On May 24, 2010, at 9:08 AM, John R. Levine wrote: >> I guess the list should be rejecting his email! Then, perhaps, his >> organisation would get around to deploying a non-discardable domain. > > I've suggested it. They know they have a problem, but they won't yet say > what they're going to do about it. >
I'll be happy to report on our decision once we've implemented it. FWIW, I agree with the recommendations made on this list, at least in the short-term. Step one: was to start using anything that wasn't under an ADSP=discardable assertion (so here I am using a me.com account). Step two: is to do something along the lines of what's been recommended here (a non-discardable domain). Step three: fix the status quo for *participating* MLM's by offering up a new technical solution that enables MLM's to assert that they've validated the original sender's signature. > As you may recall, they suggested that lists sign an A-R header and all > recipient systems track what lists they're subscribed to and do > complicated processing to see whether list mail was signed when it showed > up at the list. That is a mischaracterization of what I proposed. What I actually proposed was: > On Apr 26, 2010, at 1:19 PM, McDowell, Brett wrote: > >> On Apr 26, 2010, at 10:05 AM, MH Michael Hammer (5304) wrote: >> >>> I think we are having the wrong discussion. The real question is: >>> >>> "What are appropriate practices for mailing lists in handling DKIM >>> signed mail?" >> >> Agreed. >> >> From my perspective, I'd like to enable (not mandate or expect universal >> compliance with) the deployment scenario where the sender's DKIM signature >> is either maintained without adulteration or "proxied" by the list so the >> transient trust can be carried through the mailing list intermediary to the >> destination (per Murray's note which I'm also going to respond to). That's >> my use case. By sharing this use case I'm not trying to deprecate or >> undermine John Levine's original use case. But there is a diversity of >> valid/appropriate behavior by mailing lists vis-a-vis DKIM that we need to >> consider (which is why I'm so pleased to see Mike H. take our discussion in >> this direction). >> >> -- Brett _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html