--On 7 May 2010 13:07:34 -0400 "John R. Levine" <[email protected]> wrote:
>>> I believe it. Are you saying the list managers make no effort to keep >>> the spam out of their lists? >> >> No, but I don't think it's their job. As the site manager, that's my job >> in general. What the list managers can add is access controls, and >> authentication helps to improve the utility of such controls. > > Oh, we agree there, I wasn't distinguishing between the list and site > manager, since at small sites they're often the same person. > >>> contributors, but DKIM doesn't help there since DKIM most definitely >>> never says that the From: address is "real". >> >> "real"? A signature from the sender domain at least says that if it's >> not real, that's the responsibility of the sender domain owner, doesn't >> it? > > No, all it says is "we signed this mail." A signer with a good > reputation will presumably rarely sign mail where the From: address > actively misidentifies the sender, but that's a second order effect. Right, and because the domain owner has signed the email, they can be held responsible for abuse. At least, to a greater extent than when the mail hasn't touched any system that they have any control over. >> the end recipient may have a very different view of the reputation of >> the sender than does the list. Or, it may wish to use the message >> content to modify its reputation score for the sender. > > Once again, this sounds like a solution searching for a problem. I've > done the occasional bozofiltering in mailing lists, but because the > people were bozos, not spammers. The problem is reputation assignment. Different recipients (of mail from the same list) will have different views of the sender's reputation. But, the problem is real, and recognised. Mailing lists break signatures. >>> If you want strong sender authentication, we already have S/MIME, and I >>> wouldn't be surprised if there were list software that could use it. > > R's, > John -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
