[ietf-dkim] Lists "BCP" draft available
Douglas Otis
dotis at mail-abuse.org
Tue May 18 11:12:00 PDT 2010
On 5/18/10 10:16 AM, John R. Levine wrote:
>> It'll be the one that's not broken, I presume. If there's more than one
>> unbroken signature, I guess the signing domain might want to match the
>> list-id header.
>>
> Why is it important to match signatures? If there's a valid signature
> with a good rep, deliver the mail. If the mail turns out to be nasty,
> decrease the rep of all of the valid signatures. Why make this more
> complicated than it needs to be?
>
Signed messages might be replayed in a spam campaign. Many copies of a
signature's hash would be normal for mailing lists.
When a mailing-list signature provides greater acceptance, wouldn't this
lead to mailing lists being exploited?
How should new signatures be handled?
If your wish for ADSP "except-mlist" is granted, how would a domain's
recipients protect themselves exploits or spoofs of mailing lists?
Perhaps there should also be "except-signed-mlist"?
Wouldn't a non-specific mailing list exception lead to mailing list
being targeted?
Why can't "all" represent "reject" as you described? Is your concern
that "all" creates an obligation for mailing list to either reject or
bounce messages lacking valid Author Domain signatures? How many MTAs
check DKIM signatures during the SMTP session? How many invalid
signatures would normally seen by mailing-lists?
-Doug
More information about the ietf-dkim
mailing list