ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review

2010-09-01 17:18:15
from [Steve Atkins] [Permanent Link] 

On Sep 1, 2010, at 2:49 PM, Murray S. Kucherawy wrote:


-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Steve Atkins
Sent: Wednesday, September 01, 2010 1:47 PM
To: DKIM List
Subject: Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review

If your goal is to have MLM developers rewrite their perfectly working
code to work around the fundamental flaws in ADSP - a protocol nobody
other than bulk mailers is interested in, and which in any even
marginally sane deployment would never interact with mailing lists at
all - I think you're going to be disappointed.


Setting aside ADSP for a second, I think there are still some people that 
would like to see MLMs preserve author signatures for the purposes of 
reputation evaluation.


I'm sure there are people who'd think that'd be nice (if there were no cost to 
doing so, I'd be one of them) - but I'm also fairly sure that they'd find other 
approaches which do not cripple MLMs an acceptable alternative.




... rather than hoping MLM software developers will remove all the
features they offer that might break a DKIM signature.


Maybe we should let the MLM developers, some of whom are here (or were, maybe 
they've been scared off) comment?



OK.

I develop code that receives email to one address and forwards it on to another 
address. It's not intended for use as an MLM, but it does have a number of 
optional features in common - modifying the subject line to add a tag, 
rewriting from / reply-to, modifying the body content, adding or removing MIME 
elements.

It will break DKIM signatures (any that sign the subject line, at the very 
least) much of the time. I've no intention of removing those features in order 
to make it not break DKIM signature as, well, they're features that were added 
because users wanted them.

DKIM signing the mail sent by the MLM is something I support doing. Checking 
DKIM signature on the inbound is something I don't do now, as there's not been 
much call for it, but it's something I'd like to add eventually. Recording that 
inbound authentication data in a header of the forwarded email is something I 
see as not terribly useful, nor particularly desired by the users I've talked 
to, but pretty much harmless. 

Lets say we set aside ADSP, as you suggest, and just consider reputation 
evaluation. Do you believe there are any people who'd not find that that level 
of authentication tunneling entirely adequate for their needs?

Cheers,
  Steve
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review, Murray S. Kucherawy
Next by Date:  Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review, Hector Santos
Previous by Thread:  Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review, Murray S. Kucherawy
Next by Thread:  Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]