[ietf-dkim] list vs contributor signatures, was Wrong Discussion
John R. Levine
johnl at iecc.com
Mon May 10 08:50:21 PDT 2010
>> No, all it says is "we signed this mail." A signer with a good
>> reputation will presumably rarely sign mail where the From: address
>> actively misidentifies the sender, but that's a second order effect.
> Right, and because the domain owner has signed the email, they can be held
> responsible for abuse. At least, to a greater extent than when the mail
> hasn't touched any system that they have any control over.
It is certainly reasonable to say that the signer has a good reputation,
so we will accept his mail. But that's different from saying that the
signer has a good reputation, so the From: address must be "real".
>> Once again, this sounds like a solution searching for a problem. I've
>> done the occasional bozofiltering in mailing lists, but because the
>> people were bozos, not spammers.
> The problem is reputation assignment. Different recipients (of mail from the
> same list) will have different views of the sender's reputation.
> But, the problem is real, and recognised. Mailing lists break signatures.
It is certainly a fact that mailing lists break signatures. But there are
differences of opinion whether it's a problem. Although I've seen plenty
of assertions that it's a problem, we're a bit thin with real life as
opposed to hypothetical scenarios where the broken signature leads to bad
The only one I've seen so far is the ADSP+list -> lost or rejected mail.
I would say that is misuse of ADSP, not a list problem, since we were
quite aware of it and in Appendix B of RFC 5617 we say not to do that.
More information about the ietf-dkim