Re: Last Call: <draft-levine-herkula-oneclick-04.txt> (Signalling one-click functionality for list email headers) to Proposed Standard

"John Levine" <> Tue, 20 September 2016 17:51 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AE25412B132 for <>; Tue, 20 Sep 2016 10:51:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id TW7Uo7xmwF2c for <>; Tue, 20 Sep 2016 10:51:45 -0700 (PDT)
Received: from ( [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 08E3F12B129 for <>; Tue, 20 Sep 2016 10:51:44 -0700 (PDT)
Received: (qmail 92316 invoked from network); 20 Sep 2016 17:51:41 -0000
Received: from unknown ( by with QMQP; 20 Sep 2016 17:51:41 -0000
Date: 20 Sep 2016 17:51:21 -0000
Message-ID: <20160920175121.85977.qmail@ary.lan>
From: "John Levine" <>
Subject: Re: Last Call: <draft-levine-herkula-oneclick-04.txt> (Signalling one-click functionality for list email headers) to Proposed Standard
In-Reply-To: <>
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 20 Sep 2016 17:51:47 -0000

>I think there is a better reason to use HTTP(S) rather then email.

Nothing personal, but for interop purposes, the opinions of ops people
at large mail systems matter a lot more than your opinion or mine.

>> told me that they will only do one-click on signed mail.  So senders
>> MUST sign it so they can, you know, interoperate.
>The draft fails to explain that this is *sender* obligation.

I'm having trouble imagining someone implementing this who doesn't
already know that senders put on the DKIM signatures, but I've
twiddled the language in the draft to make the DKIM MUST clearer.

>>> I would strongly suggest that there be a requirement to include an
>>> "Origin: mailto:<envelope-sender>" header ...

>I am not talking about mailers wanting or not wanting this.

Yes, that's clear.  Like I said, if there is a shred of evidence that
anyone would actually use this extra non-standard header, I'd be happy
to think about it.  Once again, this goal of this draft is to enable
people to interoperate, not to tell them how you or I think they
should run their systems.