[ietf-dkim] list signup, was Wrong Discussion
Douglas Otis
dotis at mail-abuse.org
Sun May 2 04:33:31 PDT 2010
On 5/2/10 11:10 AM, Alessandro Vesely wrote:
> John Levine wrote:
>
>>>> Is there some long-standing toxic effect of mailing lists other than
>>>> that they don't fit the simple identity models used by recently
>>>> devised authentication schemes?
>>>>
>>> The opt-in mechanism, I'd say. There's no standardized way for
>>> subscribers' servers to learn about subscriptions.
>>>
>> Even if you consider that to be a problem, what could it possibly have
>> to do with DKIM?
>>
> Just that if there were a handshake between a list server and a new
> subscriber's MX, they could also agree upon ADSP forwarding, e.g. by
> whitelisting the list server.
>
To retain security, the sender's domain needs to assert domain specific
exceptions for "all" or "discard-able" ADSP policies.
Someone subscribed to a mailing list does not mean the list then has any
purported sender's blessing to make exceptions, especially when some
lists don't prevent simple spoofing. From a security stand point, it
would also be unwise to have automated exchanges with mailing-lists
prompted by receipt of messages needing exceptions.
-Doug
More information about the ietf-dkim
mailing list