This isn't really a reply.
It's a comment that Steve's note was sent a week ago and I'm frankly impressed
that it has received no replies, since it contains the most salient
observations
about the current problem being discussed I've seen.
I've included all of its body in this posting, in the
On 27/Apr/10 22:38, Jeff Macdonald wrote:
The From header field MUST be signed (that is, included in the h=
tag of the resulting DKIM-Signature header field).
http://tools.ietf.org/html/rfc4871#section-5.4
(see also http://tools.ietf.org/html/rfc4686#section-4.1.15)
ah, I thought
On Wed, Apr 28, 2010 at 3:09 AM, Alessandro Vesely ves...@tana.it wrote:
On 27/Apr/10 22:38, Jeff Macdonald wrote:
The From header field MUST be signed (that is, included in the h=
tag of the resulting DKIM-Signature header field).
http://tools.ietf.org/html/rfc4871#section-5.4
On 4/28/2010 10:36 AM, Jeff Macdonald wrote:
I think this has been covered before. And maybe I misunderstood you
again, but just to be sure:
From:some...@i-trust.com
DKIM-Signature: ... d=phisher-i-dont.com;
Say the signature validates. I'm pretty sure DKIM does not have any
assurances
On Sat, Apr 24, 2010 at 10:14 AM, Alessandro Vesely ves...@tana.it wrote:
Author signatures are special because the content of the From field
is displayed to recipients. Even if many lists claim copy rights et
cetera, the moral responsibility of a message rests with its author. I
think that's
On Fri, Apr 23, 2010 at 12:24 PM, McDowell, Brett bmcdow...@paypal.com wrote:
I've read through all the responses on the list but I'm responding to John's
original message because so much of the responses have made critical
assumptions about the nature of the FBL with Yahoo!.
John, can you
On 4/23/2010 1:58 PM, John Levine wrote:
The problem isn't that Yahoo is doing anything wrong. The problem
is that leaving signatures on list mail leads to bogus results.
It is bogus for a random mailing list manager to retain something it knows
nothing about?
Yahoo has imposed its own,
On 27/Apr/10 17:02, Jeff Macdonald wrote:
On Sat, Apr 24, 2010 at 10:14 AM, Alessandro Veselyves...@tana.it wrote:
Author signatures are special because the content of the From field
is displayed to recipients. Even if many lists claim copy rights et
cetera, the moral responsibility of a
On Tue, Apr 27, 2010 at 2:31 PM, Alessandro Vesely ves...@tana.it wrote:
On 27/Apr/10 17:02, Jeff Macdonald wrote:
On Sat, Apr 24, 2010 at 10:14 AM, Alessandro Veselyves...@tana.it wrote:
Author signatures are special because the content of the From field
is displayed to recipients. Even if
On 26/Apr/10 03:14, John Levine wrote:
I'm willing to accept a signature with l= so long as it covers the entire
message. I agree that partial coverage is not practically distinguished from
no coverage.
I note you refer to /current/ --rather than possible or commendable--
practice: l=0
I'm willing to accept a signature with l= so long as it covers the
entire message. I agree that partial coverage is not practically
distinguished from no coverage.
I note you refer to /current/ --rather than possible or commendable--
practice
Sorry, I don't understand what you're trying to
On Apr 25, 2010, at 4:12 PM, Tony Hansen wrote:
I found this part of Allessandro's message somewhat scary. I thought we
got past the point where l=0 was considered a viable option for anyone
to use?
Unless receivers treat any DKIM signature with an l= field as an
unsigned message (or as a
Unless receivers treat any DKIM signature with an l= field as an
unsigned message (or as a sign of email that should be rejected
altogether) then l=0 is a viable option for senders to use.
I'm willing to accept a signature with l= so long as it covers the
entire message. I agree that partial
On 24/Apr/10 01:26, Murray S. Kucherawy wrote:
The question I was discussing wasn't about where to send abuse reports, it
was about whether or not to believe what was claimed by the authentication
data Y sent to Z. If Y says it saw a signature from X that validated, should
Z believe that
On Fri, Apr 23, 2010 at 5:03 PM, Michael Thomas m...@mtcc.com wrote:
Indeed, and if you review my previous mail I believe you will find
that's exactly what I said.
The problem isn't that Yahoo is doing anything wrong. The problem
is that leaving signatures on list mail leads to bogus
The problem here is that John apparently doesn't like the service
that Y! provides, and instead of taking that up with Y! he's
decided to blame it on DKIM.
Well, no. Please review my previous messages on this topic, and try
and read all the words.
R's,
John
--On 23 April 2010 04:34:16 + John Levine jo...@iecc.com wrote:
For anyone who's working on the list management BCP:
I sign all my outgoing mail, and I have a feedback loop set up with
Yahoo, which being very modern and advanced keys on signatures, not IP
addresses. A few days ago I
I sign all my outgoing mail, and I have a feedback loop set up with
Yahoo, which being very modern and advanced keys on signatures, not IP
addresses. A few days ago I sent some messages to one of the Freebsd
mailing lists. Today some Yahoo user who subscribes to that list hit
the spam
On 4/22/2010 9:34 PM, John Levine wrote:
For anyone who's working on the list management BCP:
I sign all my outgoing mail, and I have a feedback loop set up with
Yahoo, which being very modern and advanced keys on signatures, not IP
addresses. A few days ago I sent some messages to one of
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
boun...@mipassoc.org] On Behalf Of John R. Levine
Sent: Friday, April 23, 2010 9:39 AM
To: Ian Eiloart
Cc: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] Why mailing lists should strip DKIM
signatures
On 4/23/2010 6:50 AM, MH Michael Hammer (5304) wrote:
If John is making some assertion of responsibility for his message by
signing, what is the limit of his responsibility as the message flows through
the ecosystem? Where is the RFC that says his signature should be stripped?
Most
[grr, my ntpd keeps blowing off... sorry if this is a repost]
Dave CROCKER wrote:
On 4/22/2010 9:34 PM, John Levine wrote:
For anyone who's working on the list management BCP:
I sign all my outgoing mail, and I have a feedback loop set up with
Yahoo, which being very modern and advanced
Dave CROCKER wrote:
On 4/22/2010 9:34 PM, John Levine wrote:
For anyone who's working on the list management BCP:
I sign all my outgoing mail, and I have a feedback loop set up with
Yahoo, which being very modern and advanced keys on signatures, not IP
addresses. A few days ago I sent
On Fri, Apr 23, 2010 at 9:38 AM, John R. Levine jo...@iecc.com wrote:
I sign all my outgoing mail, and I have a feedback loop set up with
Yahoo, which being very modern and advanced keys on signatures, not IP
addresses. A few days ago I sent some messages to one of the Freebsd
mailing
If I understand correctly, you established a private arrangement with
Yahoo. Yahoo chooses to create a unique interpretation for the
presence of a DKIM signature, which treats it as an override to the
MailFrom.
No, of course not. This isn't a bounce, and the user didn't press
reply. He pressed
John, can you simply clarify the rules/logic of your FBL with Yahoo!?
That will clarify this scenario considerably.
It's just like the IP based FBLs that other mail systems have, only
keyed on DK or DKIM d= signing domains rather than IP addresses. I
tell them what my d= domains are, they send
I've read through all the responses on the list but I'm responding to John's
original message because so much of the responses have made critical
assumptions about the nature of the FBL with Yahoo!.
John, can you simply clarify the rules/logic of your FBL with Yahoo!? That
will clarify this
John Levine wrote:
John, can you simply clarify the rules/logic of your FBL with Yahoo!?
That will clarify this scenario considerably.
It's just like the IP based FBLs that other mail systems have, only
keyed on DK or DKIM d= signing domains rather than IP addresses. I
tell them what
sign, and doesn't strip any headers. So what happened? Yahoo saw my
signature and sent the reports to me, which was of course useless
since I don't run the list.
Not completely useless, right? The message did come from you. If it really
was spam, sent from your account, you'd be glad Yahoo
On Apr 23, 2010, at 9:41 AM, John Levine wrote:
There's no new semantics, deep or othterwise. Yahoo is treating the
signature as an assertion of responsibility -- it has my signature,
the recipient complained about it, they have reason to think I'm not
evil, so they sent me the complaint.
On Fri, Apr 23, 2010 at 9:45 AM, Dave CROCKER d...@dcrocker.net wrote:
On 4/23/2010 6:50 AM, MH Michael Hammer (5304) wrote:
If John is making some assertion of responsibility for his message by
signing, what is the limit of his responsibility as the message flows through
the ecosystem?
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
boun...@mipassoc.org] On Behalf Of Al Iverson
Sent: Friday, April 23, 2010 2:07 PM
To: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] Why mailing lists should strip DKIM
signatures
On Fri, Apr 23, 2010
MH Michael Hammer (5304) wrote:
But are you (people we can have a reasonable expectation that we can
somewhat trust to act responsibly) the rule or are you the exception?
I think I tend to agree with Steve. Notify all parties that assert
responsibility. That would include the author
-Original Message-
From: Murray S. Kucherawy
Sent: Friday, April 23, 2010 12:13 PM
To: 'MH Michael Hammer (5304)'; Al Iverson; ietf-dkim@mipassoc.org
Subject: RE: [ietf-dkim] Why mailing lists should strip DKIM signatures
Even without thinking of the FBL issues, I would want
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
boun...@mipassoc.org] On Behalf Of MH Michael Hammer (5304)
Sent: Friday, April 23, 2010 11:22 AM
To: Al Iverson; ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] Why mailing lists should strip DKIM signatures
But John made a private arrangement with Yahoo that if there was a
complaint about a mail and he DKIM signed it then Yahoo should send the
complaint to him as part of it's FBL offering. They did exactly what he
asked them to do.
Indeed, and if you review my previous mail I believe you will find
On Fri, Apr 23, 2010 at 3:58 PM, John Levine jo...@iecc.com wrote:
But John made a private arrangement with Yahoo that if there was a
complaint about a mail and he DKIM signed it then Yahoo should send the
complaint to him as part of it's FBL offering. They did exactly what he
asked them to do.
If I'm running a mailing list and I get a piece of signed mail, I'm
certainly not removing its signature. The signer's reputation should
suffer if people complain, or benefit in the absence of a complaint.
Well, gee, in that case since I don't control or even know the way you
manage your lists,
Al Iverson wrote:
On Fri, Apr 23, 2010 at 3:58 PM, John Levine jo...@iecc.com wrote:
But John made a private arrangement with Yahoo that if there was a
complaint about a mail and he DKIM signed it then Yahoo should send the
complaint to him as part of it's FBL offering. They did exactly what
-Original Message-
From: John Levine [mailto:jo...@iecc.com]
Sent: Friday, April 23, 2010 2:34 PM
To: ietf-dkim@mipassoc.org
Cc: Murray S. Kucherawy
Subject: Re: [ietf-dkim] Why mailing lists should strip DKIM signatures
If I'm running a mailing list and I get a piece of signed
If you begin to get complaints because you are on some list whose owner
isn't bothering to conduct list hygiene, I would imagine you'd
ultimately unsubscribe from the list and find or create another one
that's properly managed.
I am about 99% certain that the FBL reports that started this
-Original Message-
From: John R. Levine [mailto:jo...@iecc.com]
Sent: Friday, April 23, 2010 4:04 PM
To: Murray S. Kucherawy
Cc: ietf-dkim@mipassoc.org
Subject: RE: [ietf-dkim] Why mailing lists should strip DKIM signatures
I am about 99% certain that the FBL reports that started
On 4/23/10 4:04 PM, John R. Levine wrote:
I am about 99% certain that the FBL reports that started this discussion
were either a guy who wanted to unsub from the list, or he reported his
whole inbox. Nearly all of the FBL reports I get are one or the other,
but this was the first time I got
I think you nailed it: It's an unexamined assumption. But so, to me
at least, is the assertion that an author signature to a list is a
bad idea for senders and will only serve to confuse verifiers. I'd
like to see some data collected from such systems before I'm willing
to agree or disagree with
For anyone who's working on the list management BCP:
I sign all my outgoing mail, and I have a feedback loop set up with
Yahoo, which being very modern and advanced keys on signatures, not IP
addresses. A few days ago I sent some messages to one of the Freebsd
mailing lists. Today some Yahoo
45 matches
Mail list logo