On May 24, 2010, at 9:08 AM, John R. Levine wrote:
I guess the list should be rejecting his email! Then, perhaps, his
organisation would get around to deploying a non-discardable domain.
I've suggested it. They know they have a problem, but they won't yet say
what they're going to do about it.
I'll be happy to report on our decision once we've implemented it. FWIW, I
agree with the recommendations made on this list, at least in the short-term.
Step one: was to start using anything that wasn't under an ADSP=discardable
assertion (so here I am using a me.com account).
Step two: is to do something along the lines of what's been recommended here (a
non-discardable domain).
Step three: fix the status quo for *participating* MLM's by offering up a new
technical solution that enables MLM's to assert that they've validated the
original sender's signature.
As you may recall, they suggested that lists sign an A-R header and all
recipient systems track what lists they're subscribed to and do
complicated processing to see whether list mail was signed when it showed
up at the list.
That is a mischaracterization of what I proposed. What I actually proposed was:
On Apr 26, 2010, at 1:19 PM, McDowell, Brett wrote:
On Apr 26, 2010, at 10:05 AM, MH Michael Hammer (5304) wrote:
I think we are having the wrong discussion. The real question is:
"What are appropriate practices for mailing lists in handling DKIM
signed mail?"
Agreed.
From my perspective, I'd like to enable (not mandate or expect universal
compliance with) the deployment scenario where the sender's DKIM signature
is either maintained without adulteration or "proxied" by the list so the
transient trust can be carried through the mailing list intermediary to the
destination (per Murray's note which I'm also going to respond to). That's
my use case. By sharing this use case I'm not trying to deprecate or
undermine John Levine's original use case. But there is a diversity of
valid/appropriate behavior by mailing lists vis-a-vis DKIM that we need to
consider (which is why I'm so pleased to see Mike H. take our discussion in
this direction).
-- Brett
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html