In article <6DD54672-A321-42A8-837C-0F5A85A2D796(_at_)dukhovni(_dot_)org> you
write:
It seems to me that catering to senders whose unsubscribe volume is so
high as to overwhelm their email systems should not be a priority.
People at large mail systems tell me it's a fact of life. Long before
this particular hack ever came up, they already had problems of
accidentally DoS'ing other mail systems by mistake when something
provoked a lot of responses. In any event, our goal here is to help
make mail less lousy, not to make a statement about how we think
people should design their systems.
Can you explain the DKIM requirement in more detail? Is the MUA required
to verify the DKIM signature? Or is it expected to alternatively trust
any Authentication-Results header?
That's an implementation detail. In the most likely implementations,
it's web mail so the MDA and MUA are all the same system.
What purpose does the DKIM signature
serve, if there is no required correlation between the authenticated "d="
value and the authority of HTTPS unsubscribe URI?
It gives the recipient system a handle to use to decide whether they
trust the message enough to use the list-unsubscribe and
list-unsubscribe-post. The postmaster at the world's largest mail
system has told me that this is useful to them.
What are the cross-origin risks in allowing the incoming mail to trigger
a POST to a URI of the sender's choice with sender selected parameters?
I would think that it's about the same as the GET that
List-Unsubscribe already can trigger. We've lived with that for nearly
two decades.
The Examples in Section 7 don't have anything resembling HMAC signatures
over the recipient + list data, or opaque nonces that identify both.
The examples in the upcoming -06 are slightly opacified.
R's,
John