ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

2010-05-10 07:07:30
from [Ian Eiloart] [Permanent Link] 


--On 7 May 2010 13:07:34 -0400 "John R. Levine" <johnl(_at_)iecc(_dot_)com> 
wrote:


I believe it.  Are you saying the list managers make no effort to keep
the spam out of their lists?


No, but I don't think it's their job. As the site manager, that's my job
in  general. What the list managers can add is access controls, and
authentication helps to improve the utility of such controls.


Oh, we agree there, I wasn't distinguishing between the list and site
manager, since at small sites they're often the same person.


contributors, but DKIM doesn't help there since DKIM most definitely
never says that the From: address is "real".


"real"? A signature from the sender domain at least says that if it's
not  real, that's the responsibility of the sender domain owner, doesn't
it?


No, all it says is "we signed this mail."  A signer with a good
reputation will presumably rarely sign mail where the From: address
actively misidentifies the sender, but that's a second order effect.


Right, and because the domain owner has signed the email, they can be held 
responsible for abuse. At least, to a greater extent than when the mail 
hasn't touched any system that they have any control over.


the end recipient may have a very different view of the reputation of
the sender than does the list. Or, it may wish to use the message
content to modify its reputation score for the sender.


Once again, this sounds like a solution searching for a problem.  I've
done the occasional bozofiltering in mailing lists, but because the
people were bozos, not spammers.


The problem is reputation assignment. Different recipients (of mail from 
the same list) will have different views of the sender's reputation.

But, the problem is real, and recognised. Mailing lists break signatures.


If you want strong sender authentication, we already have S/MIME, and I
wouldn't be surprised if there were list software that could use it.


R's,
John




-- 
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] SPF, was forward to friend..., Alessandro Vesely
Next by Date:  Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, John R. Levine
Previous by Thread:  [ietf-dkim] Recent discussions, Stephen Farrell
Next by Thread:  Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, John R. Levine
Indexes:  [Date] [Thread] [Top] [All Lists]