On 31 Mar 2011, John Levine wrote:
Quite right. It would be helpful to me if people could explain what
problem they're trying to solve when they bring up mailing lists yet
again. "Some lists break submitters' signatures" is a fact, not a
problem. "I am trying to do X with my list mail, but I can't so I
have to do Y instead" would be a problem.
Isn't it obvious?
We'd like to be able to deploy DKIM, coupled with some ADSP-like protocol
(The real ADSP is hopelessly inadequate) in order to block all forgeries at
the MX. *All* forgeries, not just phish. And I emphasize this should be
automatic -- suspect messages should be rejected, not merely highlighted so
the user can decide whether the signature breakage was innocent.
But the fact that most actual users post to mailing lists and obviously do
not want those posts blocked, coupled with the fact that the mailing lists
break signatures, means that the obvious implementation would have an
unacceptable false positive rate.
So we need to make a hole -- hopefully as small as possible -- in our
ADSP-like protocol so that mailing list traffic can get through.
Otherwise no one will deploy it in a useful way.
---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
NOTE WELL: This list operates according to