On 9/1/10 2:49 PM, Murray S. Kucherawy wrote:
On Wednesday, September 01, 2010 1:47 PM, Steve Atkins wrote:
If your goal is to have MLM developers rewrite their perfectly
working code to work around the fundamental flaws in ADSP - a
protocol nobody other than bulk mailers is interested in, and which
in any even marginally sane deployment would never interact with
mailing lists at all - I think you're going to be disappointed.
Setting aside ADSP for a second, I think there are still some people
that would like to see MLMs preserve author signatures for the
purposes of reputation evaluation.
Because DKIM does not affirm either the destination or return path of a
message, it would offer an extremely vulnerable basis for establishing
reputations based upon receipt of unsolicited messages. It would be
far better to develop cryptographic methods to authenticate SMTP clients
instead. This would then mean MLM developers do not need to change any
of their code. The need for a cryptographic SMTP client authentication
mechanism will quickly become more apparent as more email is exchanged
over IPv6 networks.
... rather than hoping MLM software developers will remove all the
features they offer that might break a DKIM signature.
Maybe we should let the MLM developers, some of whom are here (or
were, maybe they've been scared off) comment?
Such a change would be a move in the wrong direction. It would make
messages distributed by mailing lists visually identical to those from
individuals, where they become more dangerous from a phishing
perspective. Avoiding false positive phishing detection was a reason
for DKIM, and anti-phishing was the reason for ADSP, after all. Few see
the DKIM signature, know what portion of the message body was signed, or
whether the From domain is accurate. The from header is normally not
assured when distributed through a mailing list.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html