--On 13 October 2009 00:49:05 -0400 hector <[email protected]>
wrote:
> John Levine wrote:
>
>> [ this is well trodden ground, so I will try and keep this short ]
>>
>>> Agreed, but the fact that it's a mailing list that is doing this
>>> isn't significant. It could be any intermediary that is willing to
>>> take responsibility for the message by signing it. Their reputation
>>> now becomes a factor in the disposition of the message.
>>
>> Right. As JD and others have often pointed out, mailing lists should
>> sign their mail like anyone else, and recipients handle it based on
>> the list's reputation. If we're going to encourage list operators to
>> change their software to deal with DKIM, sensible changes would help
>> them be sure that unwanted mail doesn't leak onto the list, perhaps
>> using DKIM and ancillary reputation systems. That will help all
>> subscribers getting mail from the list, whether they use DKIM or not.
>
>
> So what you are saying is that LIST SERVER developers SHOULD NOT add
> ADSP features to restrict signing of ADSP domain nor bother to see if
> it should allow these restrictive domains to subscribe?
They should add features. But "DISCARDABLE" ('discard' isn't a value, and
'discardable' doesn't mean 'discard'), should not be treated the same as
"ALL". It's reasonable for a list to rejected mail that it is about to
render discardable, but there's no reason to reject mail with "ALL".
Remember RFC5617 says " 3.2 ... o If a message has a Valid Signature other
than an Author Domain
Signature, the receiver can use both the Signature and the ADSP
result in its evaluation of the message."
> List name: ieft-dkim
>
> DKIM/ADSP Options:
>
> [_] Do not allow subscription from ADSP domains
> [_] Do not accept domains with DISCARD, ALL policies
>
> [X] Sign list mail:
>
> [X] Remove any old signatures
>
> Signing Selector: k00001
> Signing domain : mipassog.org [ GENERATE KEY ]
>
> [X] Checking Reputation Services
>
> [ CLICK TO SEE REPUTATION SERVICE LIST ] None-Defined
>
>
>> A few milliseconds of thought should reveal that a scheme that allowed
>> a list to assert that incoming mail was signed would instantly be
>> abused by spammers who would start sending from "lists" that claimed
>> to be passing through signed mail from domains with good reputations.
>
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
