home bbs files messages ]

Just a sample of the Echomail archive

<< oldest | < older | list | newer > | newest >> ]

 Message 530 
 Winserver.Support@Winserver.Com to All 
 Re: [WINServer] dmarc 
 31 Jan 19 22:19:50 
 
Newsgroups: wclistserve.win.server
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6)
          for WINServer@winserver.com; Fri, 23 Nov 2018 17:15:33 -0500
Received: from [192.168.1.68] ([99.121.5.8])
          by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP
          id 2008269276.45468.3760; Fri, 23 Nov 2018 17:15:32 -0500
Message-ID: <5BF87C0B.2040001@winserver.com>
Date: Fri, 23 Nov 2018 17:15:39 -0500
From: Hector Santos 
Organization: Santronics Software, Inc
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101
Thunderbird/24.8.1
MIME-Version: 1.0
To: WINServer@winserver.com
Subject: Re: [WINServer] dmarc
References: <000001d481ee$00e95c00$02bc1400$@org>
<5BF6A96F.3000005@winserver.com> <5BF81BF0.3020409@winserver.com>
<000001d48363$7f5c1890$7e1449b0$@org>
In-Reply-To: <000001d48363$7f5c1890$7e1449b0$@org>
Content-Type: multipart/mixed; boundary="------------000706080600050705010603"


On 11/23/2018 2:34 PM, Antonio Rico wrote:
> Hi,
>
> Will this open up the possibilities of mail bombs and mass email floods, if
the header conversion is not done securely?
>

How so?

Well, with the new features put in place for WCLS, wcLS operators will 
no longer have an issue related with their subscribers getting kicked 
off the list because their receiver rejected a "yahoo.com" message or 
any domain that has a DMARC p=reject or p=quarantine policy.  So WCLS 
will restrict these domains.  Ironically, I proposed this back in 2006 
with the DSAP proposal before DMARC existed because I saw what could 
happen:

    https://tools.ietf.org/html/draft-santos-dkim-dsap-00#section-3.3

    3.3.  Mailing List Servers

    Mailing List Servers (MLS) applications who are compliant with DKIM
    and DSAP operations, SHOULD adhere to the following guidelines:

    Subscription Controls

       MLS subscription processes should perform a DSAP check to
       determine if a subscribing email domain DSAP policy is restrictive
       in regards to mail integrity changes or 3rd party signatures.  The
       MLS SHOULD only allow original domain policies who allow 3rd party
       signatures.

    Message Content Integrity Change

       List Servers which will alter the message content SHOULD only do
       so for original domains with optional DKIM signing practices and
       it should remove the original signature if present.  If the List
       Server is not going to alter the message, it SHOULD NOT remove the
       signature, if present.

This was 2006! 12 years ago, but over the years as the industry was 
debated this who DKIM Author Domain Policy thing and the problems with 
the List Server,  I put into place some of it but not all of it in 
WCLS.  What I did was the restriction to subscribe, that you can see 
here now:

      http://www.winserver.com/public/wcls/default.wct?list=winserver

You will see a red box telling you about the restriction.  try it, use 
a yahoo.com or aol.com address, even fake, because wcLS html-Subscribe 
is not going to let you subscribe.

But what I didn't do was the 2nd part where there was already 
subscribers from domains like yahoo.com and yahoo decided to add a 
DMARC p=reject.  That decisions that turned the list industry around 
because now we had to do something.  If there was already members from 
yahoo.com and other restricted domains, that will caused problems as 
we saw.

Well, it caught us a few weeks ago but I took care it now by 
implementing my 2006 ideas. We are not done. :)

This has nothing to do with someone posting/importing old mail.  Maybe 
a better dupe checker would of prevented it.

-- 
Hector, Engineering & Technical Support
Santronics Software, Inc.
http://www.santronics.com (sales)
http://www.winserver.com (support)
http://www.winserver.com/AupInfo (Online AUP Help)
Office: 305-248-3204

begin:vcard 
fn:Hector Santos 
n:Santos;Hector 
email;internet:winserver.support@winserver.com 
tel;work:305-248-3204 
version:2.1 
end:vcard 
 
--- Platinum Xpress/Win/WINServer v3.1
 * Origin: Prison Board BBS Mesquite Tx  //telnet.RDFIG.NET www. (1:124/5013)
SEEN-BY: 1/123 15/0 90/1 105/7 10 11 44 81 85 500 106/201 120/340
SEEN-BY: 123/131 129/305 153/7715 218/700 226/30 227/114 229/110 111
SEEN-BY: 229/112 113 114 206 307 317 424 426 428 470 550 664 700 266/512
SEEN-BY: 282/1038 317/3 320/219 322/757 342/200 396/45 460/58 633/280
SEEN-BY: 712/848
PATH: 105/81 229/426

<< oldest | < older | list | newer > | newest >> ]

(c) 1994,  bbs@darkrealms.ca