[ietf-dkim] Accidental versus malicous error
Douglas Otis
dotis at mail-abuse.org
Thu Dec 20 14:57:50 PST 2007
On Dec 20, 2007, at 10:44 AM, Michael Thomas wrote:
> That would be a bad idea. I believe they changed this in the most
> current version, but gnu mailman -- as an example -- was stripping
> out DKIM signatures thinking they were doing the originating domain
> a favor since they "knew" that the signature would fail (which, in
> fact, wasn't always the case). It took quite a bit of convincing on
> my part that they should just leave it alone. It's not hard to
> understand their perspective though: they thought a broken signature
> would look more spammy than a missing signature. Rinse, repeat.
A mailing-list not breaking signatures is a scary idea. This would
open the door for all sorts of abuse.
When a mailing-list signs using DKIM, while not modifying the From
header, they should also expect verifiers to evaluate the From header
signature first. Depending upon the available resources, a second
evaluation of the mail-list signature may not occur. The _only_ way a
mailing-list could ensure their signature is evaluated is to remove
broken From signatures. Leaving these broken signatures needlessly
wastes resources and looks spammy. From what you just suggested about
not breaking signatures, their user's very messages might well be used
to carry spam.
-Doug
More information about the ietf-dkim
mailing list