[ietf-dkim] Issue: Deployment Guide Section 6.1/6.5 (ADSP/Forwader) conflict
daniel.subs at internode.on.net
Sun Oct 18 20:06:53 PDT 2009
On Monday 19 October 2009 12:18:04 John Levine wrote:
> >The point here, I suppose, is that forwarders that are meant to
> >forward ... while forwarders that are meant to fan out to multiple
> >recipients ... should get different advice.
> This is the mailing list advice that I strongly suggest we NOT attempt
> to provide at this point.
strongly disagree. Filtering early is more likely to pickup signature breakage
and protect the down stream recipient. Its more likely to reject back to the
sender if they configured stuff wrong.
Advice could be split between forwarders that break signature and those that
done. Keep in mind the dkim goal of is message integrity not reputation
(despite its usefulness here).
> All these arguments about what to do with
> DKIM and ADSP and mailing lists are based on pure speculation.
Rejecting mail based on signature failure combined with dkim=all/discard is
working quite well on the mail lists I manage. I don't do this on the final
recipient domain though.
> I know what my lists do (just out of curiosity, how many other people
> in this argument host active lists?
me - lists.cacert.org
> ) and I know what works for me, but
> there are a lot of other opinions and we won't know what works until
> we have some actual experience.
Though involvement with Sympa and Mailman devs, who for the most part are sick
of request saying change this so I can fillter spam/forgeries, still want to
provide unsubscribe links and bottoms of email and generally meet the user
Responses based on shared experience has been:
- Sympa Dev - Serge Aumont - DKIMfriendly switch
- Mailman Dev - Barry Warsaw - mta problem
- Mailman Dev -Stephen Turnbull - develop List Domain Signing Practices
- Infrastructure Manger - Ian Eiloart - reject when signature breaks and ADSP
There's plenty of experience. Just need to look a bit beyond this list.
More information about the ietf-dkim