On 9/13/10 3:57 AM, Charles Lindsey wrote:
On Fri, 10 Sep 2010 23:37:46 +0100, Steve Atkins
<steve(_at_)wordtothewise(_dot_)com> wrote:
On Sep 10, 2010, at 2:31 PM, Scott Kitterman wrote:
..... If this negative event can be avoided by the simple
mechanism of using a mailing list specific "Message" From, then
that is a benefit.
Rather than go into the general reasons why I think this is not
something that ADSP users really want, I'll give a concrete
example.
What ADSP users want is irrelevant. This is about what MLMs want
(which is most likely to ensure that submitted messages reach the
whole of their list without problems).
There is the human aspect of recognizing the purported author. See:
http://tools.ietf.org/html/draft-ietf-eai-mailinglist-07
Where in the introduction there is this comment:
,---
...
Separate from these standardized list-specific header fields, and
despite a history of interoperability problems from doing so, some lists
alter or add header fields in an attempt to control where replies are
sent. Such lists typically add or replace the "Reply-To" field and some
add or replace the "Sender" field. Poorly-behaved lists may alter or
replace other fields, including "From".
'---
It also seems that both the downgraded and international versions of the
email-address would need to be recoded.
Lets say this mailing list rewrites the From: address in some
reasonably mechanical manner, and the From: field of this message
were rewritten as (making up syntax on the fly)...
From: steve%blighty(_dot_)com%ietf-dkim(_at_)mipassoc(_dot_)org
... such that recipients (or their MUAs) know that this mail was
sent by steve(_at_)blighty(_dot_)com via a mailing list at dkim.org.
There's nothing to stop me from sending mail From:
billing%paypal(_dot_)com%ietf-dkim(_at_)mipassoc(_dot_)org, as the mailing
list
isn't using ADSP.
Clearly, mailing lists that do things to the From: SHOULD (even MUST)
sign, and any RFC documenting my proposal would include that.
But yes, you could currently send a message to this list From: that
address, but that has nothing to do with whether my suggestion is
adopted or not. I suspect you would soon find yourself blacklisted by
the MLM.
Do you mean the MTA would become blacklisted or the subscriber being
spoofed? DKIM does not identify the author.
Defending the MLM might work after all subscribers and the MLM have
adopted DKIM as a requirement for acceptance. Otherwise this would
expect the MLM to check policy on any percent hack email-address without
there being any defined standard. For example, VERP uses '=' as a
replacement symbol for '@' when stacking addresses. BATV and SRS use '='
to isolate local-part components. The '%' symbol is understood by some
operating systems to indicate a hex conversion is desired. :^(
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html