On 9/9/10 1:04 PM, McDowell, Brett wrote: > But, before we dismiss the problem you raised... .gov domains*are* highly > phished and they share this TLD problem with .edu. That said, how many > .gov-ers need to (or are allowed to) participate in public mail lists. > > Ugh! We simply have to fix the root cause of MLM's breaking DKIM signatures. Disagree. This would then mean MLM messages become visually similar to messages from individuals. This type of change won't happen overnight, or perhaps even within the same decade. Many lists don't authenticate the source of each message being distributed. Until there is universal adoption of A-R header and DKIM, it remains beneficial for these messages to be visually different when issued by a mailing-list. Some MUAs have extensions able to display various header fields, like List-ID. It would be helpful if MUAs had a display option for this header field.
On the other hand, the TPA-Label concept is premised upon third-party sources being recognized by senders. As the diversity of sources increase, identifying good rather than bad becomes a more productive strategy. For this scheme to function, the sender will need to reference a third-party list that meets their requirements, or generate their own. By placing the DKIM signature within a subdomain, the TPA-Label can also indicate to recipients how _any_ authorized message with From header fields containing an address from their domain is to be authenticated. This scheme should help email transition gracefully to stronger methods. This scheme should also allow phished domains the ability to use a single domain for all of their email, including messages from unmodified mailing-lists, while also offering the strongest protection available from each source. -Doug _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
