@ska

I know all that I need to know from having written a mailbox name parser, many years ago, with the knowledge that the only correctly workable approach involves parsing the lexemes *backwards*, from end to beginning. So I won't be bothering with some quiz that tells me that there's scope for bizarre antics in mailbox names.

I already know; and I've been mercifully blessed with not having to think about it in years. (-:

#SMTP #InternetMessageFormat

It's heartwarming to a greying geek that a 5000+ words retrospective on greytrapping is turning out to be popular - https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html (tracked https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html)

#greytrapping #spam #antispam #greylisting #blocklist #openbsd #freebsd #smtp #email #ssh #passwords #passwordguessing #pop3 #security #networking #cybercrime

Friends, it finally happened. On August 7th, 2025, the number of spamtraps intended to fool spammers rolled past the number of inhabitants in my home country of Norway. It's time for a retrospective.

Eighteen Years of Greytrapping - Is the Weirdness Finally Paying Off? https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html (tracked https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html)

#greytrapping #spam #antispam #greylisting #blocklist #openbsd #freebsd #smtp #email #ssh #passwords #passwordguessing #pop3 #security #networking #cybercrime

Webinar d'introduction à #SPF, #DKIM et #DMARC par @afnic

#email #SMTP

https://webikeo.fr/webinar/emails-et-protocole-dmarc-en-2025-adoption-erreurs-courantes-best-practices-de-configuration

Recently I found out that when I sent mail to GOOG hosted domains, they would mark my messages as spam or disappear then entirely.

Then today a mailing list host's spamassassin rejected my message.

It turned out that somebody had reported bsdly.blogspot.com (GOOG hosted, but referenced in my .signature) to spamhaus as malicious, and GOOG + the mailing list hoster believed them.

Got delisted, no problem. So which party is to blame here, or what method?
#spam #antispam #smtp #contentfiltering

[Again for those on the other side of the pond] -

Friends, it finally happened. On August 7th, 2025, the number of spamtraps rolled past the number of people in my home country. It's time for a retrospective.

Eighteen Years of Greytrapping - Is the Weirdness Finally Paying Off? https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html (tracked https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html)

#greytrapping #spam #antispam #greylisting #blocklist #openbsd #freebsd #smtp #email #ssh #passwords #passwordguessing #pop3 #security #networking #cybercrime

Friends, it finally happened. On August 7th, 2025, the number of spamtraps intended to woo the unwary spammer rolled past the number of inhabitants in my home country of Norway. It's time for a retrospective.

Eighteen Years of Greytrapping - Is the Weirdness Finally Paying Off? https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html (tracked https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html)

#greytrapping #spam #antispam #greylisting #blocklist #openbsd #freebsd #smtp #email #ssh #passwords #passwordguessing #pop3 #security #networking #cybercrime

Eighteen Years of Greytrapping - Is the Weirdness Finally Paying Off? https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html (tracked https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html)

Friends, it finally happened. On August 7th, 2025, the number of spamtraps intended to woo the unwary spammer rolled past the number of inhabitants in my home country of Norway.

It's time for a retrospective.

#greytrapping #spam #antispam #greylisting #blocklist #openbsd #freebsd #smtp #email #ssh #passwords #passwordguessing #pop3 #security #networking #cybercrime

In 2013 I wrote up "Maintaining A Publicly Available Blacklist - Mechanisms And Principles" (also https://bsdly.blogspot.com/2013/04/maintaining-publicly-available.html) . TL;DR: blocklisting is a kind of public shaming, be sure your process is verifiable and transparent.

Minor edits today, links to resources and #eurobsdcon inside. #blocklists #spamtraps #antispam #smtp #spamd #openbsd #freebsd #security #cybercrime

The BIG MAIL operators disappear valid mail. We have all seen it happen.

I am pondering starting a campaign to collect war stories with as much log data and other relevant data as possible in order to write an article which may evolve into something else.

If you have potentially useful input, I want to hear from you.

#mail #smtp #bigmail #runyourown #antispam #spam #disappearingmail #smallmail

For further notes going back to 2017, see "Twenty-plus years on, SMTP callbacks are still pointless and need to die" https://nxdomain.no/~peter/twenty-plus_years_on_smtp_callbacks_are_still_pointless.html #spam #smtp #smtpcallbacks #callbacks #email #verification #cybercrime #hacking #stupidity

I have a suspicion that in a very small way I might have recently contributed towards a minor unshittification of Meta.

I was drawn into it as an SMTP problem.

I can only apologize to the world if it actually does end up making #Meta capable of sending e-mail once more. (-:

As a #qmail user of many years, who did similar work of my own for OS/2, and who was drowned with UBM to the point of just giving up on SMTP e-mail in the 2000s; I can heartily recommend the rejection of Relay clients that do not adhere to the SMTP.

Gresham's Law trumps Postel's Principle.

http://jdebp.info/deluge-of-microsoft-worms.html

http://jdebp.info/FGA/qmail-myths-dispelled.html#MythAboutBareLFs

https://news.ycombinator.com/item?id=44291670

#OpenBSD #GreshamsLaw #PostelsPrinciple #SMTP

Remember the threads¹² about #LetsEncrypt removing a crucial key usage from certificates issued by them in predictive obedience to their premium sponsor Google?

We were at first concerned about #SMTP. While I had lived through this problem with #StartSSL by #StartCom back in 2011, I only had a vague recollection of Jabber but recalled in detail that it broke server-to-server SMTP verification (whether the receiving server acted on it or just documented it).

Well, turns out someone now reported that it indeed breaks #XMPP entirely: https://community.letsencrypt.org/t/do-not-remove-tls-client-auth-eku/237427/66

This means that it will soon no longer be possible at all to operate Jabber (XMPP) servers because the servers use the operating system’s CA certificate bundle for verification, which generally follows the major browsers’ root stores, which has requirements from the CA/Browser forum who apparently don’t care about anything else than the webbrowser, and so no CA whose root certificate is in that store will be allowed to issue certificates suitable for Jabber/XMPP server-to-server communication while these CAs are the only ones trusted by those servers.

So, yes, Google’s requirement change is after all breaking Jabber entirely. Ein Schelm, wer Böses dabei denkt.

While https://nerdcert.eu/ by @jwildeboer would in theory help, it’s not existent yet, and there’s not just the question of when it will be included in operating systems’ root CA stores but whether it will be included in them at all.

Google’s policy has no listed contact point, and the CA/B forum isn’t something mere mortals can complain to, so I’d appreciate if someone who can, and who has significant skills to argument this in English and is willing to, to bring it to them.

① mine: https://toot.mirbsd.org/@mirabilos/statuses/01JV8MDA4P895KK6F91SV7WET8
② jwildeboer’s: https://social.wildeboer.net/@jwildeboer/114516238307785904