>If more people configured their sendmail to reject bad HELOs, it would be a lot harder to send spam.
No, it would be harder to send "joe-jobs" (spam which has *your* return-path). There's really nothing against which to check HELOs, other than that they are valid 'A' records, and whether or not the reverse DNS matches. Since we are talking about spam coming from "bots", there is no reason not to use a HELO name that matches the machine from which the e-mail message is coming.
If you want to check the HELO against an SPF record or DomainKeys (DNS TXT), even based on the specs you shouldn't reject the message if these records don't exist (which would almost certainly be the case for infected desktops).
Even if every legit sender had an SPF record, the only thing you would get rid of is joe-jobs. spam would not be affected, since what people end up seeing is the "pretty name", not the RFC headers (which are few). There's no reason for a spammer to spend much time on making RFC headers or HELO name contain misdirection.
>This only applies to the requirement that Microsoft make protocol documentation available to competitors, though. >All of the other requirements have expired [SNIP]
Quite the contrary. The protocol documentation requirements were already extended. She ordered that the rest of the requirements *NOT* expire.
It's worse for me. I ordered mine on day 1, got a letter promising it to me by December 24. On December 21, I received an apology letter explaining that they were overwhelmed and I would not get mine by 24th after all--but I would receive it by January 15. It has still not shipped. 3 days ago, on January 22, I received another e-mail saying I would receive it *by January 15*! I don't expect to ever see it, and I'm perplexed on how much I should actually write off on my tax return ($200 or $400???). They also informed me that if I want a refund, I can only get $200 of the $400 back.
Look, I don't have a problem with fulfillment issues, and I want to support the cause, but the lack of tracking, communication, ridiculous e-mail, etc. is unacceptable. I've also paid a total of $30 in T-Mobile HotSpot day passes when I was supposed to have gotten a year for free as part of the package.
I think that these journalists have stumbled onto the solution for the drop in popularity of printed media vs. electronic media. I know that if my local paper were to run all of their stories through babelfish to other languages and back again before printing, I would read it from cover to cover.
What makes you think that there are ads in their IMAP mail? From my testing just now, there are no ads (just as there are none using their POP3 service).
It does appear that their IMAP service works much better than their POP3 server. With POP3 (using the protocol directly), retrieving messages using message numbers in order seems to retrieve messages from random time periods, unrelated to anything I can fathom (including "conversations", etc.) It also seems to have something to do with when and how messages have been previously read via POP3. This isn't noticed by most POP3 clients, because they download all of the messages first and then sort by date. But some have a problem with it. Their IMAP server appears to actually honor the policy of having the numbers match the reception time.
He's still relevant because the computer engineering ideas he came up with back then still hold up today, and some board designers could still learn lessons from what he did. His designs are still works of art.
In addition, his philanthropy and dedication to children in need (both materially and intellectually) should be an example to us all.
This is my problem with some of the SPF evangelism. It *does not* help protect your users from scams. SPF has been touted as the solution to phishing (by Microsoft, among others), but in reality it cannot help there. Phishing largely relies upon the "pretty name" in the e-mail header (e.g. "Bank of America Customer Service <custsrv@bankfromamerica.net>"), and many (perhaps most) e-mail clients only show the pretty name in the summary view.
As others have said here, SPF does help with Joe Jobs (spammers using your e-mail address as a bounce address). This is indeed a useful feature, and I use it myself. But the public press about SPF is largely incorrect, and even the title of this topic is misleading. I guess it can curtail forged e-mail headers, but the net effect is not a curtailing of spam (and especially not scams).
Slashdot Mirror
>If more people configured their sendmail to reject bad HELOs, it would be a lot harder to send spam.
No, it would be harder to send "joe-jobs" (spam which has *your* return-path). There's really nothing against which to check HELOs, other than that they are valid 'A' records, and whether or not the reverse DNS matches. Since we are talking about spam coming from "bots", there is no reason not to use a HELO name that matches the machine from which the e-mail message is coming.
If you want to check the HELO against an SPF record or DomainKeys (DNS TXT), even based on the specs you shouldn't reject the message if these records don't exist (which would almost certainly be the case for infected desktops).
Even if every legit sender had an SPF record, the only thing you would get rid of is joe-jobs. spam would not be affected, since what people end up seeing is the "pretty name", not the RFC headers (which are few). There's no reason for a spammer to spend much time on making RFC headers or HELO name contain misdirection.
I've been travelling with my Sony Vaio with a solid state drive every single week for almost a year now, and TSA has never even looked at it twice.
I've raised 4 generations of Software Marketing students on a definition of vaporware that will soon become invalid!
>This only applies to the requirement that Microsoft make protocol documentation available to competitors, though.
>All of the other requirements have expired [SNIP]
Quite the contrary. The protocol documentation requirements were already extended. She ordered that the rest of the requirements *NOT* expire.
It's worse for me. I ordered mine on day 1, got a letter promising it to me by December 24. On December 21, I received an apology letter explaining that they were overwhelmed and I would not get mine by 24th after all--but I would receive it by January 15. It has still not shipped. 3 days ago, on January 22, I received another e-mail saying I would receive it *by January 15*! I don't expect to ever see it, and I'm perplexed on how much I should actually write off on my tax return ($200 or $400???). They also informed me that if I want a refund, I can only get $200 of the $400 back.
Look, I don't have a problem with fulfillment issues, and I want to support the cause, but the lack of tracking, communication, ridiculous e-mail, etc. is unacceptable. I've also paid a total of $30 in T-Mobile HotSpot day passes when I was supposed to have gotten a year for free as part of the package.
>Mirror of image here: o.
Is this a mirror of the planet, or another mirror of the goatse? I want to know whether I should be disgusted or not.
I think that these journalists have stumbled onto the solution for the drop in popularity of printed media vs. electronic media. I know that if my local paper were to run all of their stories through babelfish to other languages and back again before printing, I would read it from cover to cover.
Sleep is also not an option for people flying on airlines.
What makes you think that there are ads in their IMAP mail? From my testing just now, there are no ads (just as there are none using their POP3 service).
It does appear that their IMAP service works much better than their POP3 server. With POP3 (using the protocol directly), retrieving messages using message numbers in order seems to retrieve messages from random time periods, unrelated to anything I can fathom (including "conversations", etc.) It also seems to have something to do with when and how messages have been previously read via POP3. This isn't noticed by most POP3 clients, because they download all of the messages first and then sort by date. But some have a problem with it. Their IMAP server appears to actually honor the policy of having the numbers match the reception time.
He's still relevant because the computer engineering ideas he came up with back then still hold up today, and some board designers could still learn lessons from what he did. His designs are still works of art.
In addition, his philanthropy and dedication to children in need (both materially and intellectually) should be an example to us all.
Plasma that displays counterintuitive behavior? I need to get a new plasma. All mine does is show reruns of The Simple Life...oh, wait...
> -It helps protect your users from scams.
This is my problem with some of the SPF evangelism. It *does not* help protect your users from scams. SPF has been touted as the solution to phishing (by Microsoft, among others), but in reality it cannot help there. Phishing largely relies upon the "pretty name" in the e-mail header (e.g. "Bank of America Customer Service <custsrv@bankfromamerica.net>"), and many (perhaps most) e-mail clients only show the pretty name in the summary view.
As others have said here, SPF does help with Joe Jobs (spammers using your e-mail address as a bounce address). This is indeed a useful feature, and I use it myself. But the public press about SPF is largely incorrect, and even the title of this topic is misleading. I guess it can curtail forged e-mail headers, but the net effect is not a curtailing of spam (and especially not scams).
How about, "You get what you pay for"?