ietf-asrg
[Top] [All Lists]

Re: [Asrg] Triple opt-in, was MLMs and signatures again

2011-05-27 17:21:01
On Fri, May 27, 2011 at 1:17 PM, Alessandro Vesely <vesely(_at_)tana(_dot_)it> 
wrote:

On 27/May/11 18:29, John R. Levine wrote:
2) do we need a mechanism to alert the receiving MTA that you have
subscribed to a mailing list, and all messages should pass through?

Yes, desperately.

Certainly a possible feature, but it seems like it won't scale very
well.

Why not?

If I were a spammer, I would tell the victim's MTA that the victim
subscribed, then send the spam.


But you couldn't do that, as the spammer, because such a feature belongs in
the per-user-database parts of the hypothetical future extended/hybrid
MTA/MDA with the feature. Proper debate on this feature should be about how
to present the feature to the end-user, not on an insecure external wire
protocol. Such as, how much reputation does a mailing list need before it
gets to skip the "New mailing list subscription? Click here to approve!
Futur-eMail, relaxing your eyeballs since 2015" kind of end-user approval
step.  Current mailing list headers provide plenty of information to
automate that decision on the receiving side, and have for over a decade,
especially when listserv IP addresses are included in the data.

In my opinion, trying to automate confirmation of opting in with some kind
of mailing list extension protocol proposal is something of a non-starter
for other reasons too, primarily the installed base problem. Unless you
really really want to disenfranchise independent mailing lists because
you're a consortium of Big Mailing List Providers and want to make the few
remaining independent mailing lists that haven't already migrated to, for
instance, google groups, convert.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
<Prev in Thread] Current Thread [Next in Thread>