On Tue 06/May/2014 19:12:38 +0200 John Levine wrote:
Anything that says "I'm a mailing list" is only useful with some
sort of external validation that it really is a list.
Please note that "really is a list" actually means "/good/ list". An
unmoderated, unfiltered list, with no posting restrictions and
dubious subscription practices would technically still be a list, but
nobody would whitelist it --nor subscribe to it.
If you have to do that anyway, you might as well use the list's
DKIM signature as the key which doesn't involve inventing any new
mechanism.
A useful mechanism tells domain admins which users post to which
lists. Domain admins can consider those posts as endorsements from
their users.
I think it's also pretty clear that any scheme that depends on the
DKIM signatures of incoming messages transiting mailing list software
won't work, either.
As that is being told by the author of "A DKIM Profile to Enable
Message Forwarding", I guess I should believe it. However, it is not
clear why. Paul asked for Message-ID: to be signed too.[1] I
suggested that each ML defines an h= header field list that authors'
domains can reliably sign.[2]
You mentioned even From: cannot be reliably signed because MLMs need
to "standardize" its syntax.[3] It seems to me that eliminating some
of such gratuitous changes is the solution to DMARC-for-MLs which
minimizes the alterations in MLM software. Are you sure it won't
work?
Ale
[1] http://www.ietf.org/mail-archive/web/ietf-822/current/msg06856.html
[2] http://www.ietf.org/mail-archive/web/ietf-822/current/msg06715.html
[3] http://www.ietf.org/mail-archive/web/ietf-822/current/msg06821.html
_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822