Ian Eiloart wrote:
--On 12 October 2009 10:04:17 -0400 Wietse Venema
<wietse(_at_)porcupine(_dot_)org>
wrote:
Michael Deutschmann:
If this is indeed the official semantics of the protocol, then I would
petition to add a "dkim=except-mlist" policy. Which means "I sign
everything that leaves my bailiwick, but may post to signature-breaking
MLs."
Are you going to announce all your users mailing list subscriptions
in the policy record? If you do, that could be a privacy problem.
If you don't, then the spammer can add any mailing list header to
the message, and they can drive their truck through this hole.
Wietse
Surely that's OK, if that's the policy. The point is that the recipient
must assign reputation to the list, not the original sender. If the list
proves trustworthy (presumably it applies its own DKIM sig, or has an SPF
pass, and also has a good reputation with the recipient), then the
recipient might go on to assess the reputation of the author - on the basis
that a trusted list is likely to be making a DKIM assessment of inbound
mail.
Agreed, but the fact that it's a mailing list that is doing this isn't
significant. It could be any intermediary that is willing to take
responsibility for the message by signing it. Their reputation now
becomes a factor in the disposition of the message.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html