[ietf-dkim] Concerns about DKIM and mailiing lists
Steve Atkins
steve at blighty.com
Wed Mar 15 09:09:08 PST 2006
On Mar 15, 2006, at 7:58 AM, Michael Thomas wrote:
> Dave Crocker wrote:
>>> They don't. They need to be part of the larger
>>> ecosystem here, and they certainly do not have a god-given
>>> right to preserve the From: address and completely change
>>> the content with complete impugnity.
>> Well, pretty much, they do.
>> Absent violations of an Internet standard, a mailing list's
>> software may make whatever changes the operator of the mailing
>> wants or is willing to tolerate.
>
> With DKIM, they will be in "violation" of an Internet standard insofar
> as they corrupt a legitimately signed piece of email, and preserve the
> From: address. To a receiver, there is absolutely no difference
> between that case and the case that we'd like to guard against,
> namely spoofing of From: addresses.
>
> Mailing list software and their operators are perfectly at liberty
> to stick their head in the sand, but I'm perfectly at liberty as
> a receiver to treat mailing list email the same way that I treat
> other likely forgeries.
Treat them as unsigned, you mean?
Cheers,
Steve
More information about the ietf-dkim
mailing list