On 5/26/10 8:09 AM, SM wrote: > Hi Doug, > At 15:50 25-05-10, Douglas Otis wrote: >> It should be possible for sending domains to detect mailing-list >> conversations. When desired, they can then immediately publish >> third-party authorization labels to allow ADSP exceptions. The >> exception approach retains their ability to quickly mitigate any >> reported abuse. > I don't have a clue how to implement this. I can implement measures > for the mailing lists I am subscribed to but it doesn't scale. Due to > legacy reasons it would be impossible to "fix" the local-part anyway. See: http://tools.ietf.org/html/draft-otis-dkim-tpa-label-03
DKIM is a process handled by domain administrations, not individuals. The third-party label authorization method scales to _any_ practical level, and allows domain administrators a means to unilaterally resolve reported issue involving third-party services. Whether these issues relate to abuse or to refused and missing messages, the third-party authorization scheme offers an easy and low overhead solution. Perhaps in the future, mailing-list subscription acknowledgments could be standardized to trigger any needed third-party authorization. Of course, there should be facilities, such as user web pages, to deal with potential refusal issues proactively. Exchanges of DKIM keys with any number third-party services clearly does not scale, nor would this be practical. > The short answer I would give is that it is not possible for the > signer to detect mailing list conversations [1]. When the domain administration receives DSNs or MARFs indicating a problem, they should also be able to recognize whether it involves a trusted third-party service based upon content. A third-party authorization method offers a practical means to extend ADSP "all" with a method to mitigate possible disruptions. IMHO, "discardable" should be limited to domains not sending mail. As a side note: Rather than using ADSP "discardable", it would be better to a mandate the use of MX records. BNAME zones will soon make the use of address records to discover MTAs impossible. As such, the Address Record discovery should be depreciated. Secondly, Not delivering non-ADSP complaint email protects recipients, especially those sorting From headers, which is a technique that offers protection from look-alikes. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html