[Mailman-Developers] [dkim-dev] dkim and email list software - potential solution
Dave CROCKER
dhc at dcrocker.net
Tue Sep 29 21:10:50 CEST 2009
wow. more than 16 hours and no one has posted anything.
Daniel Black wrote:
> 2. The author's email infrastructure DKIM signs the email message and
> publishes a ADSP dkim record saying 'I sign all messages for this domain'
> 3. The message is received by the email list
I'm going to respond without getting into any of the ADSP emotional debate.
ADSP is what it is. DKIM is what it is. You are asking a legitimate question
about a potential scenario that seems likely to occur.
If someone registers an ADSP record that says that any failed or absent
signatures should cause the message to be dropped, they are responsible for
making the assertion and for its consequences.
The presumption behind this bit of mechanism is that the ADSP registrant knows
enough, and can control enough, to produce the desired outcome.
The scenario you are exploring demonstrates a case in which they were wrong.
I think it a mistake to ask intermediaries to fix the effects of their own
legitimate actions, really caused by inappropriate policy choices of an
organization earlier in the handling sequence.
The core problem, here, is that the signing organization asserted a generality
that was incorrect. It's not your job to hack your system or the messages you
process to try to fix their mistaken generality.
d/
ps. There are cases of SPF -a being set incorrectly, and it didn't even take a
mailing list to create undelivered mail. The solution is to change the -a
setting, rather than try to hack around it.
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the Mailman-Developers
mailing list