On 4/28/10 11:11 AM, John R. Levine wrote: > >> or this might be a narrow scenario where ADSP could do less harm > >> than good. > > > > could you elaborate. I'm rusty on ADSP. Was a MLM option > > introduced? > > No, ADSP can say "throw away mail that purports to be from me if it's > not signed", and the MLM could apply it to incoming mail.
ADSP policy would be in respect to the From email address domain, independent of a DKIM signature or evidence of having emerged from a mailing list. White-listing a mailing-list to override the application of ADSP could expose these lists to relaying misleading messages when needed handling has not been applied. Allow domains interested in being protected, audit for the needed handling and then make explicit authorizations of the third-party services. After all, third-party authorization scheme scales, and will only require a single transaction to solve issues created by ADSP records using the same transactional overhead. > > Your proposal that MLM remove Signatures would cause restrictive > > policies to fail. Seems like ADSP would make things worse in this > > case. > > Indeed. I'm assuming that any list that paid attention to ADSP would > sign its outgoing mail and would expect its recipients to trust it > enough to whitelist the list's mail. Or equally (more?) likely, ADSP > doesn't really work, and users who sign everything can tell the list > manually. There are many considerations what should go into a mailing-lists being white-listed against the application of ADSP policies. Why not allow domains seeking protection with ADSP to make the needed audits and convey their approval by way of a domain authorization? Perhaps some have no interest in seeing their messages replayed and distributed by some mailing lists. There is no limit on the number of domains authorized using a hashed label approach. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html