ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] more on discardable, was Lists "BCP" draft

2010-05-26 16:06:13
On 5/26/10 8:09 AM, SM wrote:
Hi Doug,
At 15:50 25-05-10, Douglas Otis wrote:
It should be possible for sending domains to detect mailing-list
conversations.  When desired, they can then immediately publish
third-party authorization labels to allow ADSP exceptions.  The
exception approach retains their ability to quickly mitigate any
reported abuse.
I don't have a clue how to implement this.  I can implement measures 
for the mailing lists I am subscribed to but it doesn't scale.  Due to 
legacy reasons it would be impossible to "fix" the local-part anyway.
See:
http://tools.ietf.org/html/draft-otis-dkim-tpa-label-03

DKIM is a process handled by domain administrations, not individuals.  
The third-party label authorization method scales to _any_ practical 
level,  and allows domain administrators a means to unilaterally resolve 
reported issue involving third-party services.  Whether these issues 
relate to abuse or to refused and missing messages, the third-party 
authorization scheme offers an easy and low overhead solution.  Perhaps 
in the future, mailing-list subscription acknowledgments could be 
standardized to trigger any needed third-party authorization.

Of course, there should be facilities, such as user web pages, to deal 
with potential refusal issues proactively.  Exchanges of DKIM keys with 
any number third-party services clearly does not scale, nor would this 
be practical.
The short answer I would give is that it is not possible for the 
signer to detect mailing list conversations [1].
When the domain administration receives DSNs or MARFs indicating a 
problem, they should also be able to recognize whether it involves a 
trusted third-party service based upon content.  A third-party 
authorization method offers a practical means to extend ADSP "all" with 
a method to mitigate possible disruptions.  IMHO, "discardable" should 
be limited to domains not sending mail.

As a side note:

Rather than using ADSP "discardable", it would be better to a mandate 
the use of MX records.  BNAME zones will soon make the use of address 
records to discover MTAs impossible.  As such, the Address Record 
discovery should be depreciated.

Secondly,

Not delivering non-ADSP complaint email protects recipients, especially 
those sorting From headers, which is a technique that offers protection 
from look-alikes.

-Doug


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>