John R. Levine wrote:

> Despite the valiant work that Murray has put into the MLM document, my 
> preference, which I doubt has any hope of gaining consensus, would be to 
> throw it away and replace it by one page that says
> a) many lists break signatures, which isn't going to stop
> b) so it would be nice if they signed their mail on the way out.
> Everything else is either too marginal to be worth worrying about, or not 
> a problem if a list's mail has a credible signature.*

Every time I read that, its just to too tempting to remind us of same 
outdated ill-advice as it was in RFC2821 section 7.1 par. 4:

    This specification does not further address the authentication issues
    associated with SMTP other than to advocate that useful functionality
    not be disabled in the hope of providing some small margin of
    protection against an ignorant user who is trying to fake mail.

And the only thing we learned in the 10 years to update it with 
RFC5321 ...

    This specification does not further address the authentication issues
    associated with SMTP other than to advocate that useful functionality
    not be disabled in the hope of providing some small margin of
    protection against a user who is trying to fake mail.

is that the user is no longer ignorant!

I guess maybe we can rephrase it for DKIM:

    This specification does not further address the authentication issues
    associated with MLM other than to advocate that useful unrestricted
    resigning functionality not be disabled in the hope of providing
    some small margin of protection against an ignorant domain who is
    trying to submit fake mail.

Maybe we should remove "ignorant" so it still applies 10 years later.

Hector Santos, CTO

NOTE WELL: This list operates according to

Reply via email to