On 18 May 2010, John Levine wrote:
If I were in charge, I'd retire "all", to be replaced with two new
options with clearer semantics. One would be the "except-mlist" I
proposed a few months back.
I don't understand what verifiers are supposed to do with that. How
is an MTA doing the DKIM verification and filtering supposed know
what's a mailing list and what's not? If I were a bad guy, I'd put
fake headers on my spam to make it look like a list mail.
1. "except-mlist" is primarily for the benefit of vanity domain
recipients who have programmed their MTA with knowledge of exactly which
lists they are subscribed to. Just guessing which list to forge is a big
hurdle for the bad guys.
*I* recognize friendly mailing lists by their MAIL FROM: domains, which
means SPF will also be an obstacle to such forgers.
But yes, big ISPs that know no details about their users have to treat
"except-mlist" as "unknown". But they still gain, because they will know
everyone who publishes "rejectable" really means it.
2. As I touched on in a parenthetical at the end of the message, mail heading
to a mailing list *input* can be processed as if "except-mlist" was
"rejectable". Lists don't subscribe to other lists.
---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html