ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

2010-09-26 23:52:16
On 26 Sep 2010, John R. Levine wrote:
No, of course not.  I've already adjusted my list software to put DKIM
list signatures on outgoing mail.  It was no big deal.  I haven't done
anything with ADSP because, to several decimal places, nobody uses ADSP.

I was suggesting the From: hackery as a substitute for preemptively
blocking ADSP-using posters, not as a substitute for adding a List-Id:
signature.

Although without an "LDSP", List-Id: signing is almost pointless.  To
benefit, you need to tell the recipient, human-to-human, that your list
always signs.  But if that communication channel is open, you could just
promise not to change the bounce-address domain, and protect that domain
with SPF.
 
What have you done on the lists you run?

I don't run any lists.


One other important thing:  While preemptively blocking
"dkim=discardable" is reasonable, to definitively avoid DKIM false
positives you must also restrict "dkim=all" posters.

A reasonable interpretation of the RFC is that "dkim=all" still indicates
that all mail with no signature is bogus -- the difference from
"discardable" is that the latter indicates the sender is willing to accept
that suspect mail may be silently blackholed (thus making diagnosis of an
FP-causing configuration error harder).  So an MX capable of validating
before responding to CR LF '.' CR LF may treat them identically.

---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>