From: "Bart Schaefer" <schaefer(_at_)brasslantern(_dot_)com>
How would Choicelist or a similar scheme handle mailing lists that use
VERPs? Specifically those where the VERP token is regenerated at every
list delivery and hence differs even for the same recipient? (I believe
Yahoo! Groups has this behavior, for example, though I haven't checked
recently.)
Just to clarify, were you talking about Variable Envelope Return Paths?
That is a dilema. On the one hand that sort of dynamic address creation has
valid uses, but on the other hand that makes it impossible to verify each
address (a requirement for creation of a choicelist entry).
In this sort of special case it may be necisary to add a Choicelist header
pointing an entry with a wildcard description of the sending addresses that
will be used (without a header address based lookup might fail), as well as
a mandatory authentication mechanism (without authentication a header would
allow anyone to specify unsecured ids). Then there would have to be some
sort of proof that the person creating the entry was authorised to use all
of those addresses.
I personaly would not want that proof to be anything less than a notarized
statement detailing the wild-carding system and signed by the owner of the
domain to be used. If there are hundreds or thousands of different VERP
senders at a single domain it could get tricky and complicated, but in that
case the notarized page could detail an address to use to verify wildcarded
sender descriptions.
eg.. sender "string(_dot_)WILD(_dot_)WILD(_at_)example(_dot_)com should be verified by sending an
email to string(_at_)example(_dot_)com
So while this is a problem, i don't see it as insurmountable. Automated
systems can be created to interpret these addresses, and with verified
wildcard descriptions mail of this sort could be protected.
The only tough thing would be handling, verifying, and incorporating all the
notarized pages into the entry creation system.
I can see it already:
"please select an authorized wildcard type from the list for that domain"
John Fenley
_________________________________________________________________
Get MSN 8 and enjoy automatic e-mail virus protection.
http://join.msn.com/?page=features/virus
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg