On Tue, Feb 4, 2025 at 3:22 PM Michael Thomas <[email protected]> wrote:
> Wei -- I have much the same questions as Dave. The current situation is > that if a mailing list resigns a message, it can take ownership of the > message and the receiver can take into account the mailing list's > reputation (if any) in addition to whatever spam filtering it does. If it > doesn't resign, it just looks like an ordinary unsigned message which is > treated as such. > I think this presupposes that all operators (a) guarantee a clean mail stream when the signature validates, and (b) have the capacity to develop and track reputations for domains. My impression going all the way back is that we can't reasonably expect (a) for very large operators, and it's not fair to expect (b) from all operators, especially the small ones. > Is the implication that, say, a resigned message from a mailing list might > end up either rejected or in a spam folder where it otherwise wouldn't be > if the original signature survived? How common is that? Mailing lists are > fairly much on the margins of volume as far as I've ever heard. I think > that IETF magnifies their importance since everything depends on them, but > in the wider world are not as important as they used to be. FWIW, I don't > think I've ever seen any of the mailing lists I've been on ended up in my > spam folder, but that just anecdotal. > There's a certain faction of the DMARC part of the world that thinks this whole ship has sailed, that lists have figured out how to deal with breaking signatures. And you're right, the IETF might think this is way more serious than it is because it's the primary mechanism by which it conducts the bulk of its business. I'm not really sure how to tease that out. -MSK
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
