Bart Schaefer <barton(_dot_)schaefer(_at_)gmail(_dot_)com> wrote:
> Then the problem boils down to impersonating both an individual sender
> and a list to which he is supposedly subscribed. If a List-ID is
> present and the list exploder has re-DKIM-signed the message, a DMARC
> check that the message really did come through the list exploder should
> be enough?
Spammers started using mailing archives to find out *EXACTLY* this, in order
to forge From: lines that would get into mailing list filters. I first saw
this a few years ago. I'm not sure why it hasn't become a bigger problem.
DMARC processing on input to mailing lists certainly would help there.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr(_at_)sandelman(_dot_)ca http://www.sandelman.ca/ | ruby on
rails [
_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822