On 5/1/2014 12:48 PM, John Levine wrote:
Note that historically, mailing list operators have been resistant to
the imposition of technical or operational changes.
I think you're overstating things a little. I am very unsympathetic
to changes that would require retraining all my users, e.g., putting
the list address on the From: line. Technical changes that don't mess
up the users are no more of an issue than any other software upgrade
is to a small volunteer site. In particular, I've never seen anyone
opposed to adding DKIM signatures to help recipient systems recognize
the lists.
Don't confused silence with agreement.
Nonetheless, there has been new mail security related world needs for
a long time now, and everyone has to adjust too. That includes
Mailing List Server software developers and list operators, especially
when you want to change it for resigning and totally ignore the 9+
years of Author Domain signature protection methodologies. Thats pure
ignorance of mail integration needs. You changed the list system by
adding DKIM. That comes with baggage you refused to deal with.
All software product developers, commercial or otherwise, for many
list operations, not just one list operator which his own deployment
views, but all of them, has to support and honor DKIM signing policies
as well. I personally MUST because its the sound mail engineering
thing to do, but I'm happy with a SHOULD. However, you have been
preaching MUST NOT, and this not right.
You can't have it both ways, John. MLS software also must ADAPT or
they are just as bad the bad guys using legacy mail software or legacy
methodologies with the idea that backward compatibility will always
available to sneak in with.
With DKIM, we raised the bar, the only way to protect the signature is
with an originating author domain policy method.
The industry has forced the issue John and I happen to believe it was
the right way to do it to begin to address the massive abuse of aged,
spam-pulluted domains.
--
HLS