On 10/12/09 7:04 AM, Wietse Venema wrote:
Michael Deutschmann:
If this is indeed the official semantics of the protocol, then I would
petition to add a "dkim=except-mlist" policy. Which means "I sign
everything that leaves my bailiwick, but may post to signature-breaking
MLs."
Are you going to announce all your users mailing list subscriptions
in the policy record? If you do, that could be a privacy problem.
When a domain of a mailing list is publicly known, often so are the
lists themselves. The tpa-label approach will not indicate which
specific list is used, only that a domain is authorized to act on behalf
of the Author Domain. When some non-public domain is being used by a
mailing list, then the tpa-label itself would not be immediately apparent.
If you don't, then the spammer can add any mailing list header to
the message, and they can drive their truck through this hole.
Agreed. Which is why it makes sense to have Author Domains indicate to
their recipients the specific domains being used to originate messages
carrying their Author Domain. Perhaps it might become common to have an
Intra-net web page where users request specific mailing-lists to be
included in the auto-generated tpa-label list.
Part of the concepts behind the tpa-label approach was to provide a
means to authorize sources for the domain's messages by-name as a means
to help limit the sources that might generate abuse feedback reports.
Rather than checking with some reputation service, what better source
would there be than checking with Author Domain themselves?
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html