John R Levine wrote:
My point is, when coupled with a message replay, it doesn't need to
remail and sign a lot of spam. The mailing list can be a mechanism for
a spam message to gain a signature which is then replayed to a *lot* of
addresses (not just list subscribers). I'm concerned that there might
be enough potential damage to a domain's reputation to make people think
twice about hosting a mailing list. I'm not sure what the answer is
here; perhaps mailing lists need to (somehow) take weaker responsibility
for messages that pass through them.
I am at a loss to understand why people keep proposing schemes that have
no utility other than to help give a free pass to various kinds of spam.
Who is proposing a scheme here? I said I'm not sure what the answer is.
By the way, this issue is not unique to list mail. If I write to you from
my throwaway Hotmail account and ask "This is Betty Sue. Are you the guy
who left me at the altar ten years ago?" and you write back and say "no,
I'm not, I never heard of you", and I then rebroadcast a million copies of
your message, it's the same problem.
Sure; that's discussed in section 9.1.4 of the IIM draft. Mailing lists
are another way to get the original message signed that isn't discussed
there.
-Jim