On Thu, Mar 18, 2004 at 06:11:26AM -0800, Hallam-Baker, Phillip wrote:
|
| > Right now we have conventions: we have majordomo-style
| > and listserv-style listname-request addresses or listname-unsubscribe
| > addresses, but the mailing list world lacks a consistent
| > machine-readable format for unsubscriptions.
|
| Don't we have that in the mailing list headers? There was a proposal
| that added an unsubscribe header some time ago.
|
| List-Archive: <http://www.imc.org/ietf-mxcomp/mail-archive/>
| List-Unsubscribe:
<mailto:ietf-mxcomp-request(_at_)imc(_dot_)org?body=unsubscribe>
| List-ID: <ietf-mxcomp.imc.org>
|
Another problem is that because these headers are subject to forgery,
the spammer can forge
List-Unsubscribe:
<mailto:ietf-mxcomp-request(_at_)imc(_dot_)org?body=unsubscribe>
which fools the MUA; putting that metadata into the SPF record moves
the announcement back into a space that's controlled by the purported
sender domain. You only want to trust a List-Unsubscribe if the message
itself passes RMX/DMP/LMAP/MXCOMP/MARID tests.