It appears that Bron Gondwana <[email protected]> said: >> There are going to be lots of devices like webcams, IoT devices etc >> sending emails for alerts etc which suddenly can't send emails anymore >> to DKIM2 users. > >They should either be sending over RFC6409 submission rather than port 25, or >else coming from a trusted IP range to a mail >relay which supports DKIM2 and puts its own n=1 signature on the message with >a signed MAIL-FROM on its own domain.
I don't expect MUAs like Outlook or Thunderbird (or for us old guys Alpine) to support DKIM2 either, for ths same reason. They submit new mail to their MSA and it takes care of DKIM2 signing. You know, just like it takes care of DKIM signing now. >But yes, the mailing list server will have to do significantly more signature >generation. Depends what mailing list server. List operators like groups.io already generate a separate version of each message for each recipient, and sign each one. I expect that if hashing performance is an issue, we can figure out tricks like noting that the per-user customization is at the end, remembering the hash at the end of the common part, and just updating each hash for the separate part. On the other hand, the server that runs my mailing lists has 12 cpus of which perhaps 2 are typically busy so I don't expect to do anything clever unless I see actual performance problems. >Your strawman here is very un-interesting to me. What is interesting is >knowing that the IETF list added that content, not the >original sender; so Gmail (or whoever) can decide if the IETF servers are the >source of content which their users don't like in >aggregate, or if I (the original sender) am the source of content which their >users don't like in aggregate. As I've mentioned umpteen times before, some large mail systems have told me that the reason they don't just accept all the mail from know mailing lists is that the lists do poor filtering and sometimes let through blasts of spam. ARC was supposed to let them look back and see if if the original message was DMARC unaligned or otherwise spammy, but didn't provide enough info. I believe the DKIM2 will provide enough info between the chained signatures and the ability to unwind to the original message if necessary. R's, John _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
