[ietf-dkim] The mailing list argument, was Resigner Support of RFC 5617 (ADSP)
iane at sussex.ac.uk
Tue Oct 13 03:27:31 PDT 2009
--On 13 October 2009 00:49:05 -0400 hector <gmail.sant9442 at winserver.com>
> John Levine wrote:
>> [ this is well trodden ground, so I will try and keep this short ]
>>> Agreed, but the fact that it's a mailing list that is doing this
>>> isn't significant. It could be any intermediary that is willing to
>>> take responsibility for the message by signing it. Their reputation
>>> now becomes a factor in the disposition of the message.
>> Right. As JD and others have often pointed out, mailing lists should
>> sign their mail like anyone else, and recipients handle it based on
>> the list's reputation. If we're going to encourage list operators to
>> change their software to deal with DKIM, sensible changes would help
>> them be sure that unwanted mail doesn't leak onto the list, perhaps
>> using DKIM and ancillary reputation systems. That will help all
>> subscribers getting mail from the list, whether they use DKIM or not.
> So what you are saying is that LIST SERVER developers SHOULD NOT add
> ADSP features to restrict signing of ADSP domain nor bother to see if
> it should allow these restrictive domains to subscribe?
They should add features. But "DISCARDABLE" ('discard' isn't a value, and
'discardable' doesn't mean 'discard'), should not be treated the same as
"ALL". It's reasonable for a list to rejected mail that it is about to
render discardable, but there's no reason to reject mail with "ALL".
Remember RFC5617 says " 3.2 ... o If a message has a Valid Signature other
than an Author Domain
Signature, the receiver can use both the Signature and the ADSP
result in its evaluation of the message."
> List name: ieft-dkim
> DKIM/ADSP Options:
> [_] Do not allow subscription from ADSP domains
> [_] Do not accept domains with DISCARD, ALL policies
> [X] Sign list mail:
> [X] Remove any old signatures
> Signing Selector: k00001
> Signing domain : mipassog.org [ GENERATE KEY ]
> [X] Checking Reputation Services
> [ CLICK TO SEE REPUTATION SERVICE LIST ] None-Defined
>> A few milliseconds of thought should reveal that a scheme that allowed
>> a list to assert that incoming mail was signed would instantly be
>> abused by spammers who would start sending from "lists" that claimed
>> to be passing through signed mail from domains with good reputations.
IT Services, University of Sussex
For new support requests, see http://www.sussex.ac.uk/its/help/
More information about the ietf-dkim