On Mon, 12 Oct 2009, Wietse Venema wrote: > Michael Deutschmann: > > If this is indeed the official semantics of the protocol, then I would > > petition to add a "dkim=except-mlist" policy. Which means "I sign > > everything that leaves my bailiwick, but may post to signature-breaking > > MLs." > > Are you going to announce all your users mailing list subscriptions > in the policy record? If you do, that could be a privacy problem. > > If you don't, then the spammer can add any mailing list header to > the message, and they can drive their truck through this hole.
The only other option for a sender domain with any subscribers to signature-breaking mailing lists, is dkim=unknown. Which is just as big a hole. At least with dkim=except-mlist, the recipient can narrow the loophole to cover only those mailing lists he is actually subscribed to. If those mailing lists use SPF, the spammer can't get in even if he knows which ones to forge. ---- Michael Deutschmann <[email protected]> _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
