Dave Crocker wrote:
With DKIM, they will be in "violation" of an Internet standard insofar
as they corrupt a legitimately signed piece of email, and preserve the
From: address. To a receiver, there is absolutely no difference
between that case and the case that we'd like to guard against,
namely spoofing of From: addresses.
Oh. Really?
Yes, really. It is explicitly part of SSP and the From: binding.
Where is the standard that says that a mailing is is required to
preserve specific pieces of information from a message posted to it?
Folks keep forgetting that a mailing list agent is a user agent. User
agents can do whatever they want, absent formal specifications to the
contrary.
And user agents can also spoof From: addresses in hopes of
getting Big Bux(tm) from unwary receivers. What's your point?
We're trying to limit that degree of freedom by introducing
cross domain authentication to the mix. Mailing lists are
caught in the middle of this because they look for intents
and purposes the same as the bad actors we'd like to put
into a smaller box.
The fact that some things they find useful might have an impact on
DKIM's ability to be forwarded is unfortunate, but is a long way from
illegal.
"Illegal" is a loaded term. They might break DKIM signatures.
Receivers may take different action based upon that broken/
missing signature, regardless of how nobel and wonderful the
intent was in changing the message while preserving the
originating From: address. To the receiver, it all looks
the same as some random spoofer.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html