On Wed, Apr 16, 2014 at 1:57 PM, John R Levine <johnl(_at_)taugh(_dot_)com>
wrote:
How do I distinguish the nice mailing lists at ietf.org from random evil
spammer domains sending spam with List-ID headers?
Every proposal I've seen like this ends up tripping over the fact that
there is no technical way to distinguish between mail from real mailing
lists and spam that looks like it's from mailing lists. Hence you need a
whitelist for the real mail, at which point all of the mechanism beyond the
key for the whitelist (probably a DKIM signature) is superfluous.
Let's assume for the moment that a whitelist is the only option. (Pete
made a different suggestion that I haven't read fully yet, for example.)
Do you envision each operator maintaining its own whitelist, or one or more
public registries of them, or something else?
It may be the case that it's the only way, but if so, then someone needs to
write down some how-tos on this as well. May as well begin to develop that
idea.
-MSK