John Levine wrote:
The basic problem is that mailing lists are for all intents and
purposes forging content when they don't change the From address but
insist on adding trailers and subject line changes, blah, blah,
blah.
I don't find "forging" to be a useful description of what mailing
lists do.
Then try "indistinguishable from forging".
It's true, they send mail from someplace other than the
normal place associated with the From: address, but that's no more
forgery than my sending a postcard on vacation with my normal return
address but funny foreign stamps and postmarks.
Speaking of unuseful descriptions... a more apt analogy would be
for the Ugandan Post Office adding a bunch of content obfuscating
the fact that you'd been thrown in the klink. The point is that
from a receiver's standpoint there's no difference when that
happens. With DKIM, you can at least tell what was added and
what wasn't in some cases.
It's also not the
only situation where a third party sends legitimate mail on someone's
behalf, with another familiar example being the mail-an-article
feature on newspaper sites.
I don't argue about the utility, but there are also a lot of
indistinguishable abuses as well. It would be nice to have
a means to be a Well Behaved Mangler, and I think there's
provision within the spec to achieve that at least in some
common cases. Whether that's enough is debatable of course,
but anything that predicates a flag day is a dead letter.
My suspicion is that couching this in terms of "right"
and "wrong" approaches is exactly the wrong thing to do here
because it factors out the timing aspect: as in, "right
solution at the right time". We need to get over one hump
at a time.
Mike
_______________________________________________
ietf-dkim mailing list
http://dkim.org
