[Mailman-Developers] Subscription Authentication.

[Terri Oda]

+1. 

We were also discussing this at LinuxCon, and OAuth or similar paves the 
way to some other nice things, like easier single sign on/integrated 
systems, and an easier way to handle using the archives like a web forum 
to allow participation by those who prefer that mode of communication.

There was definitely interest in having a setup where people could 
mass-manage subscriptions to lists even when they're on different 
servers, which I hadn't thought of but can see the advantages for users...

Ian Eiloart wrote:
> Hi,
>
> We've been discussing mailing lists over on the ietf-dkim mailing 
> list, and the issue of when a receiving MTA should trust mail from a 
> list.
>
> I had an idea, though it's only vaguely formed:
>
> It would be nice if a list server would verify subscription requests 
> using OAuth, Windows Live ID Delegated Authentication, or similar. 
> Perhaps instead of the usual verification by email.  If 
> <http://fingerprintapp.com/email-client-stats> is accurate, that's 
> about 35% of email users with Gmail, Yahoo, and Hotmail.
>
> If that happened, then then the subscriber's mail system has a chance 
> of understanding that the subscriber has, indeed, subscribed to the 
> list. At that point, the receiving mail system might whitelist mail 
> from that list, provided that it had a good DKIM signature, or an SPF 
> pass, perhaps.
>
> One might even build some sort of federated list management 
> infrastructure, so a user could go to one site to manage all their 
> Mailman3 mailing list subscriptions. With some kind of future 
> standard, perhaps other MLMs could join the party later.
>