--On 24 November 2010 09:53:41 -0500 Wietse Venema
<wietse(_at_)porcupine(_dot_)org>
wrote:
Ian Eiloart:
Unless the intermediary co-operates by re-signing, mailing lists can
break DKIM signatures. Since mailing lists generally use their own
rfc5321 return paths, SPF failures should not result. Of course, a
broken DKIM signature is equivalent to none at all. You should not
reject or discard mail on this basis, but you do lose the ability to
assign signer domain based reputation to the message.
Unless the intermediary co-operates with SRS, or similar, *forwarding*
can result in SPF failure. Since forwarders generally don't change the
message content, DKIM signatures should remain intact.
Please do not confuse mailing lists with email forwarding. The two
are different things. It is not helpful to take an argument from
one context and use that to "prove" a point in the other context.
I'm not confusing the two. DKIM and SPF both permit the use of domain based
reputation databases. Unfortunately, both have problems with various paths
that emails may take. Fortunately, the problematic paths are different -
mailing lists are problematic for one, and forwarding is problematic for
the other.
My point that DKIM and SPF can complement one another therefore relies on
an understanding that mailing lists are not forwarders.
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html