--On 29 April 2010 10:58:44 -0600 "McDowell, Brett"
<bmcdowell(_at_)paypal(_dot_)com>
wrote:
On Apr 28, 2010, at 2:11 PM, John R. Levine wrote:
Your proposal that MLM remove Signatures would cause restrictive
policies to fail.
Which is why I oppose this proposal.
Indeed. I'm assuming that any list that paid attention to ADSP would
sign its outgoing mail and would expect its recipients to trust it
enough to whitelist the list's mail.
That's quite an assumption. I would not make that same assumption as we
chart out new/better mechanisms for MLM's to handle DKIM-signed mail. It
will be true in some cases, and false in others. All for valid reasons
we should seek to account for.
An MLM in receipt of a properly signed message "from" a domain with ADSP
policy "discard" has a few options:
1. Forward the message to the distribution list unaltered, such that the
signature remains intact. This might surprise some recipients, and may be
an exception to normal list policy. On the other hand, it might be feasible
if the list normally doesn't alter the subject or body.
2. Break the signature, and forward the message in the knowledge that
recipients may discard it.
3. Break the signature, then discard the message.
4. Bounce the message, on the grounds that it may not be deliverable once
the signature is broken. The DKIM signature should mean that it's safe to
bounce the message back without risking collateral spamming, at least when
the return path is in the same domain as the "From:" header.
5. Reject the message at SMTP time, with an appropriate 5xx error code.
Similar to above. Safer when the return path domain doesn't match the
"from" address domain.
I don't think I like (2) and (3).
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html