John R. Levine wrote: > Despite the valiant work that Murray has put into the MLM document, my > preference, which I doubt has any hope of gaining consensus, would be to > throw it away and replace it by one page that says > > a) many lists break signatures, which isn't going to stop > > b) so it would be nice if they signed their mail on the way out. > > Everything else is either too marginal to be worth worrying about, or not > a problem if a list's mail has a credible signature.*
Every time I read that, its just to too tempting to remind us of same outdated ill-advice as it was in RFC2821 section 7.1 par. 4: This specification does not further address the authentication issues associated with SMTP other than to advocate that useful functionality not be disabled in the hope of providing some small margin of protection against an ignorant user who is trying to fake mail. And the only thing we learned in the 10 years to update it with RFC5321 ... This specification does not further address the authentication issues associated with SMTP other than to advocate that useful functionality not be disabled in the hope of providing some small margin of protection against a user who is trying to fake mail. is that the user is no longer ignorant! I guess maybe we can rephrase it for DKIM: This specification does not further address the authentication issues associated with MLM other than to advocate that useful unrestricted resigning functionality not be disabled in the hope of providing some small margin of protection against an ignorant domain who is trying to submit fake mail. Maybe we should remove "ignorant" so it still applies 10 years later. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html