ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Why mailing lists should strip DKIM signatures

2010-04-23 20:23:59
On 4/23/10 4:04 PM, John R. Levine wrote:
I am about 99% certain that the FBL reports that started this discussion
were either a guy who wanted to unsub from the list, or he reported his
whole inbox.  Nearly all of the FBL reports I get are one or the other,
but this was the first time I got them for someone else's list.  As I
believe I said, it didn't break anything here, but it was a useless
transaction, and for a small site like mine that has users who belong to a
lot of lists, it could easily dominate FBL traffic.

Or to put it another way, it scales poorly since the amount of traffic
depends on the number of other subscribers, not on anything under your own
control.  For something like Dave Farber's IP list, with hundreds of
thousands of subscribers, the number of bogus reports per message sent
could become large.
   
IMHO, John is right, but this runs counter to desires of many providers 
who want someone else to blame for their failure to act.   This would be 
analogous to moving accountability for a traffic accident to a vehicle 
in front, which would be just as wrong.  In the case of a mailing list, 
John is not deciding where a message is sent beyond the mailing list, 
just as John can not apply the brakes of a following vehicle.  Being 
required to stop irrespective of the actions of a vehicle in front 
represents a workable method for accountability.  The same is true with 
email, as distribution represents the overriding aspect of email 
accountability, respective of any auth-header-chain.  Unfortunately, 
poorly considered desires of passing blame up, caused the neglect of 
capturing the IP address of the last provider which would help identify 
those at fault for failing to stop.

-Doug


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>