ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] On changing From: when sending through lists

2010-08-11 16:55:42
On Wed, 11 Aug 2010 01:09:57 +0100, John Levine <johnl(_at_)iecc(_dot_)com> 
wrote:

I have to say that this particular proposal is currently no more than
1/3 baked, since unless I've missed something, I don't see much effort
to work out failure and security models.  For example:

OK, in the scenarios which follow, "you" is some MLM, and the proposition  
is that the MLM might decide to alter the From: header (e.g. by percent  
encoding), plus some other useful changes.

- Who do you accept forwarded messages from? List subscribers? Anyone?
  Subscribers and people who sign up on a forward-me pseudo list?

The MLM (aka "you") makes that decision according to the purpose of his  
list. Those factors might well influence whether he changes the From: or  
not.

- If a forwarded message
ITYM one that is forwarded back to the original author via the percent hack
is rejected or bounces, what do you do?  At
  what point should you stop trying to forward?

That is a matter of policy for the MLM to decide. Presumably if it is a  
4xx response you keep trying, and if it is a 5xx you pass it back up the  
Return Path. That is, more or less, current common practice.

... If you get mail to an
  address that you don't forward any more do you reject it? Drop it?
  Something else?

Again that is a matter of policy for the MLM. It would be polite to reject  
with some 5xx and/or some explanation up the Return Path. It would be a  
kindness to continue to forward it at least for a while.

- What do you do when someone unsubscribes?  When someone bounces off the
  list?  When someone changes his subscription address? (Yes, there are
  MLMs that let you do that.)

Policy again. there is no obligation to forward bounces off the list  
(indeed an open relay is already considered bad practice). A changed  
subscription simply causes the percent hack to be applied to the new  
address. For unsubscription, see the previous scenarios.

- What kind of spam filtering is appropriate for forwarded messages?
  For returning bounces?  Should you try to distinguish between real
  bounces and spam to bounce addresses ?

Probably best to forward regardless, which gives the same effect as if the  
responder had replied directly himself. As a minor benefit, it lets you  
discover that your members are sending spam, if you really want to follow  
that path. Essentially, your forwarding practice should seek to emulate  
the current situation where the responder replies to the original author  
directly.

- Many MUAs collect outgoing addresses into the local address book, so
  people who really have one address will now appear to have N+1 if
  they subscribe to N lists.  Is that a problem?  Why or why not?  If
  it's a problem, what should you do about it?

That is the only point you have raised that might have some merit. It  
does  not seem like a showstopper to me, but the possibility ought to be  
documented as part of the proposal. If the percentified address in the  
address book stops working then, according to the answers given above, the  
responder will soon get to know about it, exactly the same as when someone  
currently changes their address and fails to notify everyone affected.

That's all that occurs to me in five minutes, but I'm sure that if you
actually try it, you'll find lots more.

Keep shooting. Maybe you will eventually find your foot :-) .

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html