[ietf-dkim] Re: DKIM and mailing lists
dotis at mail-abuse.org
Mon Jan 23 13:09:41 PST 2006
On Jan 23, 2006, at 12:14 PM, Miles libbey wrote:
> This is very interesting. For our antispam system I'd like to be
> able to distinguish between mailing list traffic and person to
> person traffic, since they largely have very different
It is possible direct person to person traffic and list-server
traffic use the same signing domain. The proposal for the 'w=?'
parameter is to identity three roles. The MSA, mediator, and MDA.
The MDA is intended to provide a non-deliverable signature, used in
much the same way as a non-routable IP address for local networks.
When the signature includes a meditator designation, rules regarding
the use of headers can be so tailored.
> In this sense, to me, 'do the right thing' would be to re-sign the
> message -- we've been able to use Yahoo! Groups (re)signing as a
Agreed, but the domain itself may not be a clear indication that the
role of the MTA is a mediator and there are more mediators than just
list-servers. This would be more important when DKIM is attempting
to identify the source of originating email (MSA), and ensure it is
not confused with mediators such as list-servers, where it could be
seen otherwise as a spoof attempt.
> I'm sure that others could easily argue that doing the right thing
> is to leave the message in a way that encourage the final receiving
> system to check the initial signature, so they could apply rules
> based on the original author.
The concern there would be whether an anti-replay strategy develops
that attempts to hold the receiving domain accountable for replay. I
can not imagine how one could use DKIM to safely hold the email-
address accountable. The replay abuse could just as easily occur
from the recipient. As a general rule, accountability should be
focused on the domain as a practical and manageable level of
resolution. There is virtually zero cost associated with adding
additional email-addresses, so what would a email-address reputation
More information about the ietf-dkim