On Fri, 19 Jun 2009 17:55:57 +0100, Douglas Otis
<dotis(_at_)mail-abuse(_dot_)org>
wrote:
On Jun 19, 2009, at 4:29 AM, Charles Lindsey wrote:
But either way, there is no suspicion that the A-R was added by the
spammer, or any other agent prior to the ML site, so no reason to
doubt the truth of what it attested (except for Conspiracy Theorists
who doubt everything - and the best way to placate Conspiracy
Theorists is to give them the evidence that proves their vivid
imaginations are wrong - in this case by signing the A-R header).
It dangerous to consider A-R headers of unknown origins as somehow
inherently safe......
Inless they are included in a signature.
An A-R record always includes an idication of the domain that purported to
have place it there. If it is signed by that same domain (as would be the
case in the scenarios we are discussing), then more reliance can be placed
on it (depending on your opinion of that signer - but you opinion of the
manager of a mailing list you have subscribed to is likely to be quite
high).
I agree that an unsigned A-R is dubious, but even then if it purports to
have been placed there by a domain which
a) the message has been passed through, and
b) you are prepared to trust to have removed any pre-existing bogus A-R
purporting to have been placed there by that domain
then it should be pretty safe (and this was indeed the case for the
example we were discussing).
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html