On 4/22/2010 9:34 PM, John Levine wrote:
For anyone who's working on the list management BCP:
I sign all my outgoing mail, and I have a feedback loop set up with
Yahoo, which being very modern and advanced keys on signatures, not IP
addresses. A few days ago I sent some messages to one of the Freebsd
mailing lists. Today some Yahoo user who subscribes to that list hit
the spam button. Freebsd's list software (Mailman, I think) doesn't
sign, and doesn't strip any headers. So what happened? Yahoo saw my
signature and sent the reports to me, which was of course useless
since I don't run the list.
This is not a hypothetical problem--all of my recent Yahoo FBL reports
If I understand correctly, you established a private arrangement with Yahoo.
Yahoo chooses to create a unique interpretation for the presence of a DKIM
signature, which treats it as an override to the MailFrom. And from this, you
are asserting a new, general rule about DKIM handling?
Better still...
On 4/23/2010 6:38 AM, John R. Levine wrote:
Would this still be an issue if the lists were signing the outbound mail?
You'd hope that Yahoo would then send the feedback reports to the list
owner.
Probably not. It depends if the list owner has an FBL of their own, which
small senders generally don't.
You are extrapolating without any data.
The problem here is that Yahoo has added some deep semantics to a DKIM
signature
and probably has not even documented or discussed it properly.
Is there some reason not to first discuss this with Yahoo?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html