On 08/03/2010 02:02 PM, Hector Santos wrote: > Rolf, > > It seems much easier for MLS (Mail List Servers) to preempt > restrictive ADSP Domains from subscribing and from submitting mail to > the list enabled with DKIM resigning. > > Follow the specification and apply it accordingly using engineering > sense. No Subjective concepts. We need persistent expectations across > the board. The problem here is that list managers what to sign > everything with disregard to policy. There is no way you going to get > > DKIM+POLICY+MLS > > correct. Something has to give. Support policy is an answer, getting > rid of it is another so that at least everyone can work under the same > plane. > > It would easy to add new common sense options to our list server such: > > List DKIM/ADSP options: > > [X] DKIM Sign this list > > [CLICK FOR DKIM SIGNING OPTIONS] > > [X] Disallow ADSP DISCARDABLE domains from subscribing. > [X] Disallow ADSP DISCARDABLE domain list submissions. > > [X] Send Notification to domain for ADSP=DISCARD Policy > restricted subscription or submissions. > > [EDIT NO-ASDP-ALLOW-SUBSCRIPTION TEMPLATE] > [EDIT NO-ASDP-DISCARD-SUBMISSIONS TEMPLATE] > > The template #1 would probably say: > > Dear {MSG.FROM} > > Sorry, but you can not subscribe to this list using > a restricted ADSP DKIM=DISCARDABLE policy for your > domain. If we had accept your subscription, there is > risk of harming the subscription status of other members > already on the list. We don't wish to do that. > > Remedies: > > 1) Remove the DKIM=DISCARDABLE ADSP policy or change > ADSP policy to DKIM=ALL and reapply to subscribe > to the list. > > 2) Use another domain that isn't ADSP restricted. > > The template #2 would probably say: > > Dear {MSG.FROM} > > Sorry, message submission to this list is restricted to > domains with non-ADSP DISCARDABLE policies only. > If we had accepted it, there is risk of harming the > subscription status of other members of the list. We don't > wish to do that. > > Remedies: > > 1) Remove the DKIM=DISCARDABLE ADSP policy or change > ADSP policy to DKIM=ALL and resubmit your message. > > 2) Use another domain that isn't ADSP restricted. > > I can't remove popular features even if I wanted to and I seriously > doubt any RFC will change this for most systems: > > [X] Add [LIST] Tag to Subject Line > [X] Add Footer [EDIT FOOTER TEMPLE] > [X] Set Reply-To to List address > [_] Strip HTML > [_] Strip Attachments > > and all other inherent integrity breaking ideas in MLS software and > used by MLM (Mail List Managers). > > We need to fit DKIM/POLICY into the system. Not fit the SYSTEM into > DKIM/POLICY. -1 towards ideas of altering 5322.From lines which will > only open a nasty can of worms. We would be breaking all kinds of > Authorship From expectations, including touching base with copyright > related issues. > > Or get rid of POLICY if its hurting DKIM implementation for list > servers. Working it to standardization yet list managers with DKIM > resigners intentionally ignoring it is not going to work very well. > Not supporting it is one thing, yet allowing ADSP domains to submit > mail is another thing. It doesn't mix well. > > If this becomes the behavior what will happen is SMTP systems will be > force to accept mail to discard it. They won't be be able to reject > mail at the transport level because that will promote a bounce towards > the list server and this will hurt members of the list. > > We can't dictate to SMTP developer and operators not to employ session > level rejections. >
My proposal was and is _not_ aimed at ADSP and _not_ at policies in general. The proposal only identifies a means to make MLMs (and re-signers in general) in a way 'transparant' for receivers of a mail. Nothing more, nothing less. /rolf _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html