John Levine wrote:
Maybe one solution to the mailing list problem would be to approach
from a different angle. Would it be possible, for verification etc
purposes, to consider mailing list traffic to have come from the
mailing list not the person who submitted to the list?
That's the only sensible approach.
When I subscribe to a list, I do so because I want mail from the list,
and I have enough confidence that whoever runs the list will take care
to manage the traffic and keep the list worth reading. I may bozo
filter the occasional contributor, but that's because they're bozos,
not because they're forged. Lists have all sorts of way to verify
incoming traffic, from return address validation to challenges to
manual moderation. That's not going to change, although of course
DKIM will be a fine way to improve address validation on incoming
mail.
This probably works find for small domains where you --being the mail
admin --
know all of the lists your users subscribe to and can make some educated
guesses as to which lists are naughty and nice. From our deployment at
Cisco,
I can say without question that I only have the vaguest idea about a very
small subset, and no clue whatsoever for lots of them. To expect that there
be a good-mailkeeping seal of approval that involves wet rather than
software
is... unrealistic.
I have trouble envisioning a use model that demands that lists pass
through incoming signatures. As best I can figure it out, list
managers, who have spent the last decade developing ways to keep junk
off their lists, will suddenly give up, let the spam gush through
unimpeded, and list recipients will have to do all the filtering.
Good thing that this is a false dilemma then.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html