Ian Eiloart wrote: > --On 12 October 2009 10:04:17 -0400 Wietse Venema <[email protected]> > wrote: > > >> Michael Deutschmann: >> >>> If this is indeed the official semantics of the protocol, then I would >>> petition to add a "dkim=except-mlist" policy. Which means "I sign >>> everything that leaves my bailiwick, but may post to signature-breaking >>> MLs." >>> >> Are you going to announce all your users mailing list subscriptions >> in the policy record? If you do, that could be a privacy problem. >> >> If you don't, then the spammer can add any mailing list header to >> the message, and they can drive their truck through this hole. >> >> Wietse >> > > Surely that's OK, if that's the policy. The point is that the recipient > must assign reputation to the list, not the original sender. If the list > proves trustworthy (presumably it applies its own DKIM sig, or has an SPF > pass, and also has a good reputation with the recipient), then the > recipient might go on to assess the reputation of the author - on the basis > that a trusted list is likely to be making a DKIM assessment of inbound > mail. >
Agreed, but the fact that it's a mailing list that is doing this isn't significant. It could be any intermediary that is willing to take responsibility for the message by signing it. Their reputation now becomes a factor in the disposition of the message. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
