Name a consumer-level camera that natively interfaces with a Mac that won't do so with a PC How about the cameras that are embedded in the macbook, macbook pro, and imacs? My take on the ad was that video cameras are included in all the consumer computers apple sells.
huh? For forwarding to come into play, the end recipient has to get an account under that domain so that mail addressed to sally@sdlsdfsdlfjsdlkj_sdff.com can then get relayed to the real account.
The source is most likely a zombified windows machine nowadays.
I don't think they usually cache them for more than a day by default
Why wouldn't they cache for $TTL instead of using $randomtime_that_seems_somewhat_long_for_everyone?
Blacklist is way to strong. The best penalty is just to ignore. The market will take care of this one on its own without screwing up your own delivery.
Huh? Goodmail always talks about exactly 2 customers: Red Cross and New York Times. In contrast, SPF and DomainKeys are used by hundreds of thousands if not millions of domains, including all of the Email Service Provider Coalition.
Rational senders can't publish SPF records that say, 'only mail from these servers are allowed,' since they don't know if their recipients will forward mail, and they want as high as deliverability as possible.
>After all, the US Post charges $0.37 per letter, but those of us in the US will tell you just how much junk/crap we get in our (postal)mailboxes.
In fact, there are more bulk mail stamps sold in the US than first class stamps (even with a lot of companies buying first class stamps for their, er, valued marketing material:)
> AOL's goodmail implementation is ONLY for transctional mail.
s/AOL/Yahoo/ AOL is accepting Goodmail messages for any kind of mail, while yahoo is only doing transactional.
>or are links sent by personal friends to their web sites
Can't even trust those anymore. One of my IM friends gott phished, then his account sent me a 'Hey, I just posted some vacation photos here [link]', with link going to a site mimicing the yahoo photos login. I figured out it wasn't yahoo, but within a few hours, a mutual friend's id sent me the same message. Messages from 'friends' are perfect trojan horses for phishing, for exactly the reason you state:(
I think they open up some P2P program and see millions of songs being shared. The wide coverage of songs in the P2P world is further confused for the number of computers sharing each song (ie, you can find a lot of songs, but most don't have any significant # of sources). They don't see the 100s of billions of songs not being shared (and don't do the math to come up with the number (ave album's # of songs * number albums sold over last x years [>600M albums sold in 2005 in US]). They probably also read message boards frequented by geeks like us that have a higher percentage of the community participating in piracy/sharing. These things make them think that 'everyone' is pirating', when in reality probably 0.001% of consumers use these services. They thus think that the piracy problem is out of control and need to take drastic action.
I don't get it. Does this mean that anything that could possibly use this file system needs to pay the license? For instance, I'm a mac user -- none of my disks will actually use the FAT system, but it could if purchased by a windows user. If the disk mfr pays the license, they would have wasted the $.25 (wonder if we will be able to get a msft refund). Seems pretty similar to software actually. Just because my hard disk is capable of running msft office, doesn't mean that I'll actually install it -- and I don't have to pay for a license if I don't.
Disagree. I created my gmail account on April 20 -- less than 3 weeks after launch. Google requires 6 character names. Every semi common first name longer than 6 characters I could think of was not availble. No non common name seemed to be available either -- I tried indian names, french names, and spanish names. Sure, I ended up with a first initial lastname id, just as I have in every other web mail service, but it wasn't the free for all that you suggest.
Loved the busting of the Darwin award myth about strapping (well, welding) missiles to the top of a chevy, and seeing how fast the car would go.
I hate how at the beginning of each segment, the announcer repeats the myth, the tests tried and the results so far. This is an hour show -- no other hour show needs a recap every 15 min. Can you imagine if Lost gave a 'previously on Lost' section after each commercial break?!
Frankly, using Outlook here at work is something I consider *painful* because the UI is so clunky, so I certainly won't be going over to Yahoo any time soon.
I assume you don't use Thunderbird, Eudora, Mulberry, or any other 3 pane mail client as they are all like outlook (or is it the other way around?). I use Thunderbird, and while it's conceptually like outlook, it fits me slightly better (type down find, extensions to customize it to meet my usage pattern, threading, decent IMAP support, etc). As I read Mossberg's comments, it seems to me that he is indicating that it feels like a desktop email application, of which Outlook is the most commonly used. Screenshots like these clearly point to some differences from outlook (tabs, snippets, search highlighting...)
Hmm, I think the technology is critical. If the technology can not produce relevant ads -- and extremely tough thing to do with scale, then the ads value dramatically declines as does the company's value. Otherwise, advertiser.com and doubleclick which do ads for many sites would be valued at similar ratios to google.
Your argument relies on domains publishing the "-all" flag -- ie, bounce addresses will *only* come from these IPs. The rational domains will not do this because they want their email delivered, and may send mail to someone that forwards their email. This is not theory -- it is what is happening. Check out several phishing targets:
ebay.com text "v=spf1 mx include:s._spf.ebay.com include:m._spf.ebay.com include:p._spf.ebay.com include:c._spf.ebay.com ~all" ebay.com text "spf2.0/pra mx include:s._sid.ebay.com include:m._sid.ebay.com include:p._sid.ebay.com include:c._sid.ebay.com ~all" citibank.com text "v=spf1 a:mail.citigroup.com ip4:192.193.195.0/24 ip4:192.193.210.0/24 ~all" bankofamerica.com text "v=spf1 a:sfmx02.bankofamerica.com a:sfmx04.bankofamerica.com a:vamx04.bankofamerica.com a:vamx02.bankofamerica.com a:txmx02.bankofamerica.com a:txmx04.bankofamerica.com a:cr-mailgw.bankofamerica.com a:cw-mailgw.bankofamerica.com ~all" amazon.com text "spf2.0/pra ip4:207.171.160.0/19 include:salesforce.com ?all" amazon.com text "v=spf1 ip4:207.171.160.32/28 ip4:207.171.164.32/28 ip4:207.171.180.176/28 ip4:207.171.190.0/28 ?all"
None of them have published -all.
So, here's what really happpens: - phisher wants to send phish to hotmail user. - phisher sends with bounce address of validuser@hotmail and From: of security@ebay - phisher puts in false receive line of a hotmail outbound server -- it pretends to be a forwarder. - Hotmail looks at its record and determines that the message cannot be determined to be forged.
By requring all forwarders to change, SPF is useful as a, 'yes this may have come from this domain', but can't say, 'no this did not come from this domain.'
Their deterent is that it costs $0.007 per address to do the listwash. I'm *sure* that noone will produce and sell a CD of all the addresses they have found on the list.
Sounds like you don't receive mail from any forwarded accounts. Now, how about the real question. Have you published a SPF record, and does it end in -all? If so, then how much of the mail that you send gets rejected or dropped? You can't know if the mail you send will get forwarded, which is the core of the problem with the technology.
It's fine to check records and act severly on them as long as you are *sure* that your server isn't receiving forwarded email.
Ding. Bounces are supposed to be sent with a Null Bounce Address/Envelope From/MAIL FROM. SPF looks up the domain in the bounce address. Thus, SPF should look up "" in a bounce. How exactly is that going to identify a joe-job? (hint: it doesn't)
Instead, BATV is about Joe-Jobs. It suggests that the sender create a bounce address that can be proven to have originate from the proper server. Thus, if the bounce address is Null, the receiving server can determine if the mail was indeed sent by its domain, thus preventing Joe-Jobs.
Except that this is not an RFC in the sense you use it. Its just a slightly more formalized draft, so the authors don't have to republish the thing every 6 months.
Of course, Microsoft do not care. Hotmail does not offer forwarding - why should they care that forwarding breaks. They do not get the workload. We, who DO offer forwarding, do.
But they *must* be the recipient of a lot of forwarding. Who do your users forward to? Who do the universities and ISPs forward to? My guess: Hotmail, Yahoo, and now Gmail
Slashdot Mirror
huh? For forwarding to come into play, the end recipient has to get an account under that domain so that mail addressed to sally@sdlsdfsdlfjsdlkj_sdff.com can then get relayed to the real account.
The source is most likely a zombified windows machine nowadays.
I don't think they usually cache them for more than a day by default?
Why wouldn't they cache for $TTL instead of using $randomtime_that_seems_somewhat_long_for_everyone
Blacklist is way to strong. The best penalty is just to ignore. The market will take care of this one on its own without screwing up your own delivery.
Huh? Goodmail always talks about exactly 2 customers: Red Cross and New York Times. In contrast, SPF and DomainKeys are used by hundreds of thousands if not millions of domains, including all of the Email Service Provider Coalition.
Rational senders can't publish SPF records that say, 'only mail from these servers are allowed,' since they don't know if their recipients will forward mail, and they want as high as deliverability as possible.
>After all, the US Post charges $0.37 per letter, but those of us in the US will tell you just how much junk/crap we get in our (postal)mailboxes.
:)
In fact, there are more bulk mail stamps sold in the US than first class stamps (even with a lot of companies buying first class stamps for their, er, valued marketing material
> AOL's goodmail implementation is ONLY for transctional mail. s/AOL/Yahoo/ AOL is accepting Goodmail messages for any kind of mail, while yahoo is only doing transactional.
>or are links sent by personal friends to their web sites Can't even trust those anymore. One of my IM friends gott phished, then his account sent me a 'Hey, I just posted some vacation photos here [link]', with link going to a site mimicing the yahoo photos login. I figured out it wasn't yahoo, but within a few hours, a mutual friend's id sent me the same message. Messages from 'friends' are perfect trojan horses for phishing, for exactly the reason you state :(
I think they open up some P2P program and see millions of songs being shared. The wide coverage of songs in the P2P world is further confused for the number of computers sharing each song (ie, you can find a lot of songs, but most don't have any significant # of sources). They don't see the 100s of billions of songs not being shared (and don't do the math to come up with the number (ave album's # of songs * number albums sold over last x years [>600M albums sold in 2005 in US]). They probably also read message boards frequented by geeks like us that have a higher percentage of the community participating in piracy/sharing. These things make them think that 'everyone' is pirating', when in reality probably 0.001% of consumers use these services. They thus think that the piracy problem is out of control and need to take drastic action.
I don't get it. Does this mean that anything that could possibly use this file system needs to pay the license? For instance, I'm a mac user -- none of my disks will actually use the FAT system, but it could if purchased by a windows user. If the disk mfr pays the license, they would have wasted the $.25 (wonder if we will be able to get a msft refund). Seems pretty similar to software actually. Just because my hard disk is capable of running msft office, doesn't mean that I'll actually install it -- and I don't have to pay for a license if I don't.
Yeah. I was glad that they copied that feature too.
Disagree. I created my gmail account on April 20 -- less than 3 weeks after launch. Google requires 6 character names. Every semi common first name longer than 6 characters I could think of was not availble. No non common name seemed to be available either -- I tried indian names, french names, and spanish names. Sure, I ended up with a first initial lastname id, just as I have in every other web mail service, but it wasn't the free for all that you suggest.
Loved the busting of the Darwin award myth about strapping (well, welding) missiles to the top of a chevy, and seeing how fast the car would go. I hate how at the beginning of each segment, the announcer repeats the myth, the tests tried and the results so far. This is an hour show -- no other hour show needs a recap every 15 min. Can you imagine if Lost gave a 'previously on Lost' section after each commercial break?!
Tiny url now has a preview feature so that you get a shot at seeing the final link before visiting. http://tinyurl.com/preview.php
Frankly, using Outlook here at work is something I consider *painful* because the UI is so clunky, so I certainly won't be going over to Yahoo any time soon.
I assume you don't use Thunderbird, Eudora, Mulberry, or any other 3 pane mail client as they are all like outlook (or is it the other way around?). I use Thunderbird, and while it's conceptually like outlook, it fits me slightly better (type down find, extensions to customize it to meet my usage pattern, threading, decent IMAP support, etc). As I read Mossberg's comments, it seems to me that he is indicating that it feels like a desktop email application, of which Outlook is the most commonly used. Screenshots like these clearly point to some differences from outlook (tabs, snippets, search highlighting...)
Hmm, I think the technology is critical. If the technology can not produce relevant ads -- and extremely tough thing to do with scale, then the ads value dramatically declines as does the company's value. Otherwise, advertiser.com and doubleclick which do ads for many sites would be valued at similar ratios to google.
Your argument relies on domains publishing the "-all" flag -- ie, bounce addresses will *only* come from these IPs. The rational domains will not do this because they want their email delivered, and may send mail to someone that forwards their email. This is not theory -- it is what is happening. Check out several phishing targets:
ebay.com text "v=spf1 mx include:s._spf.ebay.com include:m._spf.ebay.com include:p._spf.ebay.com include:c._spf.ebay.com ~all"
ebay.com text "spf2.0/pra mx include:s._sid.ebay.com include:m._sid.ebay.com include:p._sid.ebay.com include:c._sid.ebay.com ~all"
citibank.com text "v=spf1 a:mail.citigroup.com ip4:192.193.195.0/24 ip4:192.193.210.0/24 ~all"
bankofamerica.com text "v=spf1 a:sfmx02.bankofamerica.com a:sfmx04.bankofamerica.com a:vamx04.bankofamerica.com a:vamx02.bankofamerica.com a:txmx02.bankofamerica.com a:txmx04.bankofamerica.com a:cr-mailgw.bankofamerica.com a:cw-mailgw.bankofamerica.com ~all"
amazon.com text "spf2.0/pra ip4:207.171.160.0/19 include:salesforce.com ?all"
amazon.com text "v=spf1 ip4:207.171.160.32/28 ip4:207.171.164.32/28 ip4:207.171.180.176/28 ip4:207.171.190.0/28 ?all"
None of them have published -all.
So, here's what really happpens:
- phisher wants to send phish to hotmail user.
- phisher sends with bounce address of validuser@hotmail and From: of security@ebay
- phisher puts in false receive line of a hotmail outbound server -- it pretends to be a forwarder.
- Hotmail looks at its record and determines that the message cannot be determined to be forged.
By requring all forwarders to change, SPF is useful as a, 'yes this may have come from this domain', but can't say, 'no this did not come from this domain.'
Their deterent is that it costs $0.007 per address to do the listwash. I'm *sure* that noone will produce and sell a CD of all the addresses they have found on the list.
Oops. Need to change that "-" to a "~" or a "?". I'm sure he doesn't know when he sends email to someone that forwards their email.
Sounds like you don't receive mail from any forwarded accounts. Now, how about the real question. Have you published a SPF record, and does it end in -all? If so, then how much of the mail that you send gets rejected or dropped? You can't know if the mail you send will get forwarded, which is the core of the problem with the technology.
It's fine to check records and act severly on them as long as you are *sure* that your server isn't receiving forwarded email.
Betcha this doesn't stop Microsoft from calling it an internet standard.
Ding. Bounces are supposed to be sent with a Null Bounce Address/Envelope From/MAIL FROM. SPF looks up the domain in the bounce address. Thus, SPF should look up "" in a bounce. How exactly is that going to identify a joe-job? (hint: it doesn't) Instead, BATV is about Joe-Jobs. It suggests that the sender create a bounce address that can be proven to have originate from the proper server. Thus, if the bounce address is Null, the receiving server can determine if the mail was indeed sent by its domain, thus preventing Joe-Jobs.
Except that this is not an RFC in the sense you use it. Its just a slightly more formalized draft, so the authors don't have to republish the thing every 6 months.
Of course, Microsoft do not care. Hotmail does not offer forwarding - why should they care that forwarding breaks. They do not get the workload. We, who DO offer forwarding, do.
But they *must* be the recipient of a lot of forwarding. Who do your users forward to? Who do the universities and ISPs forward to? My guess: Hotmail, Yahoo, and now Gmail