[ietf-dkim] Review of: draft-ietf-dkim-mailinglists-06
Ian Eiloart
iane at sussex.ac.uk
Wed Apr 20 01:46:15 PDT 2011
On 19 Apr 2011, at 17:40, John R. Levine wrote:
>>>>
>>>> arrives via a list to a verifier that applies ADSP checks which fail,
>>>> the message SHOULD either be discarded (i.e. accept the message at
>>>> the [SMTP] level but discard it without delivery) or rejected by
>>>
>>> {{ Is this describing anything different than would/should take place for mail
>>> that did NOT go througha list? The text seems to be describing a special case
>>> but in fact it isn't. It's just an ADSP failure. }}
>
> The alternative suggestion is that if it has a sufficiently credible
> signature, accept it and forget about ADSP. See above-mentioned swamp.
I guess you'd want to see evidence (signed by the credible MLM) that the message had arrived at the list with a good signature.
So, if the list gets a message from an ADSP protected author, the list should add a header with information to that affect, and then sign that header. If the recipient trusts the list, then it should examine that header to check that the original message was compliant. If not, then it should discard the message.
--
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148
More information about the ietf-dkim
mailing list