On 14 Apr 2014, at 02:59, Doug Barton <dougb(_at_)dougbarton(_dot_)us> wrote:
Meanwhile, I'm still not proposing that we train users, or even anti-spam
software to "recognize" or "validate" mailing list addresses. What I'm
proposing is a way to send mail from a list with From: @domain-of-list.tld so
that it can pass DMARC/SPF/DKIM, and allow the left side of the @ sign to
identify the actual sender of the message.
I agree. In fact, I'm resigned to it already. OTOH, you'll find the idea
unpopular around here. :)
FWIW: I really do believe it is a great shame that DMARC misplaces the burden
so profoundly. Also, I've stopped caring--the fact is that given the choice of:
1. Authenticate every message from everybody without discrimination, at the
cost of making mailing lists a lot less like they were in the Good Old Days (™)
and breaking a ton of compatibility
2. Authenticate only some messages, discriminating personal use from business
use (and sending conflicting messages about the trustworthiness of the From:
field to regular users) but making mailing lists from 1995 shine
I (and I expect lots of people) choose option 1.
We only need to upgrade the mailing list servers. The people who run those are
supposed to be competent--they can probably manage to upgrade to supported
software, or patch what they have. Mailing lists aren't popular any more
anyway. And this is a golden opportunity to bring some trust into Internet
mail. Let's do it.
Cheers,
Sabahattin