ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Re: DKIM and mailing lists

2006-01-23 14:16:35
from [Douglas Otis] [Permanent Link] 

On Jan 23, 2006, at 12:14 PM, Miles libbey wrote:
This is very interesting. For our antispam system I'd like to be able to distinguish between mailing list traffic and person to person traffic, since they largely have very different characteristics.
It is possible direct person to person traffic and list-server traffic use the same signing domain. The proposal for the 'w=?' parameter is to identity three roles. The MSA, mediator, and MDA. The MDA is intended to provide a non-deliverable signature, used in much the same way as a non-routable IP address for local networks. When the signature includes a meditator designation, rules regarding the use of headers can be so tailored.
In this sense, to me, 'do the right thing' would be to re-sign the message -- we've been able to use Yahoo! Groups (re)signing as a feature.
Agreed, but the domain itself may not be a clear indication that the role of the MTA is a mediator and there are more mediators than just list-servers. This would be more important when DKIM is attempting to identify the source of originating email (MSA), and ensure it is not confused with mediators such as list-servers, where it could be seen otherwise as a spoof attempt.
I'm sure that others could easily argue that doing the right thing is to leave the message in a way that encourage the final receiving system to check the initial signature, so they could apply rules based on the original author.
The concern there would be whether an anti-replay strategy develops that attempts to hold the receiving domain accountable for replay. I can not imagine how one could use DKIM to safely hold the email- address accountable. The replay abuse could just as easily occur from the recipient. As a general rule, accountability should be focused on the domain as a practical and manageable level of resolution. There is virtually zero cost associated with adding additional email-addresses, so what would a email-address reputation be worth? 

-Doug

_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] How mailing lists mutate messages, Hector Santos
Next by Date:  Re: Attempted summary (was: Re: [ietf-dkim] DKIM and mailing lists), Jim Fenton
Previous by Thread:  Re: [ietf-dkim] Re: DKIM and mailing lists, Dave Crocker
Next by Thread:  [ietf-dkim] Re: DKIM and mailing lists, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]