On 18 May 2010, John Levine wrote: > >If I were in charge, I'd retire "all", to be replaced with two new > >options with clearer semantics. One would be the "except-mlist" I > >proposed a few months back. > > I don't understand what verifiers are supposed to do with that. How > is an MTA doing the DKIM verification and filtering supposed know > what's a mailing list and what's not? If I were a bad guy, I'd put > fake headers on my spam to make it look like a list mail.
1. "except-mlist" is primarily for the benefit of vanity domain recipients who have programmed their MTA with knowledge of exactly which lists they are subscribed to. Just guessing which list to forge is a big hurdle for the bad guys. *I* recognize friendly mailing lists by their MAIL FROM: domains, which means SPF will also be an obstacle to such forgers. But yes, big ISPs that know no details about their users have to treat "except-mlist" as "unknown". But they still gain, because they will know everyone who publishes "rejectable" really means it. 2. As I touched on in a parenthetical at the end of the message, mail heading to a mailing list *input* can be processed as if "except-mlist" was "rejectable". Lists don't subscribe to other lists. ---- Michael Deutschmann <mich...@talamasca.ocis.net> _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html