FWIW, I agree with Arnt on this one. In fact the case has yet to be made that
DKIM-based whitelisting of list mail is more than a nice-to-have; per-user
whitelisting on the basis of List-id alone along with the usual checks for
blatent viruses and whatnot seems to work pretty well.
Currently, I agree with you. But if List-ID always meant to skip the
DMARC rejection checks, how long would it take for every paypal.com phish
to include a List-ID? Presumably competent filters would subsequently
catch it, but it would make DMARC, which is intended to be a cheap
anti-phish technique, totally pointless.
Per-user whitelisting on List-ID strikes me has having horrible scaling
issues. How can we know who's subscribed to what? Or if we plan to know
what List-ID's to believe, we're back at a shared mailing list whitelist.
Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822