On 4/30/10 6:45 PM, John R. Levine wrote: >> I don't think that's what I'm saying. Currently lists don't do much to >> authenticate senders. I don't think it's implausible that a recipient might >> have stricter rules than a list manager. It might be unusual, I suppose. >> > I agree it's hypothetically possible, but have you ever seen an actual > need for this in practice, a list where the recipients filter out messages > that a more competently managed list would have rejected? > John,
Efforts at protecting recipients with ADSP "all" or "discard-able" conflict with the message handling of properly run mailing-lists. Mailing-list handling does not need to change, even those that remove DKIM signatures. With minor efforts, a transitional strategy that introduces sender authorization offers exceptions needed for "all" and "discard-able" conflicts. The enhanced protection these policies afford is critical for financial institutions, whether for corporate or transactions messages. Better source authentication is also increasingly needed to thwart a growing number of social engineering ploys, and to properly identify compromised accounts. When mailing-lists include A-R headers, these can be audited by the sender. The sender's authorization then enables them to protect their authentication from otherwise trivial spoofing and to guard against message loss. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
