On 5/18/10 1:46 PM, Michael Deutschmann wrote:
On 18 May 2010, John Levine wrote:
If I were in charge, I'd retire "all", to be replaced with two new
options with clearer semantics. One would be the "except-mlist" I
proposed a few months back.
I don't understand what verifiers are supposed to do with that. How
is an MTA doing the DKIM verification and filtering supposed know
what's a mailing list and what's not? If I were a bad guy, I'd put
fake headers on my spam to make it look like a list mail.
1. "except-mlist" is primarily for the benefit of vanity domain
recipients who have programmed their MTA with knowledge of exactly which
lists they are subscribed to. Just guessing which list to forge is a big
hurdle for the bad guys.
*I* recognize friendly mailing lists by their MAIL FROM: domains, which
means SPF will also be an obstacle to such forgers.
The ADSP effort started by agreeing not to dictate how messages are to
be handled, and to assume administrators are able to take correct
actions. The assertion "discardable" muddled an expectation of
competence, where some now suggest "all" lacking a valid Author Domain
signature does not empower "rejection".
MTAs are to ignore invalid Author-Domain signatures with "except-mlist"
assertions. Vanity, or otherwise, it is not difficult to defeat SPF, to
find mailing-lists offering one-time access, or to create messages
appearing to be from some mailing-list where the message lands in the
inbox.
But yes, big ISPs that know no details about their users have to treat
"except-mlist" as "unknown".
Agreed, and "except-mlist" declares open season on mailing-lists, and
perhaps any message that has ever touched one.
But they still gain, because they will know
everyone who publishes "rejectable" really means it.
All messages are "rejectable", especially when "all" assertions lack
Author Domain Signatures. Why would you see "rejectable" as being
different from "all" assertions? There is no ADSP assertion that makes
it clear which messages are _really_ from mailing lists.
2. As I touched on in a parenthetical at the end of the message, mail heading
to a mailing list *input* can be processed as if "except-mlist" was
"rejectable". Lists don't subscribe to other lists.
How would this be any different from recommending mailing-lists to
reject ADSP "all" assertion lacking a valid Author-Domain signature? A
recommendation might also suggest tolerance be given mailing lists. A
better alternative would be to use a third-party authorization
mechanisms to curtail exploits caused by the knowledge gap.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html