DKIM explicitly accounts for Received headers and such. The core of the email message must remain that which the author constructed, but mailing mechanisms can add information.
-- Les Barstow -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Miles Fidelman Sent: Friday, April 11, 2014 3:08 PM To: [email protected] Subject: Re: [dmarc-discuss] Hey, Yahoo, you just broke my church mailing list Les Barstow wrote: > I'm with Al Iverson on this one. Most if not all of the lists to which I > subscribe are discussion lists. I'm used to the (very) old behavior of > discussion lists which automatically set replies to the list, and I dislike > mailing list managers that default my reply to the original poster - it's > supposed to be a discussion. Sure there are other uses for mailing list > software, but in my own list use I'd say 99% or more of my responses are to > the various lists. > > Since I'm late to this conversation, I'll add two cents here on MLM behavior. > If MLM software is altering the contents of a message, then in authentication > terms the original author is no longer the author of the message - the MLM is > responsible for the modified message body (DKIM). In authorization terms, the > MLM system is also the originating mail server (SPF). So from a strict > security perspective, the MLM software IMHO *should* be claiming ownership of > these messages (in a user-visible way, i.e. the From field). Obviously, > convenience and security aren't always the best of friends, but there are > many ways to implement convenience that don't ignore security. There are > fewer ways (read: none) to implement security that accommodate every > implementation of convenience. If we want to secure our email addresses, > we're going to have to work a bit for it. > > Well that's arguable. By that logic, anything that alters a piece of mail becomes it's author - everything along the mail delivery chain alters some part of the message, if only by adding received- headers. It's probably more accurate to say that the MLM is acting as an agent of the author. (Now if you want to really pick nits, think about sending out a meeting invitation through Exchange - there's a meeting "owner" - but other people, with privileges, can update the original invitation - change the time, add a webex, ....) Come to think of it, I wonder how much Yahoo's DMARC policy is impacting calendaring software! Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. .... Yogi Berra _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html) _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
