[ietf-dkim] list vs contributor signatures, was Wrong Discussion
John R. Levine
johnl at iecc.com
Fri May 7 10:07:34 PDT 2010
>> I believe it. Are you saying the list managers make no effort to keep
>> the spam out of their lists?
>
> No, but I don't think it's their job. As the site manager, that's my job in
> general. What the list managers can add is access controls, and
> authentication helps to improve the utility of such controls.
Oh, we agree there, I wasn't distinguishing between the list and site
manager, since at small sites they're often the same person.
>> contributors, but DKIM doesn't help there since DKIM most definitely
>> never says that the From: address is "real".
>
> "real"? A signature from the sender domain at least says that if it's not
> real, that's the responsibility of the sender domain owner, doesn't it?
No, all it says is "we signed this mail." A signer with a good reputation
will presumably rarely sign mail where the From: address actively
misidentifies the sender, but that's a second order effect.
> the end recipient may have a very different view of the reputation of
> the sender than does the list. Or, it may wish to use the message
> content to modify its reputation score for the sender.
Once again, this sounds like a solution searching for a problem. I've
done the occasional bozofiltering in mailing lists, but because the people
were bozos, not spammers.
>> If you want strong sender authentication, we already have S/MIME, and I
>> wouldn't be surprised if there were list software that could use it.
R's,
John
More information about the ietf-dkim
mailing list