[ietf-dkim] Why mailing lists should strip DKIM signatures
Michael Thomas
mike at mtcc.com
Sun Apr 18 11:30:04 PDT 2010
Dave CROCKER wrote:
> On 4/22/2010 9:34 PM, John Levine wrote:
>
>> For anyone who's working on the list management BCP:
>>
>> I sign all my outgoing mail, and I have a feedback loop set up with
>> Yahoo, which being very modern and advanced keys on signatures, not IP
>> addresses. A few days ago I sent some messages to one of the Freebsd
>> mailing lists. Today some Yahoo user who subscribes to that list hit
>> the spam button. Freebsd's list software (Mailman, I think) doesn't
>> sign, and doesn't strip any headers. So what happened? Yahoo saw my
>> signature and sent the reports to me, which was of course useless
>> since I don't run the list.
>>
>> This is not a hypothetical problem--all of my recent Yahoo FBL reports
>>
>
>
> If I understand correctly, you established a private arrangement with Yahoo.
> Yahoo chooses to create a unique interpretation for the presence of a DKIM
> signature, which treats it as an override to the MailFrom. And from this, you
> are asserting a new, general rule about DKIM handling?
>
That is exactly my reaction: the way to deal with broken software is to
fixate and blame the
pointer to the broken software? Madness lies that way.
Mike
More information about the ietf-dkim
mailing list