[ietf-dkim] Lists "BCP" draft available
Douglas Otis
dotis at mail-abuse.org
Mon May 10 17:39:16 PDT 2010
On 5/10/10 4:55 PM, Murray S. Kucherawy wrote:
> An MLM "supports DKIM" (or "is DKIM-friendly", to use some earlier language) if it either (a) doesn't do any message modification that would generally invalidate an author signature, or (b) re-signs mail upon re-posting it, or (c) both (a) and (b).
>
This draft has not offered a reasonable solution for ADSP policy
assertions of From email addresses having valid Author Domain Signatures.
It is unreasonable to:
A) assume ADSP policies will be applied by mailing lists. (Most don't.)
B) assume mailing lists will not damage DKIM signatures. (Most do.)
Section 4.1 third paragraph states:
,--
If this is cause for concern, the originating site can consider using
a sub-domain for the "personal" mail that is different from domain(s)
used for other mail streams, so that they develop independent
reputations, and more stringent policies (including ADSP) can be
applied to the mail stream(s) that do not go through mailing lists.
'--
The protective goal underlying restrictive ADSP policies in blocking
potentially deceptive messages is not provided by this strategy. Use of
alternative domains represents a very bad practice as this leaves
recipients even more vulnerable to look-alike ploys once the practice
becomes common. No benefit is derived by not pursing a better
solution. In fact, greater harm seems likely.
-Doug
More information about the ietf-dkim
mailing list