On Sep 9, 2010, at 5:40 PM, Douglas Otis wrote: > On 9/9/10 1:04 PM, McDowell, Brett wrote: >> But, before we dismiss the problem you raised... .gov domains*are* highly >> phished and they share this TLD problem with .edu. That said, how many >> .gov-ers need to (or are allowed to) participate in public mail lists. >> >> Ugh! We simply have to fix the root cause of MLM's breaking DKIM signatures. > Disagree. This would then mean MLM messages become visually similar to > messages from individuals.
I didn't mean to suggest MLM's should stop doing the things they do that breaks DKIM signatures. I'm actually a fan of the A-R header (or perhaps a new one) approach -- used in a clear (profiled?) way -- so MLM's can assert to receivers that they verified the senders signature before processing and re-signing it. > This type of change won't happen overnight, > or perhaps even within the same decade. Many lists don't authenticate > the source of each message being distributed. Until there is universal > adoption of A-R header and DKIM, it remains beneficial for these > messages to be visually different when issued by a mailing-list. Some > MUAs have extensions able to display various header fields, like > List-ID. It would be helpful if MUAs had a display option for this > header field. > > On the other hand, the TPA-Label concept is premised upon third-party > sources being recognized by senders. As the diversity of sources > increase, identifying good rather than bad becomes a more productive > strategy. For this scheme to function, the sender will need to > reference a third-party list that meets their requirements, or generate > their own. > > By placing the DKIM signature within a subdomain, the TPA-Label can also > indicate to recipients how _any_ authorized message with From header > fields containing an address from their domain is to be authenticated. > This scheme should help email transition gracefully to stronger > methods. This scheme should also allow phished domains the ability to > use a single domain for all of their email, including messages from > unmodified mailing-lists, while also offering the strongest protection > available from each source. I reviewed the TPA-lable I-D awhile back but lost track of the URL. Please resend and I'll take another look. But as I recall it just seemed "too hard". > > -Doug > > _______________________________________________ > dkim-ops mailing list > [email protected] > http://mipassoc.org/mailman/listinfo/dkim-ops _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
