Hmmn. I fear I see a lot of searching for our glasses under the streetlight.
>b) so that if Alice sends an advertisement to Bob, and Bob forwards >it to a large number of other addresses, it is clear that Bob, not >Alice is responsible for the messages forwarded by Bob. Bob is [EMAIL PROTECTED], a distribution list with a lot of names on it. Alice is Krazy Kevin, who looks for lists he can send spam through. Why is Alice off the hook here? I get tons of mail through distribution lists, including a lot of spam from Krazy Kevin back when he was sending spam rather than eating it, and I can't recall ever seeing a remailing joe job, so this is hardly a hypothetical counterexample. >c) (maybe) so if Alice wants to send advertising to Bob with the >promise that she will pay Bob $1 for reading it, Bob cannot >distribute the message to N of his friends so that they'll each get >$1 also. Hmmn. Pay to read ads systems already exist, and they work by putting a unique URL in each message that you can only click once. Can we agree that this is not a problem that anyone has asked us to solve? >I think things need to be as easy to understand as we can make them, >but not so simple that it misrepresents reality when there's an >important difference between cases. I think we're trying to define a scheme that provides a level of accountability that is useful for evaluating incoming mail, not something that captures the semantics of every possible relationship among a group of people. >> Well, DKIM doesn't make it through this list unless you use l= >> and z=. :) We definitely had this argument before. You cannot expect signatures to survive mailing lists (as opposed to courtesy forwards) unless you loosen the signing algorithm to the point that it will accept mutations that people wouldn't consider to be the same message, e.g., adding new MIME parts. Even if you do so, lots of lists will still break the signature. Look at the way Yahoo groups rewrites its tag into an HTML formatted or multipart/alternative message, for example. That's why all of the list survival stuff is optional, and I would be surprised if many people used it. R's, John _______________________________________________ ietf-dkim mailing list http://dkim.org
