Meanwhile, I'm still not proposing that we train users, or even
anti-spam software to "recognize" or "validate" mailing list addresses.
What I'm proposing is a way to send mail from a list with From:
@domain-of-list.tld so that it can pass DMARC/SPF/DKIM, and allow the
left side of the @ sign to identify the actual sender of the message.
Yes, that's the 1980s percent hack. Do you really think it's a good
idea to reinvent it to get around the defects of the FUSSP du jour?
I agree that it's not plausible to train people to recognize mailing
list addresses. But what you're proposing is to train people to be
phished, by telling them that a rewritten address from something that
looks sort of like a mailing list is equivalent to whatever the
original address was. Given that DMARC is supposed to be an
anti-phishing tool, this completely defeats the point.
R's,
John