On 3/24/2015 11:23 AM, Anne Bennett wrote: > In most cases it would be inappropriate for mailing lists > to take ownership of the messages. They are merely the > distribution mechanism, and wrecking (IMHO) the From: header > to avoid a verification failure seems the wrong way to go in > the long run, even if it has had to be adopted as a workaround > in the short run.
Formally and practically, they are more than mere re-distributors. A mailing list typically defines a 'community' for discussion. At least some of the modifications it does are to assert that community in some visible ways. Mailing lists therefore have the right to make the changes they make. That said, recipients consider the message to be 'from' and 'by' the original author, not the mailing list. > As for subject tags and list trailers, at least the former is > really helpful to me as a user (sorry, Dave! ;-) ), as it lets Huh? I /like/ Subject tags. They help to distinguish list mail from personal mail. > me know that a given message is in the context of a public or > semi-public discussion. Right. > I'm not against the idea that mailing list software might have to > adapt to the new reality (of the need for protection against > spoofing), even though there will be a lengthy transition period. I think the historical challenge has less been a case of philosophical legitimacy and more of inability to gain active, constructive participation of mailing list software maintainers. > rfc6376 has: > > Note that Verifiers may treat unsigned header fields with > extreme skepticism, including refusing to display them to > the end user or even ignoring the signature if it does not > cover certain header fields. > > Would it be so awful to change that to: > > Note that Verifiers may treat unsigned header fields (or > unsigned parts of header fields) with extreme skepticism, > including refusing to display them to the end user, displaying > them with an indication of unreliabiliy, or even ignoring the > entire signature if it does not cover certain header fields. > > So, risking Dave's wrath once again by discussing possible UI > approaches to verification information, if a header tag format > were specified (for example) to be contained within square > brackets, the UI could display the verified part one way, > and the tagged-and-ignored part another way. This is less a case of wrath -- should I be glad of such de facto and automatic intimidation, even when it doesn't work well enough to squelch others' views I disagree with? Hmmm... -- and more a case of efficacy. To make any assertions about preferred or appropriate UI behavior is to require establishing the basis that the behavior will be useful. The problem here is that the empirical basis for efficacy is lacking. So making a recommendation might serve to make the specification writers feel better, but they won't help fight abuse. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
