But I don't quite understand. Spammers don't care much who they send
to, and the bad ones just want to not have to process bounces (which is
why they use freemail or forged return paths). Surely if you do this
the spammers are just going to add enough headers in to look like a
"legitimate" mailing list, and thus force the user to take the action?
Forcing the user to take an action is not a bad thing. Everyone wants 100%
of their spam dropped with 100% of their valid mail delivered. Valid mail
is in the eye of the beholder...therefore, there requires beholder actions.
Dropping spam on a server before it's previewed via a client software or via
a browser has significant advantages.
I'm speculating, of course, but I don't think it will take long for
them to decide to do that if it gets widely implemented (spot the
number of spammers taking steps to bypass SpamAssassin now).
Some would argue that spammer would prefer receiving challenge messages and
auto-click any links within the message. Therefore, mimicking a mailing
list, thus disabling challenges, would mean that a user would just drop the
message without the spammer getting on the whitelist.
It can be argued either way..therefore a spammer will do both.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg