[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Michael Thomas
Even then, the main issue are the potential damages that
are being ignored.
My wife said it best when asked why even the BIG companies like
WALMART, YAHOO, CISCO, AOL.COM, BIGBANK should also
support strong policies:
I can say with little hesitation that Cisco will never
publish the "strong"
policy as envisioned by Mark for our user population. I'd be
interested to hear from Mark whether Yahoo-inc ever would for
their corporate users.
This is an irrational concern. Cisco is not a typical email user, it is not
currently a target of the type of attack that would make one want to publish
strong policy.
A more rational concern would be that you think you will be required to deploy
strong policy and that it will have bad effects.
I don't see this being the case. Five years ago there were people who wrote
mail filters that were insensitive to false positives. That is not a problem
today.
The reason that I expect people to implement reporting, fix the mailing lists
and all the other infrastructure that will eventually make even Cisco want to
publish strong policy is that doing so will help reduce administration costs
and false positives.
I would much rather put up a response server to provide feedback than have
people contact me to tell them I am blocking good mail.
I would much rather authenticate my mail than have it mistaken for spam.
There are four possibilities for a legit mail sent with authentication.
1) Signature Validates:
2) Signature fails to validate because the originator screwed up
3) Signature fails to validate because the sender screwed up
4) Signature fails to validate because of an intermediary acting for the
recipient (mailing list, forwarder, etc.).
The first case is success, the second and third cases are self healling.
Its only the fourth case that leads to an issue and it is easy for Cisco to
fix. They simply issue a separate email address for receiving mail from mailing
lists. Many of them seem to do this already. I note that Michael is one of them.
Worst case is that everyone has to resubscribe to mailing lists that are
habitual manglers of signatures in a way that is incompatible with people's
mail service using a different address that works.
It is not even necessary to have a different domain.
mthomas(_at_)cisco(_dot_)com could become
ietfdkim(_dot_)mthomas(_at_)cisco(_dot_)com
You can even add in a MAC valudation code:
mlc(_dot_)esae378hwdfe(_dot_)883uhe3hh2j(_at_)cisco(_dot_)com
Put a command in the client that automatically performs the mailing list
subscription in the manner I suggested.
This problem is fixable, strong policy is entirely practical.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html