On 9/1/10 2:49 PM, Murray S. Kucherawy wrote: > > On Wednesday, September 01, 2010 1:47 PM, Steve Atkins wrote: > > > > If your goal is to have MLM developers rewrite their perfectly > > working code to work around the fundamental flaws in ADSP - a > > protocol nobody other than bulk mailers is interested in, and which > > in any even marginally sane deployment would never interact with > > mailing lists at all - I think you're going to be disappointed. > > Setting aside ADSP for a second, I think there are still some people > that would like to see MLMs preserve author signatures for the > purposes of reputation evaluation.
Because DKIM does not affirm either the destination or return path of a message, it would offer an extremely vulnerable basis for establishing reputations based upon receipt of unsolicited messages. It would be far better to develop cryptographic methods to authenticate SMTP clients instead. This would then mean MLM developers do not need to change any of their code. The need for a cryptographic SMTP client authentication mechanism will quickly become more apparent as more email is exchanged over IPv6 networks. > > ... rather than hoping MLM software developers will remove all the > > features they offer that might break a DKIM signature. > > Maybe we should let the MLM developers, some of whom are here (or > were, maybe they've been scared off) comment? Such a change would be a move in the wrong direction. It would make messages distributed by mailing lists visually identical to those from individuals, where they become more dangerous from a phishing perspective. Avoiding false positive phishing detection was a reason for DKIM, and anti-phishing was the reason for ADSP, after all. Few see the DKIM signature, know what portion of the message body was signed, or whether the From domain is accurate. The from header is normally not assured when distributed through a mailing list. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
