Re: [Asrg] VPNs
2009-07-06 06:35:24
Bill Cole wrote:
For example, assume someone trusts Gmail's egress filtering
I'll play along. It is certainly possible that for some recipients, the
stream of mail from Google's sewer is cleaner than what I see...
Upthread, you also wrote that they "have shunned the entire notion of
accountability". What do you see?
Of course, one cannot compare one of those freemail providers with a
private mail domain, operated by skilled staff, where new accounts are
added wittingly, used by an elite of cautious people who rarely catch
viruses, if ever. In the latter case, you don't have to resort to
statistics to measure the quality of messages.
The big four, much like connection providers' default mailers, have to
operate some kind of surveillance on what their users send. I wonder
if they have specific conventions or settings to relay mail from one
to another, since that probably accounts for a large chunk of their
traffic.
skip content filtering for mail coming from there. What work is required
to accomplish (and maintain) that task, on typical MTA software?
This is a situation where SPF is a useful tool. If I want to make sure
that SpamAssassin never deems mail from a *(_at_)gmail(_dot_)com address to be spam
as long as it gets an affirmative SPF match (i.e. is coming from what
Google says are its normal gmail.com outbounds) I would just add this to
my local SpamAssassin config:
whitelist_from_spf *(_at_)gmail(_dot_)com
That kinds of setting cleverly enable whitelisting by domain. However,
compared to the VPN paradigm, that setting is unilateral. At Gmail,
they don't now they're whitelisted.
For complex senders who have complex and dynamic outbound
environments, refuse to publish SPF records, but do use DKIM (e.g.
Yahoo) there is probably some way to use DKIM as the authentication that
a message is coming from a system that you trust. I can't say how easy
or hard that would be, since I've never seen enough marginal value in
DKIM to bother with it.
Browsing docs[1], it seems that
whitelist_from_dkim *(_at_)yahoo(_dot_)com
should work similarly. Domain Keys (whitelist_from_dk) is the 3rd one
of the three types of whitelist from authentication (whitelist_auth)
that SA does. So, if a sender knows that you filter with SA, they may
try all of them in turn, blindly.
[1
http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Plugin_DKIM.html]
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Asrg] VPNs, Bill Cole
- Re: [Asrg] VPNs, Bill Cole
- Re: [Asrg] VPNs, Bill Cole
- Re: [Asrg] VPNs,
Alessandro Vesely <=
- Re: [Asrg] VPNs, Bill Cole
- Re: [Asrg] VPNs, der Mouse
- [Asrg] A Vouch By Feedback proposal (was: VPNs), Alessandro Vesely
- Re: [Asrg] A Vouch By Feedback proposal, J.D. Falk
- Re: [Asrg] A Vouch By Feedback proposal, Alessandro Vesely
- Re: [Asrg] A Vouch By Feedback proposal, Claudio Telmon
- Re: [Asrg] A Vouch By Feedback proposal, der Mouse
- Re: [Asrg] A Vouch By Feedback proposal, Ian Eiloart
- Re: [Asrg] A Vouch By Feedback proposal, Rich Kulawiec
- Re: [Asrg] A Vouch By Feedback proposal, Ian Eiloart
|
|
|