On 4/22/2010 9:34 PM, John Levine wrote: > For anyone who's working on the list management BCP: > > I sign all my outgoing mail, and I have a feedback loop set up with > Yahoo, which being very modern and advanced keys on signatures, not IP > addresses. A few days ago I sent some messages to one of the Freebsd > mailing lists. Today some Yahoo user who subscribes to that list hit > the spam button. Freebsd's list software (Mailman, I think) doesn't > sign, and doesn't strip any headers. So what happened? Yahoo saw my > signature and sent the reports to me, which was of course useless > since I don't run the list. > > This is not a hypothetical problem--all of my recent Yahoo FBL reports
If I understand correctly, you established a private arrangement with Yahoo. Yahoo chooses to create a unique interpretation for the presence of a DKIM signature, which treats it as an override to the MailFrom. And from this, you are asserting a new, general rule about DKIM handling? Better still... On 4/23/2010 6:38 AM, John R. Levine wrote: >> Would this still be an issue if the lists were signing the outbound mail? >> You'd hope that Yahoo would then send the feedback reports to the list >> owner. > > Probably not. It depends if the list owner has an FBL of their own, which > small senders generally don't. You are extrapolating without any data. The problem here is that Yahoo has added some deep semantics to a DKIM signature and probably has not even documented or discussed it properly. Is there some reason not to first discuss this with Yahoo? d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
