[ietf-dkim] Why mailing lists should strip DKIM signatures
John R. Levine
johnl at iecc.com
Fri Apr 23 10:25:25 PDT 2010
>>>> sign, and doesn't strip any headers. So what happened? Yahoo saw my
>>>> signature and sent the reports to me, which was of course useless
>>>> since I don't run the list.
>
> Not completely useless, right? The message did come from you. If it really
> was spam, sent from your account, you'd be glad Yahoo reported it to you.
Reports of mail sent through freebsd lists are completely useless, since
there's nothing I can do with them.
Reports of mail that haven't passed through other people's list managers
are fine, and my scripts deal with them just dandy.
>> The list should certainly sign, but the old signature has to go, since the
>> reputation of a list's mail belongs to the list, not the contributors.
>
> I disagree. I say the reputation is partly the contributor's, partly the
> list's.
Could you produce an actual (as opposed to hypothetical) example of a
situation where it is useful to filter list mail based on contributor
signatures that may or may not be present? I know that every filtering
rule I've ever made for list mail looked for characteristics of the list.
I do the occasional bozofilter but they look at the From: line. For
reasons that should be obvious, once you know the mail is from the list,
it's be much more reliable to do the bozo filtering on From: rather than
looking for a second signature.
R's,
John
More information about the ietf-dkim
mailing list