[Mailman-Developers] Two more DMARC mitigations
John Levine
johnl at taugh.com
Sun Jun 15 00:21:06 CEST 2014
>>* Forwarding signature
>>
>>The IETF DMARC list is discussing a mutant weak DKIM signature from a
>>sending system (e.g. Yahoo and AOL) that would survive forwarding, but
>>contains a list of forwarding target domains. It's only considered
>>valid if it's with a signature from the forwarding domain, i.e., the
>>list.
>>
>>This is nice for list operators, since it requires nothing beyond
>>not stripping the signature header, and signing on the way out.
>
>How does this list of forwarding target domains get specified? Is this
>something the user has to do when they're sending the message?
It'd typically be the list domain, on the theory that lists will sign
their outgoing mail with their own domain. If lists aren't signed
with the list domain, some kludge would be required at the sending
end, but it's intended to be fully automated.
It is my impression, having talked to tech managers at several large
web mail providers this week, that if they could do something like this
without a huge amount of effort, they probably would. They'd probably
only add it on mail going to legitimate forwarders (for some
definitions of legitimate and forwarders) but the large web mail
providers already have a pretty good idea who those are.
R's,
John
More information about the Mailman-Developers
mailing list