ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] MLMs and signatures again

2011-05-27 11:33:41
2) do we need a mechanism to alert the receiving MTA that you have
subscribed to a mailing list, and all messages should pass through?

Yes, desperately.

Certainly a possible feature, but it seems like it won't scale very well.

Why not?

If I were a spammer, I would tell the victim's MTA that the victim 
subscribed, then send the spam.

These days most subscriptions are entered on a web page, and if you're 
lucky the mailer will send a confirmation message with a URL that sends 
the subscriber back to the web page.  Where's the MTA going to get the 
subscriber info? The challenges in designing a protocol that neither makes 
unreasonable demands on users and MUAs nor is easily spoofed by hostile 
mailers seem insurmountable to me.  If you're planning to keep a 
reputation database of mailers who send credible subscription 
announcements, why not just whitelist their mail?

Since as far as I know nobody does this, it's a resarch topic, so I've 
directed replies to the ASRG.  See you there.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html