[Mailman-Developers] dkim and email list software - potential solution
Carson Gaspar
carson at taltos.org
Fri Oct 9 11:38:10 CEST 2009
Daniel Black wrote:
> On Thursday 08 October 2009 17:07:30 Stephen J. Turnbull wrote:
>
>> Wouldn't it be more straightforward (not to mention that it would work
>> for many more lists) to have an LDSP RFC, whose first draft simply
>> takes the ADSP RFC and substitutes "mailing list" for "author"
>> everywhere, and "RFC 2369 and RFC 2919 headers" for "From"? (The
>> point of multiple headers is that "active" headers like List-Subscribe
>> could contain bogus URLs.)
>>
> Doing so would allow List-* headers to be added by every spoofer, add their
> own signature and get immunity from spoofing every author domain while the end
> user doesn't notice because the List-* headers are hidden in the MUA (in most
> cases).
>
And this is different from sending signed mail From:
IAmScum at SpammersRUs.com how? If you're answer is "appearance in the MUA"
then the answer is to fix the MUA. Besides, any halfway decent anti-UCE
technology will quickly ban the signing domain, limiting any user impact
(although making life more difficult for mailing list admins without
aggressive anti-UCE measures of their own).
--
Carson
More information about the Mailman-Developers
mailing list