Hector Santos hsan...@isdg.net writes:
I would go further to suggest to remove the usage of the term
responsibility from the DKIM specification all together!
Why?
DKIM is no position today to provide any assurance to or for anyone to
be indemnified from liabilities.
I agree that it does
John R. Levine jo...@iecc.com writes:
DKIM support in an MUA? Yuck.
It's likely to be a long time before any MUA I use does anything with
DKIM, since I am not a fan of filtering mail while reading it.
An MUA does not have to do filtering in order to support DKIM. It could
display the
Ian Eiloart i...@sussex.ac.uk writes:
Oh, but I already know that my MLM is going to break any message with a
signed body. UK law practically mandates the addition of unsubscription
information in a message footer. We certainly require it locally.
Why does it have to be in the footer when
McDowell, Brett bmcdow...@paypal-inc.com writes:
BTW, one thing I think we can agree on and find value from in these
pre-deployment email discussions is terminology. I ran into a problem
at the last MAAWG during a panel discussion where my understanding of
3rd-party signature is what someone
Dave CROCKER d...@dcrocker.net writes:
DKIM and ADSP evaluation are not performed during an SMTP session, unless the
session is delayed after the crlf.crlf, and that's not supposed to happen.
Anyone using the opendkim sendmail/postfix milter will be doing this
checking during the SMTP
Scott Kitterman ietf-d...@kitterman.com writes:
There's a difference between claims to be from an MLM and From an MLM.
Today there isn't much value in making the claim, so no one bothers. It
would
be unfortunate if we recommended something that caused List-ID headers to be
less useful
Ian Eiloart i...@sussex.ac.uk writes:
So, in an ideal world, mail clients would expose the List-* headers
(especially the unsubscribe* header) in ways that are useful to the user,
and obviate the need for MLMs to mess with subject lines and bodies.
*In my view, MLMs are required in UK law
McDowell, Brett bmcdow...@paypal.com writes:
Priority: it's more important to us that cyber criminals not be
systemically enabled to leverage MLM systems to bypass email
authentication flows and consumer protection policies designed to
block their attacks... the attacks that, if not for the
Douglas Otis [EMAIL PROTECTED] writes:
DKIM signatures might be damaged by various gateways. Enterprise mail
gateways may perform Content-Type header fix-ups which damage a
signature, for example.
In which case they SHOULD be validating the DKIM signature before
performing the fix-ups. They
[EMAIL PROTECTED] (Wietse Venema) writes:
My point is that SSP alone cannot distinguish between mail from my
Bank and mail from a Criminal who pretends to be a slightly different
bank. It distinguishes only the stupid criminals who send mail in
the Bank's name without signature by the Bank.
Charles Lindsey [EMAIL PROTECTED] writes:
The scenario you need to consider is where A asserts a policy of I
sign everything, and sends a correctly signed message to some mailing
list B.
B can (and should) check that the signature is good, and is consistent
with A's policy, etc. But then B
Douglas Otis [EMAIL PROTECTED] writes:
The concept is to provide a text file in some standardized format
listing the domain to be avoided. An announcement might be made that
a change occurred to prompt administrators to update their
configurations based upon this list. I would not expect
Graham Murray [EMAIL PROTECTED] writes:
SPF operates on the RFC2181 envelope,
That should, of course, be RFC2821. I do not know what I must have
been thinking when I wrote that :)
___
NOTE WELL: This list operates according to
http://mipassoc.org
Jon Callas [EMAIL PROTECTED] writes:
You can say that you never send mail from a domain with SPF.
SPF operates on the RFC2181 envelope, so with SPF you can state that a
domain will never legitimately appear in the SMTP MAIL FROM: (or
EHLO). It offers no mechanism to say that the domain will not
Michael Thomas [EMAIL PROTECTED] writes:
Define exists. That there's an A record there?
That it has at least one of A, , MX, or CNAME records.
___
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
John Levine [EMAIL PROTECTED] writes:
He uses another domain in his return address, like Steve said. You
may carefully look at the return address in your mail, but most people
don't, and even if they do, bank marketing departments are unable to
resist the urge to invent a new domain for
Thomas A. Fine [EMAIL PROTECTED] writes:
So if the only way a domain can set a policy that permits* recipients
to drop unsigned or broken mail is to set a policy that it will
not use non-compliant mailing lists, then this is doomed to failure,
Maybe one solution to the mailing list problem
Damon [EMAIL PROTECTED] writes:
Should mailing lists sign messages?
The problem with mailing lists is that there are 2 identities which it
might be useful to verify. First that the message did actually come
via the mailing list, and the second is the identity of the person
submitting the
Michael Thomas [EMAIL PROTECTED] writes:
I really don't buy John's small lawfirm scenario unless he can swear
that none of their users or correspondents use Yahoogroups;
As Yahoo is supposed to be one of 'sponsors' of DomainKeys and DKIM,
should they not put their own house in order and fix
Dave Crocker [EMAIL PROTECTED] writes:
What is the reason for Historic, rather than Informational?
I am prety sure that historic has never been applied to a specification that
was
not previously an IETF standard. The usual means of labeling an RFC that
specifies a popular, proprietary
Jim Fenton [EMAIL PROTECTED] writes:
One concern is that this doesn't scale. I have heard one large
financial institution say that they have over 100 external senders of email.
Which in the current climate of phishing is probably not a very
advisable for a financial institution to do.
Douglas Otis [EMAIL PROTECTED] writes:
Those who are hoping what _may_ be visible to the recipient is being
checked will not want conformance based upon any other header. Of
course, what is visible remains within the control of the sender,
Surely not. What is visible is controlled by the
22 matches
Mail list logo