ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review

2010-09-01 18:47:06
  On 9/1/10 2:49 PM, Murray S. Kucherawy wrote:
On Wednesday, September 01, 2010 1:47 PM, Steve Atkins wrote:

If your goal is to have MLM developers rewrite their perfectly
working code to work around the fundamental flaws in ADSP - a
protocol nobody other than bulk mailers is interested in, and which
in any even marginally sane deployment would never interact with
mailing lists at all - I think you're going to be disappointed.

 Setting aside ADSP for a second, I think there are still some people
 that would like to see MLMs preserve author signatures for the
 purposes of reputation evaluation.

Because DKIM does not affirm either the destination or return path of a 
message, it would offer an extremely vulnerable basis for establishing 
reputations based upon receipt of unsolicited messages.   It would be 
far better to develop cryptographic methods to authenticate SMTP clients 
instead.  This would then mean MLM developers do not need to change any 
of their code.  The need for a cryptographic SMTP client authentication 
mechanism will quickly become more apparent as more email is exchanged 
over IPv6 networks.

... rather than hoping MLM software developers will remove all the
features they offer that might break a DKIM signature.

 Maybe we should let the MLM developers, some of whom are here (or
 were, maybe they've been scared off) comment?

Such a change would be a move in the wrong direction.  It would make 
messages distributed by mailing lists visually identical to those from 
individuals, where they become more dangerous from a phishing 
perspective.  Avoiding false positive phishing detection was a reason 
for DKIM, and anti-phishing was the reason for ADSP, after all.  Few see 
the DKIM signature, know what portion of the message body was signed, or 
whether the From domain is accurate.  The from header is normally not 
assured when distributed through a mailing list.

-Doug


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>