ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] MLMs and signatures again

2011-05-26 17:22:34
from [Steve Atkins] [Permanent Link] 

On May 26, 2011, at 2:53 PM, Murray S. Kucherawy wrote:


-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org 
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Steve Atkins
Sent: Thursday, May 26, 2011 2:10 PM
To: DKIM List
Subject: Re: [ietf-dkim] MLMs and signatures again

In that case the reputation of the MLM is poor, and I don't want to
receive email from it. I still don't care about who the participants
are.

The idea that people might sign up for a mailing list full of junk,
and hope that their spam filters / reputation engine will magically
pull the occasional gem out of it seems pretty unlikely. And that's
the premise behind there being value in tracking the reputation
of original authors in the case of their email being re-sent by a
MLM.


Let's say I route all traffic from list X to its own separate mailbox, but I 
also want my MUA to flag for special attention mail sent to that list by 
people I hold in high regard, for example, and I want that to be based on 
their accumulated reputations.  


That's relying on an awful lot of vaporware in the MUA, orthogonal to any sort 
of authentication. I don't think any MUAs really track sender reputation in any 
way[1].


I either have to base that on something forgeable like From:, or on something 
reliable like "d=".  That doesn't seem magical to me.


Well, d= won't identify the original sender at all, in the case of individuals 
sending to a mailing list. It'll identify the domain of their ISP, nothing more.


It's a bit of a contrived example, but right now I would have to maintain 
that list manually; it would be nice to have it done automatically based on 
feedback I provide to a reputation system.


Tunneling DKIM signatures through MLMs doesn't seem to be the missing bit of 
technology needed to do this.

If the MLM signs any email it sends then you have some level of trust in any 
information it annotates the mail with.

*If* it were possible to identify the original email author in some way 
(S/MIME, PGP, some private shared secret approach....) the MLM could annotate 
the mail with that information, and you could trust it enough to filter on. If 
the MLM doesn't have enough information to identify the original email author, 
it's unlikely you do either - whether there's a second DKIM signature or not.

Cheers,
  Steve

[1] It's something that'd be useful, though - it's been on my TODO list for 
about two years to add exactly this to our CRM system, via end-user thumbs-up / 
thumbs-down buttons.


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] MLMs and signatures again, Franck Martin
Next by Date:  Re: [ietf-dkim] MLMs and signatures again, John Levine
Previous by Thread:  Re: [ietf-dkim] MLMs and signatures again, Murray S. Kucherawy
Next by Thread:  Re: [ietf-dkim] MLMs and signatures again, Murray S. Kucherawy
Indexes:  [Date] [Thread] [Top] [All Lists]