Justin,
'Con: Does copying [IIM's "copy protected headers" concept] really
increase protection?'
I would like to note that this is, indeed, *ideal* for us in SpamAssassin;
it lets us adopt new heuristics to deal with moderately-broken gateways
like old, unupgraded Mailman mailing list managers. Detecting Subject
Mostly, my reaction is that you are actually describing badness, not goodness.
Let me explain why: When standards do things to encourage heuristics, the
utility of the service becomes more and more a question of stochastics. That
means that there is no real reliability to whether things will work. People do
whatever they feel like and recipients are left trying to guess what the sender
chose.
Heuristics make sense when there are no standards. But the purpose of a
standard is to define precise, predictable behaviors, and that means
constraints.
line modification, where such modification is mailing-list-style
subject-tag prepending, is very easy in this case.
So, in my opinion, "copy protected headers" does increase protection, by
allowing verifiers to "rescue" some mails from becoming false positives
when rewritten by to nonconformant gateways -- and in that case, not
having to apply a blanket exemption for list-gated messages that fail the
signature check.
And this is why it is increasingly clear to me that we should not be trying to
make the mechanism be robust against intermediaries that make arbitrary
changes. Ultimately, that's an arms race. The intermediaries do more and more
arbitrary stuff and we do more and more to try to guess how to protect against
it.
That's not standards work. It's something else.
d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
www.brandenburg.com