If you begin to get complaints because you are on some list whose owner
isn't bothering to conduct list hygiene, I would imagine you'd
ultimately unsubscribe from the list and find or create another one
that's properly managed.
I am about 99% certain that the FBL reports that started this discussion
were either a guy who wanted to unsub from the list, or he reported his
whole inbox. Nearly all of the FBL reports I get are one or the other,
but this was the first time I got them for someone else's list. As I
believe I said, it didn't break anything here, but it was a useless
transaction, and for a small site like mine that has users who belong to a
lot of lists, it could easily dominate FBL traffic.
Or to put it another way, it scales poorly since the amount of traffic
depends on the number of other subscribers, not on anything under your own
control. For something like Dave Farber's IP list, with hundreds of
thousands of subscribers, the number of bogus reports per message sent
could become large.
On the third hand, in practice, this is unlikely to be a big deal, since
it is my impression that in the world at large, the number of lists (as
opposed to courtesy forwards) that don't break the signature is
insignificant. But I think it is of interest to try and figure out where
the responsibility belongs for list mail, other than "everywhere", and
what to recommend to people to make that easy to implement.
Me too. Mail from the list is the responsibility of the list. QED and
all that.
But if you redact the original signature, you're only providing some of
the information that could be provided to the receiver.
Well, yes, leaving out irrelevant info avoids misleading them. More info
is not necessarily better, particularly in a situation like this where a
recipient doesn't know the order or relationship of multiple signatures
unless it has separate knowledge about the parties involved.
Lists, specifically, in that instance. Something like: X sends to a
list at Y that then relays to Z; Z trusts Y to implement DKIM and
Authentication-Results and all that properly, so Z believes Y when it
says "X had a signature on here that verified" even if X's signature on
arrival at Z is either invalid or absent.
This returns us to the original question. Other than the implausible
scenario of a system that is managed well enough to maintain the chain of
signature headers, but that makes no attempt to keep spam out of its
lists, in what scenario would this be of practical use in managing Z's
mail? If Z trusts Y, why wouldn't it be sending reports about Y's lists
to Y?
People have been saying since the dawn of DKIM that they want to see the
incoming signatures on list mail, but I have yet to hear a plausible story
about what to do with them. As far as I can tell, it's just an unexamined
assumption that more signatures must be better, or that they as the
original signer will then somehow be able to tell recipients what to do.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html