How is it not? For all but some old and insecure or fairly exotic setups, DKIM/DMARC validates the sender server is authorised for that domain and the server's account-based outbound filtering validates it was sent by the owner of that mailbox.
If the sending server doesn't do DKIM, it's fundamentally broken, move your email somewhere else. If the sending server lets any user send with an arbitrary local part, that's either intended and desired, or also fundamentally broken. If there are other senders registered on the domain with valid DKIM and you can't trust them, you have bigger problems.
> If the sending server doesn't do DKIM, it's fundamentally broken,
No, it just won't get very good deliverability, because everything it talks to is now fundamentally broken.
DKIM shouldn't exist. It was a bad idea from day one.
It adds very little real anti-spam value over SPF, but the worse part is exactly the model you describe. DKIM was a largely undiscussed, back-door change to the attributability and repudiability of email, and at the same time the two-tiered model it created is far, far less effective or usable than just end-to-end signing messages at the MUA.
DKIM isn't an antispam measure, it's an anti-impersonation measure. With DKIM, you can't impersonate a domain, which means you can trust that any email you get from an email provider was sent in accordance with that provider's security policy. In most cases, that policy is "one user owns one localpart and they can only send from it if they have their password". In cases where it's not, this is intentional and known by their users.
If you as a user can't trust your email server, you've already lost, no matter if something is authorized by an outbound email or a click on an inbound link. If your mail server is evil or hacked, it can steal your OTP token or activation link just as easily as it can send an email in your name.
Yes, end to end authentication is definitely better, but this isn't what people are discussing here. With enforced DKIM, "send me an email" has a nearly identical security profile to "I've emailed you a link, click on it". Both are inferior to end-to-end crypto.
Calling this "paying to unlock ports" is disingenuous. I'm also a T-2 customer and have run into this before. They block ports on dynamic IPs, but if you pay +2€/mo for static, this is unlocked. This seems reasonable. If you're not paying for static IPv4, you're paying for "internet access", whether that's a rarely chaning dynamic IPv4, a constantly changing IPv4 or full CGNAT.
Would you also say your mobile phone operator is violating net neutrality by putting you behind CGNAT that you can't forward arbitrary ports through? You can pay a bunch of money to get a private APN and get public IPv4 addresses. Would you call that an unblock fee?
I don't know about that law, but GP's point was that you don't get a public IP anyway, firewall or not. And with this NAT in place, you can't ask them to forward specific ports to your equipment.
In France, CG-NAT is getting widespread even for fixed, FTTH links. I'm typing this connected to SFR, which provides a static IPv6 /56, but IPv4 is behind CG-NAT. I can't host anything on IPv4. I think there's an option to get a fixed, internet routable address, but not on the "discount" plan I'm on. I hear you maybe can ask support to get you out of CG-NAT, but that doesn't seem very reliable.
Free (local ISP), by default, doesn't give a static IP for fiber, but you can ask for one for free through your online account page (you just need to tick a box).
> They block ports on dynamic IPs, but if you pay +2€/mo for static, this is unlocked. This seems reasonable.
Why does that seem reasonable to you? Why should dynamic IPs not be able to receive incoming connections? It costs them nothing to let those packets through.
> disingenuous
Bad.
> Would you also say your mobile phone operator is violating net neutrality by putting you behind CGNAT that you can't forward arbitrary ports through?
CGNAT is pretty awful, but at least there's a reason for connections to fail.
But sure, if I had control I would mandate that CGNAT lets you forward ports. Maybe you don't always control the external port, but there shouldn't be any other compromises.
> You can pay a bunch of money to get a private APN and get public IPv4 addresses. Would you call that an unblock fee?
That's a workaround to get a different connection, not an unblock, so no.
Firstly, dynamic IPs are quickly reused, so if one customer get an IP onto a bunch of firewall blocklists because they were operating services that got exploited (like an open relay for spam, email backscatter generator, dns that was used for amplification, smb that hosted on-click executable windows malware...), this means some random unrelatimg customer will now have problems with their internet connection. After a while, you could poison a large chunk of the pool, then they have to not just deal with you, but also a bunch of other angry customers as well as beg all the firewall vendors to unblock those IPs.
If you get static, you keep that IP for a while. You suffer the consequences of your bad setup, you have to deal with FW vendors and after you leave, the IP will be offline for long enough that it will probably "cool off".
And secondly, while I don't like it, we need to keep in mind net neutrality was not written for selfhosters. It was written so an ISP can't zero-rate their own streaming service, or block their competitors. It was about internet access, not internet participation. The ownerwhelmimg majority of people are not and don't care to be "on" the internet, they want to "access" things that are on the internet. That's why NAT is still everywhere.
Define quickly? My modem stays attached on the same IP for months at a time.
> so if one customer get an IP onto a bunch of firewall blocklists
That can happen anyway! Most of those are based on outgoing connections!
> a bunch of other angry customers as well as beg all the firewall vendors to unblock those IPs
Does this happen today on the huge number of ISPs that let you open ports on a dynamic IP? I'm not aware of it.
> we need to keep in mind net neutrality was not written for selfhosters
Well I'm not really focused on the idea of net neutrality, just whether it's reasonable to make customers unconnectable, and I say it's not reasonable.
I'd agree if you picked Google Docs or something like that, but Gmail? Chrome?? Come on! Edge is just Chrome with extra features, plenty of people use Bing without even noticing and many even non-techy people are fine with DuckDuckGo, good free email providers are everywhere (yahoo, hotmail, proton...).
Here in EU even the 5 €/month phone plans have unlimited SMS. As soon as you want to talk to someone without Whatsapp, you need to figure out which other apps they're on. Completely useless compared to SMS
Have you considered that the EU isn't one country?
It is not unusual for there to be hosting or intermediate storage of images and other files, and from the phone you may tap a link or something to download/access that file, instead of having it automatically download and appear immediately, due to bandwidth and resource constraints.
In France, I'm "charged" for MMS, too. But that's actually considered "data", so it's deducted from the "internet" envelope which is quite generous (at least for my needs: I have multiple dozens of GB for under 10 € a month, of which I only ever went above 10 when backing up photos during a vacation with no wifi).
Yes, but there are also plenty of countries where mobile data or even smartphones aren't nearly as universal as they might be in the places where most people use whatsapp. There, people use mostly SMS and phone calls. Whatsapp and the like are the thing you use when SMS/calls would be too expensive, so international.
Both of these exist, as do middle grounds between them.
I'm in only one WhatsApp group with someone local, everyone else in my chats is from abroad. Yet I'm from a country with dirt cheap data and nearly universal smartphone ownership. People just don't use WA here for whatever reason. But drive an hour across the border and suddenly everyone is on WhatsApp.
1. This was not a mitm attack, it was lawful mitm inspection of a user's own traffic. Mitm attacks are prevented by TLS and the system CA store already.
2. Please don't give people bad ideas. This is how we get bikeshare apps that don't work on rooted/old/GrapheneoOS/... devices and further entrench google's position in the Android ecosystem.
If your security depends on devices faithfully reporting their location, you've already lost. Get a whiteboard, start from scratch.
My intent was not to color or frame the activity but to use shared understood knowledge to convey the concept. It's like the terms blacklist and whitelist. Yes they're rooted in racism, and gosh darn it if everyone doesn't still use them because we know immediately what they are and there no better term. On the flip side we successfully switched from master to main.
If you don't want people saying "mitm attack" you gotta come up with something that rolls off the tongue a little better than "it was lawful mitm inspection of a user's own traffic".
The wording is only secondary to my point, which is that this isn't something to prevent. It's not "a security thing". You said "to mitigate the MiTM attack". It's not an attack and nobody should be trying to "mitigate" it. If an app vendor in trying to evade inspection by the user, they're either being shady or incompetent.
And no, most people at least in the reverse engineering circles I'm in/follow, don't say "MiTM attack" when things are done by the user with consent. I've heard MiTM-ing as a verb, MiTM/SSL/TLS proxying/inspection/interception or even (incorrectly) SSL stripping (and surely some more that I don't remember).
I see the lack of cert pinning as a sign of having a good security team. Pinning is usually implemented as "we had an external security audit and their report said we should". Security auditors and pentesters tend to add this kind of crap (alongside root detection and obfuscation) to their reports to pad them out and make their work sound more valuable to the paper-pushers. So either Lyft had their audits done by a competent provider, or their staff know enough to filter this bullshit out. Either way, props.
You on the inside can punch a hole to the outside. This is fine. There's no real difference between hole punching and a regular connection to a regular server from one side's perspective.
And since LLM tokens are expensive and generation is slow, how about we cache that generated code on the server side, so people can just download the pre-generated install.sh? And since not everyone can be bothered to audit LLM code, the publisher can audit and correct it before publishing, so we're effectively caching and deduplicating the auditing work too.
There are so many types of headphones that don't isolate much, including the cheapest crappy on-ears from the walkman era, there's really no excuse.
And on the few occasions where I've had no other option, it made so much more sense to set my phone to low volume and bring it close to my ear instead of holding it iut and maxing the volume.
And if I need to talk as well, many people don't know this, but there's a second smaller speaker on the opposite end of the phone, approximately one mouth-ear distance away from the microphone.
The whole "markdown isn't standardised" point is just bullshit. Any place that supports markdown will support the basics and some places having extra features is a good thing! The only thing worse than not having a feature you need in some app is not having that feature in any app.
And the differences that exist between implementations are there for a reason. Do you think chat apps would let you have headings or footnotes or whatever if they used org mode syntax? No, they don't want to give you those formatting options, so if they used org mode instead of Markdown, they'd just rip it out of there too. And now you have the same problem.
If the sending server doesn't do DKIM, it's fundamentally broken, move your email somewhere else. If the sending server lets any user send with an arbitrary local part, that's either intended and desired, or also fundamentally broken. If there are other senders registered on the domain with valid DKIM and you can't trust them, you have bigger problems.
reply