On May 22, 2009, at 11:39 AM, J.D. Falk wrote: > love it when FUD is so easily overridden by operational reality.
Not all recipients will have use of the latest version of Sendmail. The concern regarding the l= parameter is not limited to mailing list, as John suggests. Providers insert ads into the messages. Who is user be required to trust, and how will they know who generated the link? It is not uncommon to find providers, in pursuit of revenue, post ads referencing websites that become compromised due to lax security and end up containing IFRAMEs that load malware. It would not be good to name names, but this is not uncommon. Once followed, the recipient's system is compromised without any intervention or outward indication. Often a user never knows their system was compromised. The number of compromised systems and web servers is shockingly high. This is not FUD, this is fact. Knowing the origination of EVERY link is critically important. By having the l= parameter available, senders wishing to retain trust can differentiate their message from that of a recipient's provider. The l= parameter can mitigate the bad practices of some providers, and ensure the DKIM signature remains reliable and trustworthy. This concern needs to be viewed from more than just an email provider's perspective. Why are providers bent on preventing recipients from knowing _who_ is responsible for message content? While a recipient may trust their financial institution, they may be less inclined to trust a provider whose main revenue might be based upon ad revenue from who knows who. Taking away the l= parameter significantly limits the protections DKIM is able to offer. Once again, this concern is NOT about messages from mailing lists! This is about ensuring recipients remain informed about the origination of messages where they might be told that it came from someone else. That is simply wrong! -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
