ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review

2010-09-14 08:56:37
Ian Eiloart wrote:

If the MLM owner knowingly breaks a signature, and either discards the 
message or forwards it into a system that is likely to discard it, and do 
not notify the sender, then the forwarder must be responsible for any harm 
done. They really should reject such messages.

+1 and nothing short of this is just poor mail system integration and
product engineering.

The key word is "knowingly" because it is intentional neglect at that
point if it pursues to add something NEW without all the engineering
considerations extracted from the R&D.

Here is what we are doing:

For List Server:

    - Check ADSP at subscription points
         - notify denial

    - Check ADSP at list submission
         - reject with 1 time notification

    - One time scan script to check for any ADSP domains
         - dotting the i, crossing the t.

    Overall, ADSP domains are restricted and ASDP domains are
    protected from abuse.

For SMTP Server:

    - DATA level DKIM Script

      - Extract 5322.From

      - Check ADSP
        - if DISCARDABLE or ALL and not signed
          - if DISCARDABLE return ACCEPT-DISCARD
          - return REJECT
        - if DISCARDABLE
          - Extract DKIM.D
          - if 5322.From != DKIM.D
            - If Has List-ID, return ACCEPT-DISCARD
            - return REJECT

      - if signed
         - DKIM verify

      - A-R record
      - Return PASS

Overall, it has consideration for legacy list server. It will not
cover those who do not add a LIST-ID.

Check ADSP would also be made an option just in case it becomes
deprecated.

The ACCEPT-DISCARD will probably be made an option with a default of
true, otherwise it would be a REJECT.

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>