--On 28 April 2010 11:02:53 -0400 "MH Michael Hammer (5304)" <[email protected]> wrote:
> > A few thoughts to fuel the discussion: > > 1) It may be that the BCP document would appropriately have a section > for end users of mail lists. One possible recommendation is that for > domains which have strong security concerns, they may want to have a > policy against posting to lists using the domain in question. (I'm > throwing this out as a straw man). Yep, I'd suggest sections for MLM site owners, MLM list managers (who may not have access to MTA configuration), list mail posters, and list mail recipients. > > 2) One possible recommendation to list managers is that if a message to > the list is DKIM signed AND has an ADSP discardable policy AND the > signature cannot be maintained intact then the list should bounce the > message. +1 > 3) Is there a way for us (perhaps in a future version) to provide for > some sort of "encapsulation" that will allow the original > signature/message to be maintained even as the list does certain (as yet > unspecified) actions which might currently break the signature? Just > blue skying here. I guess you could attach the entire original message to the message that you're generating. In fact, the list could just send a message saying "This was posted to the list", preserving the subject line, I guess. I don't know how that would look in various mail clients.... > 4) I recognize the chorus which says "mail lists have always done things > a certain way and who are you to tell us how or what we have to do". > Having given that recognition, in creating an authentication model it > seems self defeating not to provide mechanisms for the authentication to > survive things like maillists (for those maillists/software providers > willing to adopt whatever we come up with). Those lists which have > always done thigns a certain way and wish to continue could do so - no > harm no foul. > > Mike > > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
