--On 24 November 2010 10:42:01 -0500 "John R. Levine" <[email protected]> wrote:
> This really does need to be a FAQ. > >>> DKIM works just dandy, when lists sign their mail like this one does. > >> Unless the intermediary co-operates by re-signing, mailing lists can >> break DKIM signatures. > > Quite true. But broken signatures are only a problem in a mutant version > of DKIM unlike the one specified in RFC 4871, so it's not a problem. That depends on whether a loss of an opportunity is a problem. When you break a signature, the recipient loses the opportunity to apply reputation information to the message, or to use the message to update their reputation database. The sender loses the opportunity to benefit from any reputation that they've built. If breaking one signature isn't a problem *at all*, then perhaps breaking all signatures isn't a problem. By extension, loss of the DKIM project wouldn't be a problem. Of course, I don't believe that. I think DKIM has value, and the better the uptake the higher the value. Broken signatures are equivalent to lower uptake. >> but you do lose the ability to assign signer domain based reputation >> to the message. > > Unless, of course, the list signs like this one does. Yes, I think that "Unless, of course, the list signs" has the same meaning as "Unless the intermediary co-operates by re-signing". So I think we're agreed there. > I don't see any reason to think it's less likely that lists sign than that list > contributors sign. Do you? Concrete numbers would help here. I don't see any reason to think that. However, my inbound mail stream (after filtering) mostly comes from domains that have SPF (about 90% passing), but a bit under half carries a DKIM signature (about 90% intact). So, for me, DKIM is a fallback to look at when an SPF test doesn't pass. > Anecdotes: all the Yahoogroups lists sign. All of my lists sign. > > Regards, > John Levine, [email protected], Primary Perpetrator of "The Internet for > Dummies", > Please consider the environment before reading this e-mail. http://jl.ly -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
