[ietf-dkim] Lists "BCP" draft available

Brett McDowell brett.mcdowell at me.com
Tue May 25 09:30:45 PDT 2010 

On May 24, 2010, at 9:08 AM, John R. Levine wrote:

>> I guess the list should be rejecting his email! Then, perhaps, his 
>> organisation would get around to deploying a non-discardable domain.
> 
> I've suggested it.  They know they have a problem, but they won't yet say 
> what they're going to do about it.
> 

I'll be happy to report on our decision once we've implemented it.  FWIW, I agree with the recommendations made on this list, at least in the short-term.  

Step one: was to start using anything that wasn't under an ADSP=discardable assertion (so here I am using a me.com account).  

Step two: is to do something along the lines of what's been recommended here (a non-discardable domain).  

Step three: fix the status quo for *participating* MLM's by offering up a new technical solution that enables MLM's to assert that they've validated the original sender's signature.  

> As you may recall, they suggested that lists sign an A-R header and all 
> recipient systems track what lists they're subscribed to and do 
> complicated processing to see whether list mail was signed when it showed 
> up at the list.  

That is a mischaracterization of what I proposed.  What I actually proposed was:

> On Apr 26, 2010, at 1:19 PM, McDowell, Brett wrote:
> 
>> On Apr 26, 2010, at 10:05 AM, MH Michael Hammer (5304) wrote:
>> 
>>> I think we are having the wrong discussion. The real question is:
>>> 
>>> "What are appropriate practices for mailing lists in handling DKIM
>>> signed mail?"
>> 
>> Agreed.
>> 
>> From my perspective, I'd like to enable (not mandate or expect universal compliance with) the deployment scenario where the sender's DKIM signature is either maintained without adulteration or "proxied" by the list so the transient trust can be carried through the mailing list intermediary to the destination (per Murray's note which I'm also going to respond to).  That's my use case.  By sharing this use case I'm not trying to deprecate or undermine John Levine's original use case.  But there is a diversity of valid/appropriate behavior by mailing lists vis-a-vis DKIM that we need to consider (which is why I'm so pleased to see Mike H. take our discussion in this direction).
>> 
>> -- Brett

More information about the ietf-dkim mailing list