Comments in-line at the risk of this getting overly long....
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of John R. Levine
Sent: Monday, May 10, 2010 3:44 PM
Cc: DKIM List
Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong
On 5/7/2010 10:07 AM, John R. Levine wrote:
No, all it says is "we signed this mail." A signer with a good
will presumably rarely sign mail where the From: address actively
misidentifies the sender, but that's a second order effect.
"misidentifies" covers quite a lot.
I used it to mean that the From: address doesn't have a reasonable
connection to any of the persons or entities that composed the
for some reasonable definition of reasonable.
That would be acceptable if you could avoid the use of the word
reasonable 3 times in a one sentence explanation of your intent.
If I send mail from bbiw.net (well, actually, sbh17.songbird.com is
standard MSA) but label the From: field as being gmail.com, that's
to classify as "misidentifying" the From: address, since songbird
to do with gmail.
No, that's not misidentification. It may be something else, but we
more precise terminology, preferably that avoids loaded terms like
We have been saying we need more precise terminology for years.....
Operator-based signing is typically meaning that the message was
authorized user. There's absolutely no implication that the
or enforced the contents of the From: field.
That entirely depends on what you know about the signer. Two of the
largest signers, Google and Yahoo, mechanically check that the user
receives mail at the From: address. One of the smallest, me, knows
users well enough to be confident that they won't do hostile address
fakery even though I don't enforce anything mechanically beyond adding
trace headers. I have other opinions about other signers.
Opinions of signers? This takes us dangerously into reputation territory
I'm realizing that a basic problem we have with explaining DKIM is
makes semantic rather than operational assertions about messages.
are nerds, many of us deeply want to assign operational definitions,
"the people who know the passwords to the MTA that emitted this mail
know the passwords to the DNS server for the domain in the From:
but they don't work, particularly for list mail in which the only
operational definition of a good list is one where the recipients like
what it sends.
The me part of we has looked deep into myself and found no such feelings
hiding in any nook or cranny.
So here's a scenario. Let's say I run a political satire mailing
which members contribute wacky messages pretending to be from famous
people like billg(_at_)microsoft(_dot_)com or
sarko(_at_)elysee(_dot_)fr(_dot_) I use some
not visible in the outgoing mail to ensure that the contributions are
list members (perhaps a password that's stripped out.) Of course the
puts a shiny new DKIM signature on all its mail. The list is triple
opt-in with a cherry on top, and the subscribers await each list
all agog. Filter that.
Well, if one or more of your subscribers was at a domain that checks to
see if mail purporting to be from it actually came from one of it's
servers AND that domain was one of the spoofed emails ..... why yesiree
Bob, it would get filtered... but not on the basis of DKIM. I just love
If a DKIM signed message from the Moon to Jupiter is transported using
NOTE WELL: This list operates according to