[ietf-dkim] Lists "BCP" draft available
John R. Levine
johnl at iecc.com
Mon May 17 23:18:55 PDT 2010
> Lists never have had DKIM to deal with, so they've never had the option to
> make any such promise. The signature lends the MLM's credibility to the
> message, which in turn could hurt the MLM's credibility if it turns out to be
> signing garbage. How else would a reputation for signers work?
Once again we return to this strange assumption that list managers will
supinely allow garbage to flow through their lists, yet go to great effort
to apply clever signature hacks so their recipients can recognize that
same garbage. The lists I've been using for the past 35 years have used a
variety of techniques, some automated and some manual, to manage the stuff
that gets onto the list and keep the garbage out in the first place.
Does anyone expect that to change? Why wouldn't a list just do whatever
it does to manage its traffic, and then sign all its outgoing mail, so you
can recognize mail from the list? It might well add DKIM to the
repertoire of techniques used to filter the incoming mail, but that's no
more evident (mechanically at least) to the recipients than any of the
filtering techniques they use now. And if a list does lousy message
management and does leak garbage, wouldn't you want the list and its
signature to have a poor reputation?
> The MLM wants to signal to the recipient the veracity of the origin.
Nothing personal, but there is not a shred of evidence that any list has
any such intention. If it were important for lists to verify that the
contributor's address were "real", they would be verifying and applying
S/MIME signatures. The fact that there's no A-R like thing to tell
whether an S/MIME signature used to verify suggests that it's not
something anyone's wanted to know. I want to know whether an incoming
message is from a list to which I subscribe. But I don't try to second
guess the way the list owners manage the lists now, and I see no reason
why DKIM would change that.
More information about the ietf-dkim