Mehnle | Jan 6, 2004 5:33 pm | |
| Roger B.A. Klorese | Jan 6, 2004 5:51 pm | |
| Julian Mehnle | Jan 6, 2004 6:12 pm | |
| Malcolm Weir | Jan 6, 2004 6:17 pm | |
| Roger B.A. Klorese | Jan 6, 2004 6:22 pm | |
| Sam Varshavchik | Jan 6, 2004 6:34 pm | |
| Sam Varshavchik | Jan 6, 2004 6:47 pm | |
| Julian Mehnle | Jan 6, 2004 7:10 pm | |
| Julian Mehnle | Jan 6, 2004 7:42 pm | |
| Julian Mehnle | Jan 6, 2004 7:53 pm | |
| Roger B.A. Klorese | Jan 6, 2004 7:54 pm | |
| Roger B.A. Klorese | Jan 6, 2004 7:56 pm | |
| Roger B.A. Klorese | Jan 6, 2004 8:13 pm | |
| Sam Varshavchik | Jan 6, 2004 8:16 pm | |
| Sam Varshavchik | Jan 6, 2004 8:19 pm | |
| Sam Varshavchik | Jan 6, 2004 8:22 pm | |
| Roger B.A. Klorese | Jan 6, 2004 8:22 pm | |
| Roger B.A. Klorese | Jan 6, 2004 8:29 pm | |
| Mitch (WebCob) | Jan 6, 2004 11:19 pm | |
| Roland | Jan 7, 2004 3:56 am | |
| Sam Varshavchik | Jan 7, 2004 4:14 am | |
| Julian Mehnle | Jan 7, 2004 10:47 am | |
| Julian Mehnle | Jan 7, 2004 10:59 am | |
| Roger B.A. Klorese | Jan 7, 2004 11:37 am | |
| Malcolm Weir | Jan 7, 2004 12:18 pm | |
| Julian Mehnle | Jan 7, 2004 1:09 pm | |
| Julian Mehnle | Jan 7, 2004 1:40 pm | |
| Gordon Messmer | Jan 7, 2004 3:08 pm | |
| Malcolm Weir | Jan 7, 2004 3:14 pm | |
| Sam Varshavchik | Jan 7, 2004 3:32 pm | |
| Mitch (WebCob) | Jan 7, 2004 3:46 pm | |
| Sam Varshavchik | Jan 7, 2004 3:50 pm | |
| Julian Mehnle | Jan 7, 2004 3:52 pm | |
| Bill Michell | Jan 7, 2004 3:54 pm | |
| Mitch (WebCob) | Jan 7, 2004 3:56 pm | |
| Julian Mehnle | Jan 7, 2004 4:03 pm | |
| Julian Mehnle | Jan 7, 2004 4:06 pm | |
| Roger B.A. Klorese | Jan 7, 2004 4:12 pm | |
| Phillip Hutchings | Jan 7, 2004 4:16 pm | |
| Mitch (WebCob) | Jan 7, 2004 4:27 pm | |
| Julian Mehnle | Jan 7, 2004 4:29 pm | |
| Mitch (WebCob) | Jan 7, 2004 4:32 pm | |
| Julian Mehnle | Jan 7, 2004 4:33 pm | |
| Gordon Messmer | Jan 7, 2004 4:58 pm | |
| Malcolm Weir | Jan 7, 2004 5:07 pm | |
| Julian Mehnle | Jan 7, 2004 5:27 pm | |
| Phillip Hutchings | Jan 7, 2004 6:33 pm | |
| Gordon Messmer | Jan 7, 2004 7:00 pm |
| Subject: | [courier-users] Re: freemail list and questions about yahoo... | |
|---|---|---|
| From: | Sam Varshavchik (mrs...@courier-mta.com) | |
| Date: | Jan 6, 2004 3:44:40 pm | |
| List: | net.sourceforge.lists.courier-users | |
Malcolm Weir writes:
The issues that seem to me as still need clarification/definition are these: if my return address is not in the same domain as the "injecting" server,
then you sign the message with YOUR key, and put THAT in DNS.
I don't really know what Yahoo's going to do, but based on what I've read, in several place, I reached a similar impression as to what they're doing.
The recipient could then do the following:
* If the public key of the sender's domain validates the message, the message is authentic and should be delivered. * If that key *doesn't* work, but that of a listed "injecting" host does, then you have a relay or third-party sender -- but you definitively *know* that, and can make decisions before attempting delivery (e.g. check the injecting host to see if it's listed in a blacklist).
I didn't get the impression that Yahoo's stuff has anything to do with the injection host. Remember, that legitimate Yahoo mail can only come out of Yahoo itself, so they can take care of signing entirely on their end.
As you indicated, this scheme will prevent someone from using their Yahoo E-mail address to send mail themselves, from their ISP. That's unfortunate, but I also agree that Yahoo wouldn't give a fsck about it. They specifically _want_ their lusers to send mail through their webmail interface, instead of their own mail programs.
And I'm optimistic that they'll explicitly specify that the domain check has to be carried out against the From: header, and not the envelope sender address (although that one can still be optionally checked). Remember that Yahoo's goal is to get rid off all the clueless wonders from complaining to Yahoo about spam “From: brit...@yahoo.com”. I'll be disappointed if they're naive enough to believe that checking the envelope sender address is sufficient; otherwise all that's needed to nullify any value added from this enterprise is to simply use a different envelope sender address, but keep the From: header intact.
Yes, that means that the message's body will have to be received, before the message can be authenticated. That's better than nothing.