[Mailman-Developers] dkim-signature headers

Barry Warsaw barry at python.org
Wed Feb 7 16:18:00 CET 2007

Hash: SHA1

On Feb 7, 2007, at 1:39 AM, Stephen J. Turnbull wrote:

> Certainly.  What we really want is policy agents that are smart enough
> to say to the user
>   This message has a signature which verified successfully and one
>   which failed.  According to the Received trace and the List-Id
>   header, and correlated with the SENDER_IS_MAILMAN_BOUNCE heuristic,
>   the successful signature was added by the Mailman Users mailing
>   list.  The wooz.1april signature failed.
>   In similar cases in the future for this mailing list, should I
>   (o) Rely on the verified signature and silently accept the message
>   ( ) Ask how to treat the message
>   ( ) Silently discard the message
>   [[Accept this message]]  [Discard this message]

Part of me agrees that this is what you'd like to see, but my gut  
tells me that this will never work in practice.  First, no one but an  
email geek will even understand the question, let alone know how to  
answer it, and second, I fear that most u/i's and policy engines will  
boil this down to a very simple choice for the user:

     This message is unverified

     [Accept] [Discard]
     (o) Do the same for all similar messages

- -Barry

Version: GnuPG v1.4.5 (Darwin)


More information about the Mailman-Developers mailing list