ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review

2010-09-13 13:29:47
  On 9/13/10 3:57 AM, Charles Lindsey wrote:
 On Fri, 10 Sep 2010 23:37:46 +0100, Steve Atkins
 <steve(_at_)wordtothewise(_dot_)com> wrote:

On Sep 10, 2010, at 2:31 PM, Scott Kitterman wrote:
..... If this negative event can be avoided by the simple
mechanism of using a mailing list specific "Message" From, then
that is a benefit.

Rather than go into the general reasons why I think this is not
something that ADSP users really want, I'll give a concrete
example.

 What ADSP users want is irrelevant. This is about what MLMs want
 (which is most likely to ensure that submitted messages reach the
 whole of their list without problems).

There is the human aspect of recognizing the purported author.  See:

http://tools.ietf.org/html/draft-ietf-eai-mailinglist-07

Where in the introduction there is this comment:
,---
...
Separate from these standardized list-specific header fields, and 
despite a history of interoperability problems from doing so, some lists 
alter or add header fields in an attempt to control where replies are 
sent.  Such lists typically add or replace the "Reply-To" field and some 
add or replace the "Sender" field.  Poorly-behaved lists may alter or 
replace other fields, including "From".
'---
It also seems that both the downgraded and international versions of the 
email-address would need to be recoded.

Lets say this mailing list rewrites the From: address in some
reasonably mechanical manner, and the From: field of this message
were rewritten as (making up syntax on the fly)...

From: steve%blighty(_dot_)com%ietf-dkim(_at_)mipassoc(_dot_)org

... such that recipients (or their MUAs) know that this mail was
sent by steve(_at_)blighty(_dot_)com via a mailing list at dkim.org.

There's nothing to stop me from sending mail From:
billing%paypal(_dot_)com%ietf-dkim(_at_)mipassoc(_dot_)org, as the mailing 
list
isn't using ADSP.

 Clearly, mailing lists that do things to the From: SHOULD (even MUST)
 sign, and any RFC documenting my proposal would include that.

 But yes, you could currently send a message to this list From: that
 address, but that has nothing to do with whether my suggestion is
 adopted or not. I suspect you would soon find yourself blacklisted by
 the MLM.

Do you mean the MTA would become blacklisted or the subscriber being 
spoofed?  DKIM does not identify the author.

Defending the MLM might work after all subscribers and the MLM have 
adopted DKIM as a requirement for acceptance.  Otherwise this would 
expect the MLM to check policy on any percent hack email-address without 
there being any defined standard.  For example, VERP uses '=' as a 
replacement symbol for '@' when stacking addresses. BATV and SRS use '=' 
to isolate local-part components.  The '%' symbol is understood by some 
operating systems to indicate a hex conversion is desired.   :^(

-Doug

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>