On November 17, 2016 2:57:00 PM CST, "Murray S. Kucherawy"
<superuser(_at_)gmail(_dot_)com> wrote:
On Thu, Nov 17, 2016 at 9:51 PM, Michael Storz
<Michael(_dot_)Storz(_at_)lrz(_dot_)de>
wrote:
Thanks, I see. That means the recipient is bound to the message and
an
attacker cannot delete or change the new tags. Great solution, I like
it,
though I do not like the consequences when this extension will go
into
production.
You may not need to worry about that. We've reached a point where I
think
we can legitimately say, "We took a serious look, and this is the best
we
could come up with. It has some pretty ugly side effects. Are you
sure
you can't just stop signing spam?" And absent a compelling answer to
that
question, there's no need to roll this out even as an experiment.
That's great to hear.
You might suggest (if it's someone that does DMARC p=reject) that if they can
manage to stop signing reasonably likely (FSVO reasonable) spam they'll get
roughly what the proposed protocol change would have provided for that mail
without having to wait for the world to upgrade. Direct mail would still pass
DMARC due to SPF.
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html