[ietf-dkim] draft-ietf-dkim-mailinglists-02 review
steve at wordtothewise.com
Wed Sep 1 13:47:28 PDT 2010
On Sep 1, 2010, at 7:24 AM, Michael Thomas wrote:
>> I'll cheerfully give up references to S/MIME, if other people will
>> give up on telling software developers how to rewrite MLMs to do
>> things they've never done before.
> Frankly, the best possible advice we can give is to tell people to
> sign all their mail, set ADSP to discardable and let mailing list
> mail get to sent to the trash can. If that doesn't get the hidebound
> traditionist over-entitled mailing list developers and operators
> attention, they pretty much deserve dying along with their 1970's
> view of what the internet is.
ADSP is badly flawed, but those flaws don't have much impact in the case of junk mail sent directly from senders to the MXes of consumer ISPs. Junk mail sent to consumers is also the main place where the theoretical benefit of ADSP is likely to be of value (assuming that's still anti-phishing).
If your goal is to have MLM developers rewrite their perfectly working code to work around the fundamental flaws in ADSP - a protocol nobody other than bulk mailers is interested in, and which in any even marginally sane deployment would never interact with mailing lists at all - I think you're going to be disappointed.
If you don't want to be disappointed you'd be better saying something like this ...
1. Don't publish ADSP for domains that are used for sending any mail other than junk mail
2. If you pay attention to ADSP use it to discard mail, not reject it
3. If you run a mailing list, consider refusing submissions from any domain publishing an ADSP record
4. If you run a mailing list, consider DKIM signing the mail you send
... rather than hoping MLM software developers will remove all the features they offer that might break a DKIM signature.
More information about the ietf-dkim