ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Lists "BCP" draft available

2010-05-18 15:49:46
On 18 May 2010, John Levine wrote:
If I were in charge, I'd retire "all", to be replaced with two new
options with clearer semantics.  One would be the "except-mlist" I
proposed a few months back.

I don't understand what verifiers are supposed to do with that.  How
is an MTA doing the DKIM verification and filtering supposed know
what's a mailing list and what's not?  If I were a bad guy, I'd put
fake headers on my spam to make it look like a list mail.

1. "except-mlist" is primarily for the benefit of vanity domain
recipients who have programmed their MTA with knowledge of exactly which
lists they are subscribed to.  Just guessing which list to forge is a big
hurdle for the bad guys.

*I* recognize friendly mailing lists by their MAIL FROM: domains, which
means SPF will also be an obstacle to such forgers.

But yes, big ISPs that know no details about their users have to treat
"except-mlist" as "unknown".  But they still gain, because they will know
everyone who publishes "rejectable" really means it.

2. As I touched on in a parenthetical at the end of the message, mail heading
to a mailing list *input* can be processed as if "except-mlist" was
"rejectable".  Lists don't subscribe to other lists.

---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html