--On 18 October 2009 20:55:38 -0400 Barry Leiba
<barryleiba(_dot_)mailing(_dot_)lists(_at_)gmail(_dot_)com> wrote:
That seems sensible to me. So lists should not forward email that
they're about to render 'discardable' by breaking the signature.
Instead, they should reject (5xx) or bounce (DSN) the message.
Presumably, a bank wants to know if it has a bad email address for a
customer.
Yep.
Of course, if you
aren't going to break the signature, or are rewriting the From: address,
then it's OK to forward the email.
Probably.
Hm.
It's been suggested (often) that a major use case for "discardable" is
a bank sending a bank statement, or the like. Going by what's said
above, if the bank somehow gets a mailing list address instead of my
correct email address, it will behave this way (slightly
oversimplifying to make a point; please bear with that, because this
is a valid example):
- If the mailing list is configured to prepend "[Listname]" to the
subject lines, then it will reject the message, and the bank will know
there's a problem.
- If the mailing list is NOT configured to change the subject lines,
then it will accept and forward the message. The bank will not know
there's a problem, and my bank statement will be forwarded to the
whole mailing list.
Right. One needs to take more care about the addresses that one gives to
one's bank. Don't forget that, for most lists, the bank's email address
would also need to be subscribed to the list. For an *announcement* list,
even that's not good enough.
It seems wrong that the behaviour with an ADSP-compliant mailing list
should depend upon whether the list is configured to alter the subject
line or not. I suggest that ADSP-compliant mailing lists should be
advised to reject "discardable" messages whether or not they will be
breaking the signature.
That's not, afaiks, required or even implied by the RFC.
Another feasible use case would be an emergency alert system, in which it's
important that the content isn't changed. So, we'd be using ADSP to ensure
the integrity of alerts.
Perhaps there's a case for adding tags to allow domains to advertise
whether their concern is privacy, integrity or both, perhaps
"dkim=discardable-privacy", "dkim=discardable-accuracy",
"dkim=discardable-privacy,accuracy".
The point here, I suppose, is that forwarders that are meant to
forward to a single individual (as happens with my
<barryleiba(_at_)computer(_dot_)org> address) are one species, and should get
one
set of advice, while forwarders that are meant to fan out to multiple
recipients (as with mailing lists) are a different species, and should
get different advice. And that latter advice very much depends upon
what we mean "discardable" to be for.
Barry
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html