Notices by Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)

@erik @Sempf @tychotithonus I've forgotten more about HTTP than most people will ever know...

@mmasnick.bsky.social skinner.gif

@Sempf @tychotithonus do you need a hug?

@tychotithonus @Sempf the cursed thing here is that the sending side is silently discarding it

@tychotithonus @Sempf being less extreme, it's pretty safe to send a bounce if SPF and DKIM validate

@tychotithonus @Sempf hold the connection while validating at the next hop

(this is a bit ideological)

@tychotithonus @Sempf if they can't be bothered to decide whether they're going to accept it at that time 🖕

@tychotithonus @Sempf rejection at smtp transaction time does not cause backscatter

@Sempf Yeah. So? Lots of domains bounce postmaster@

@kevinbowrin I mean, there's fuckall I can do without convincing a government IT department to send me logs, which, 🤣

Silently discarding email is an awful, awful thing to do.

Ideally, reject before accepting it, but if you can't do that, at least send a bloody bounce message.

Somehow, yesterday I experienced a new form of email nonsense. Someone claimed they were replying to my emails, and able to send without apparent issue, except... my server logs show nothing.

I even checked the pcap ring buffer. Nary a SYN from their server IPs.

Wat!?

@Irishmasms lolsob

@paul_ipv6 their office chair has been replaced with cake, let's see if they notice

Oh dear, I'm getting advance fee fraud spam to an email address I used exclusively for an event put on by Los Alamos National Laboratory (LANL).

LANL, as in where they built the first nuke (and the demon core thing happened), leaked email addresses to spammers.

@HorayNarea the worst kind of correct

@HorayNarea technically, nfts are a sort of nfs

@sangster @johnallsopp I self host mine, but it is an exercise in masochism

@acdha they already do, lol

@Yuki I've done that, it was fine because I didn't need to write anything