DKIM becomes more official

John L johnl@iecc.com
Sat Oct 13 03:55:14 UTC 2007


> I think they are being disingenuous, and that their real purpose
> is to get email from Ebay/Paypal delivered to Yahoo mailboxes whose
> owners would otherwise blacklist everything with any hint of
> Ebay/Paypal.

I just came back from the MAAWG meeting where live people from both Yahoo 
and Paypal were there.

> It's been years since every mailbox in my vicinity
> stopped accepting anything claiming to be from Ebay/Paypal.

Don't be silly.  Real mail systems have to accept the mail their users 
want, even when it's risky.  Ebay and Paypal happen to send all their mail 
from fixed places so you can do a pretty good job of recognizing spoofs by 
looking at the addresses in received headers, but signature checking 
considerably reduces the risk beyond what faux SPF can do.

> The next question one ought to ask is what email Ebay/Paypal wants
> delivered.

Most of it is transactional.  I know they have a reputation as famous 
spammers, but the reality is that most of their mail is related to stuff 
that their users are doing.

> If you believe that, than shouldn't you believe that Hotmail will
> start blocking mail that SPF says is forged?

Sender-ID, actually.

R's,
John

PS:

> My recollection of Paypal is that email is not really needed, and that 
> the reason Paypal wanted to use email was for advertising.  I've never 
> used eBay, but I wonder if the same applies, whether you strictly need 
> email *sent by eBay* to participate as buyer or seller.

I suppose if you had nothing better to do, you could check their web sites 
three times a day, but it's a lot more convenient for them to send you 
mail and tell you when someone's sent you money, bought something you've 
listed, or your auction bid's been accepted.  I have stuff listed on 
ebay's half.com that can sit there for months before someone buys it.



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.