[Mailman-Developers] [dkim-dev] dkim and email list software - potential solution
Douglas Otis
dotis at mail-abuse.org
Wed Sep 30 03:00:26 CEST 2009
On 9/29/09 12:10 PM, Dave CROCKER wrote:
> wow. more than 16 hours and no one has posted anything.
There are no good solutions. This feature was intended to cause
messages with their signatures damaged or missing to not end up in
someone's mailbox. Any domain making an ADSP discard assertion should
expect the domain will become usable on mailing lists. Such domains
should be limited to handling transactional emails.
Unfortunately, this view might lead to more phishing exploits whenever
alternative domains are then used by the same organization. When there
is nothing good to be said, perhaps the better choice is to say nothing.
Perhaps there should be a standardization for transactional
sub-domains and stringent requirements where ADSP transactions then
become superfluous. Where subdomains like secure, or
signed.somedomain.com versus somedomain.com might be used as a way to
establish a visual convention.
-Doug
More information about the Mailman-Developers
mailing list