All of this emphasis on complex designs for MLMs strikes me as a waste
of time, since it's a tiny corner of the mail space that has not
historically been a vector for abuse, and shows no sign of becoming one.
It may be tiny, but users will not tolerate the total destruction of
mailing list traffic, which is the inevitable result of any ADSP use at
both ends which is sufficent to block actual forgeries (without using
whitelists).
Good point. So it's two things, lists should sign outgoing mail, and
discard any incoming mail with dkim=discardable.
Since RFC 5617 says that discardable domains should not send mail to
lists, nobody who can read should be affected by that.
That's why my advice is that lists should sign their mail, which is
easy and at worst harmless, and we're done.
It's easy but useless, since the MLM doesn't have the private key
needed to create a *relevant* signature.
Hmmn. I'm not sure what you're talking about here, but since neither DKIM
nor ADSP say anything about "relevant" signatures, it can't be either of
them.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html