On Mon, 8 Aug 2011, Douglas Otis wrote:
The concept behind the TPA scheme was to enable services on behalf of
senders that lack requisite staffing to support this level of policy
effort when using open-ended third-party services. The list of open
I don't see how that can work anytime soon for the use-case that concern
me, that of ordinary end-users at a consumer ISP posting to mailing lists.
I suppose you could implement a central whitelist of mailing lists, but
some mailing lists are easier to forge than others. If a weak mailing
list gets on to the whitelist, then you have a policy just as easy to
bypass as except-mlist. But if a mailing list *that people actually use*
can't get on the whitelist, you have false positive rejections.
Why should white-listing mailing-lists or open third-party services
become a burden for the recipient or their administrator? Better
I'm not seeking to *impose* that burden as a sender, I'm looking for the
opprotunity to *accept* that burden as a recipient, so as to reduce my
incoming false negative rate.
Many recipients can't take up the burden, and thus cannot detect forgeries
of except-mlist domains. But they lose nothing compared to the world
with just "unknown" and "discardable". (I'm not counting "all" since it
is too vague...)
---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
NOTE WELL: This list operates according to