- From: Amir Herzberg <amir.herzberg@gmail.com>
- Date: Mon, 19 Jun 2006 08:56:40 +0300
- To: Jeffrey Altman <jaltman@secure-endpoints.com>
- CC: public-usable-authentication@w3.org
Jeff, can you explain what were the causes for mailing list email failing DKIM and SPF? With DKIM, the expected problem is mangling by mailing lists e.g. of subject line, some headers (e.g. `from`), and sometimes of content (e.g. appending list data). The standard has mechanisms that are supposed to overcome all of these, so I wonder - was this the problem and how these DKIM mechanisms failed? Mailing lists are not supposed to create problem for classic SPF since it validates the MAIL FROM address, which is (normally) changed to point at the list anyway. So I wonder if the problems you had were with mailing lists that did not change MAIL FROM (some don't - which is a real pain to senders anyway, of course, regardless of spam), or with a filter that used SPF record to validate other email identifiers such as the PRA. If others have similar experiences, or if someone knows of a relevant study, I'll appreciate the details; I propose you send this directly to me to avoid cluttering the list (I can send summary to the list). Best, Amir Herzberg Jeffrey Altman wrote: > My e-mail server software supports both SPF and DK. > I attempted to utilize both but discovered that SPF > and DK miserably failed with mail relayed by mailing > lists. Given that I am subscribed to hundreds of > lists and I desire to receive mail that is sent via > the list servers and that I wish mail I send to be > received by readers of the lists, I turned both SPF > and DK off. > > The solutions are flawed because they do not permit > the continued use of common e-mail usage patterns. > I suspect more organizations would deploy a solution > that worked. > > Jeffrey Altman > > > James A. Donald wrote: > >> -- >> Why SPF and DK are not being used: >> >> Obviously, domains have no incentive to use SPF and/or >> DK unless email recipients filter on SPF and DK >> >> But users do not. >> >> Largely because they cannot. There are no filter tools >> that make good use of SPF and DK information. There are >> filter tools, but they are research demonstrations, >> rather than actually useful in reducing the spam in my >> inbox. >> >> What the filter should do, is as part of Bayesian >> filtering, observe that some messages get marked as >> spam, and others as ham, and conclude that if some mail >> that provably arrives from certain domains is ham, all >> mail that provably arrives from those domains is >> probably ham, generating a list of known good domains >> which it then uses to guess which emails are ham. It >> should also observe what domains usually provide >> evidence that email came from the domain it appeared to >> come from, and conclude that email without such >> evidence, purportedly coming from a domain that usually >> provides such evidence, is probably forged, therefore >> probably spam. SPF and DK information needs to be >> integrated with all other available information for >> filtering mail. >> >> The widespread deployment of such filters would give >> mail server administrators reason to support SPF and DK. >> They would DK their outgoing mail in order to get their >> domain on the known good list. At present they have no >> such incentive, and so are not supporting SPF or DK. >> >> --digsig >> James A. Donald >> 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG >> CAbCqOSgym8Up02XNnb1alzFW4VBYsBpa/7xjkfS >> 4pjb+C/KVowMqXdI49IgPIpZ4kB3ulWsslp3qz+jm >> >>
Received on Monday, 19 June 2006 06:24:00 UTC