[ietf-dkim] On changing From: when sending through lists
dotis at mail-abuse.org
Wed Aug 11 15:54:53 PDT 2010
On 8/11/10 1:49 PM, Charles Lindsey wrote:
> On Wed, 11 Aug 2010 01:09:57 +0100, John Levine <johnl at iecc.com>
> > - Many MUAs collect outgoing addresses into the local address book,
> > so people who really have one address will now appear to have N+1
> > if they subscribe to N lists. Is that a problem? Why or why not?
> > If it's a problem, what should you do about it?
> That is the only point you have raised that might have some merit. It
> does not seem like a showstopper to me, but the possibility ought
> to be documented as part of the proposal. If the percentified address
> in the address book stops working then, according to the answers
> given above, the responder will soon get to know about it, exactly
> the same as when someone currently changes their address and fails to
> notify everyone affected.
Obfuscating who sent a message is not good, especially in light of what
motivated use of ADSP policy that is causing this problem.
Unfortunately, ADSP as currently structured is too restrictive for all
but ~0.0008% of legitimate domains, or even ~0.375% of domains being
heavily phished. ADSP's extremely limited use indicates it is _not_
the mailing-lists that need to change. ADSP policies can be structured
to permit specific third-party service exceptions, which resolves these
problems without changing mailing-list and MUA code that would impact
millions of users.
Finally, modifying From header fields will not offer any reasonable
transitional strategy able to resolve the problems facing ADSP within
any reasonable time frame.
More information about the ietf-dkim