You asked for an example. The point is, if mailing lists are that
trivially spoofable, it will become a much bigger problem.
It finally occurred to me why the entire issue of spoofed mail via lists
will never be a problem for mail recipients -- it's a problem that matters
to list managers, so it's one that they will solve if and when they need
It's often been noted how hard it is to get the Net at large to upgrade
their software. That's entirely true so long as the software works well
enough for its users. When it doesn't, they upgrade pronto. So back in
the 90s when spammers started sending spam through mailing lists, the list
managers didn't say "duh, I guess the subscribers will have to sort it
out." They fixed their software to keep the bad guys out, mostly by
changing to subscriber-only posting which has so far been adequate to
chase the spammers away. Even though it's been possible for about the
last eight years to spoof mail from subscribers, spammers haven't bothered
so list managers in turn haven't bothered to put in stronger defenses.
If at some future time bad guys do forge mail from subscribers, list
software will adapt again. I don't know how it'll adapt. Mj2, which I
know about since I use it, can send per-message challenges or require a
password on the first line of the message. Sympa can use S/MIME
signatures. No doubt other software will do other stuff. But since a
list full of spam is of no use to anyone, the list managers will deal with
it, or the subscribers will lose interest and unsubscribe. Whichever way
it works out, people in the future aren't going to be getting enough spam
through lists to matter, for the same reasons they don't now.
For the example of spam filters mutating messages as they're forwarded to
recipients, again, if it's important to the users, the software will adapt
since the spam filters are there for the recipients. For example, when
spamassassin wraps a spam as a MIME part, it adds an essay at the front
explaining why it did what it did. The essay can already contain info
about incoming SPF, and if the signature schemes ever settle down and
people are interested in them, it'll add signature info, too.
By the way, Yahoo tells me that about 3/4 of their outgoing list mail is
HTML, and I have observed that the HTML mail is all modified in ways that
header copying and byte counts can't handle. A significant amount of
mail, maybe 20%, is turned from plain text to HTML on the way through
because that's what the recipients asked for. So it's fortunate that
there's no need for signatures to survive list software, since they can't.
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.