Re: DMARC: perspectives from a listadmin of large open-source lists

ietf

Re: DMARC: perspectives from a listadmin of large open-source lists

2014-04-16 09:09:45

..., you 
could create a mechanism where the originator's site gets some sort of 
cryptographic data from the mailing list site and include that in its 
signed message, such that when the eventual recipient gets the message, 
it can verify that it came from a mailing list site that the originator 
explicitly sent the mail to.


The Sympa list manager implemented that in what appears to be a fully
RFC compliant way about a decade ago:

http://www.sympa.org/manual/x509

I don't get the impression it's very widely used.

Every discussion list security proposal I've ever seen includes
building a whitelist of trustworthy mailers, to avoid being spoofed by
bad guys that look like discussion lists but aren't.  Once you've done
that, I've never understood the threat model of anything more complex
than delivering the mail from the whitelisted sources, perhaps after a
cursory check to ensure that it looks like the mail you were
expecting.

R's,
John

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: DMARC: perspectives from a listadmin of large open-source lists, (continued) Re: DMARC: perspectives from a listadmin of large open-source lists, John C Klensin Re: DMARC: perspectives from a listadmin of large open-source lists, Dave Crocker Re: DMARC: perspectives from a listadmin of large open-source lists, John C Klensin Re: DMARC: perspectives from a listadmin of large open-source lists, Pete Resnick Re: DMARC: perspectives from a listadmin of large open-source lists, Hector Santos Re: DMARC: perspectives from a listadmin of large open-source lists, Brian E Carpenter Re: DMARC: perspectives from a listadmin of large open-source lists, Theodore Ts'o Re: DMARC: perspectives from a listadmin of large open-source lists, Pete Resnick Re: DMARC: perspectives from a listadmin of large open-source lists, Michael Richardson Re: DMARC: perspectives from a listadmin of large open-source lists, Miles Fidelman Re: DMARC: perspectives from a listadmin of large open-source lists, John Levine <= Re: DMARC: perspectives from a listadmin of large open-source lists, John Levine Re: DMARC: perspectives from a listadmin of large open-source lists, Sabahattin Gucukoglu Re: DMARC: perspectives from a listadmin of large open-source lists, Miles Fidelman Re: DMARC: perspectives from a listadmin of large open-source lists, Miles Fidelman Re: DMARC: perspectives from a listadmin of large open-source lists, Doug Barton Re: DMARC: perspectives from a listadmin of large open-source lists, Dave Crocker Re: DMARC: perspectives from a listadmin of large open-source lists, Miles Fidelman Re: DMARC: perspectives from a listadmin of large open-source lists, Doug Barton Re: DMARC: perspectives from a listadmin of large open-source lists, Miles Fidelman RE: DMARC: perspectives from a listadmin of large open-source lists, MH Michael Hammer (5304)

Previous by Date:	RE: DMARC and yahoo, MH Michael Hammer (5304)
Next by Date:	Re: "why I quit writing internet standards", Yoav Nir
Previous by Thread:	Re: DMARC: perspectives from a listadmin of large open-source lists, Miles Fidelman
Next by Thread:	Re: DMARC: perspectives from a listadmin of large open-source lists, John Levine
Indexes:	[Date] [Thread] [Top] [All Lists]