John R. Levine wrote:
Despite the valiant work that Murray has put into the MLM document, my
preference, which I doubt has any hope of gaining consensus, would be to
throw it away and replace it by one page that says
a) many lists break signatures, which isn't going to stop
b) so it would be nice if they signed their mail on the way out.
Everything else is either too marginal to be worth worrying about, or not
a problem if a list's mail has a credible signature.*
Every time I read that, its just to too tempting to remind us of same
outdated ill-advice as it was in RFC2821 section 7.1 par. 4:
This specification does not further address the authentication issues
associated with SMTP other than to advocate that useful functionality
not be disabled in the hope of providing some small margin of
protection against an ignorant user who is trying to fake mail.
And the only thing we learned in the 10 years to update it with
RFC5321 ...
This specification does not further address the authentication issues
associated with SMTP other than to advocate that useful functionality
not be disabled in the hope of providing some small margin of
protection against a user who is trying to fake mail.
is that the user is no longer ignorant!
I guess maybe we can rephrase it for DKIM:
This specification does not further address the authentication issues
associated with MLM other than to advocate that useful unrestricted
resigning functionality not be disabled in the hope of providing
some small margin of protection against an ignorant domain who is
trying to submit fake mail.
Maybe we should remove "ignorant" so it still applies 10 years later.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html