On 23/Sep/10 21:16, John R. Levine wrote:
All of this emphasis on complex designs for MLMs strikes me as a waste
of time, since it's a tiny corner of the mail space that has not
historically been a vector for abuse, and shows no sign of becoming one.
It may be tiny, but users will not tolerate the total destruction of
mailing list traffic, which is the inevitable result of any ADSP use at
both ends which is sufficent to block actual forgeries (without using
whitelists).
That's why my advice is that lists should sign their mail, which is
easy and at worst harmless, and we're done.
It's easy but useless, since the MLM doesn't have the private key
needed to create a *relevant* signature.
Inventing an "LDSP" to allow lists to indicate that certain List-Id:s are
always associated with signatures would not be a total waste of time. But
it cannot solve the "mailing list problem" alone, because the badguys
would do their mischief using "lists" with List-Id:s in domains they
control. They'd have the private key, so their bad-mails would trivially
pass "LDSP".
The missing piece is a whitelist of List-Id:s to trust. If each mailbox
has a custom whitelist covering only lists the user subscribed to, there
is a significant security-by-obscurity effect that means one is likely to
"get away" with trusting a list that is forgeable. "LDSP" would make
things more reliable, but would never be the essential component.
---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html