On 5/18/10 10:16 AM, John R. Levine wrote:
It'll be the one that's not broken, I presume. If there's more than one
unbroken signature, I guess the signing domain might want to match the
list-id header.
Why is it important to match signatures? If there's a valid signature
with a good rep, deliver the mail. If the mail turns out to be nasty,
decrease the rep of all of the valid signatures. Why make this more
complicated than it needs to be?
Signed messages might be replayed in a spam campaign. Many copies of a
signature's hash would be normal for mailing lists.
When a mailing-list signature provides greater acceptance, wouldn't this
lead to mailing lists being exploited?
How should new signatures be handled?
If your wish for ADSP "except-mlist" is granted, how would a domain's
recipients protect themselves exploits or spoofs of mailing lists?
Perhaps there should also be "except-signed-mlist"?
Wouldn't a non-specific mailing list exception lead to mailing list
being targeted?
Why can't "all" represent "reject" as you described? Is your concern
that "all" creates an obligation for mailing list to either reject or
bounce messages lacking valid Author Domain signatures? How many MTAs
check DKIM signatures during the SMTP session? How many invalid
signatures would normally seen by mailing-lists?
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html