[ietf-dkim] list vs contributor signatures, was Wrong Discussion
Rolf E. Sonneveld
R.E.Sonneveld at sonnection.nl
Mon May 10 11:13:04 PDT 2010
John R. Levine wrote:
>>> No, all it says is "we signed this mail." A signer with a good
>>> reputation will presumably rarely sign mail where the From: address
>>> actively misidentifies the sender, but that's a second order effect.
>> Right, and because the domain owner has signed the email, they can be held
>> responsible for abuse. At least, to a greater extent than when the mail
>> hasn't touched any system that they have any control over.
> It is certainly reasonable to say that the signer has a good reputation,
> so we will accept his mail. But that's different from saying that the
> signer has a good reputation, so the From: address must be "real".
>>> Once again, this sounds like a solution searching for a problem. I've
>>> done the occasional bozofiltering in mailing lists, but because the
>>> people were bozos, not spammers.
>> The problem is reputation assignment. Different recipients (of mail from the
>> same list) will have different views of the sender's reputation.
>> But, the problem is real, and recognised. Mailing lists break signatures.
> It is certainly a fact that mailing lists break signatures. But there are
> differences of opinion whether it's a problem. Although I've seen plenty
> of assertions that it's a problem, we're a bit thin with real life as
> opposed to hypothetical scenarios where the broken signature leads to bad
Apart from ADSP rules, a broken signature must be treated as if there
was no signature at all. That in itself is not the problem. The problem
with broken signatures is that people will not buy into a technology
(DKIM) if it will not cover a significant part of their e-mail. If the
problem of MLM's breaking signatures can be eliminated, can be solved or
(more likely) can be made smaller than it is now, this may lead to more
willingness to adopt DKIM as basis for further steps (like reputation
services). And the more DKIM is adopted and deployed, the more useful it
becomes as basis for further developments.
More information about the ietf-dkim