On 5/18/10 10:16 AM, John R. Levine wrote: >> It'll be the one that's not broken, I presume. If there's more than one >> unbroken signature, I guess the signing domain might want to match the >> list-id header. >> > Why is it important to match signatures? If there's a valid signature > with a good rep, deliver the mail. If the mail turns out to be nasty, > decrease the rep of all of the valid signatures. Why make this more > complicated than it needs to be? > Signed messages might be replayed in a spam campaign. Many copies of a signature's hash would be normal for mailing lists.
When a mailing-list signature provides greater acceptance, wouldn't this lead to mailing lists being exploited? How should new signatures be handled? If your wish for ADSP "except-mlist" is granted, how would a domain's recipients protect themselves exploits or spoofs of mailing lists? Perhaps there should also be "except-signed-mlist"? Wouldn't a non-specific mailing list exception lead to mailing list being targeted? Why can't "all" represent "reject" as you described? Is your concern that "all" creates an obligation for mailing list to either reject or bounce messages lacking valid Author Domain signatures? How many MTAs check DKIM signatures during the SMTP session? How many invalid signatures would normally seen by mailing-lists? -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
